]>
Commit | Line | Data |
---|---|---|
c06dbbab | 1 | /* |
22f13dce | 2 | * Copyright (C) 2009-2016 Tobias Brunner |
c06dbbab | 3 | * Copyright (C) 2006 Martin Willi |
22f13dce | 4 | * HSR Hochschule fuer Technik Rapperswil |
c06dbbab MW |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
552cc11b MW |
15 | */ |
16 | ||
17 | /** | |
18 | * @defgroup proposal proposal | |
2307bffe | 19 | * @{ @ingroup crypto |
c06dbbab MW |
20 | */ |
21 | ||
16b9a73c MW |
22 | #ifndef PROPOSAL_H_ |
23 | #define PROPOSAL_H_ | |
c06dbbab | 24 | |
382b4817 | 25 | typedef enum protocol_id_t protocol_id_t; |
382b4817 | 26 | typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; |
382b4817 MW |
27 | typedef struct proposal_t proposal_t; |
28 | ||
db7ef624 | 29 | #include <library.h> |
c06dbbab | 30 | #include <utils/identification.h> |
12642a68 | 31 | #include <collections/linked_list.h> |
2e7cc07e | 32 | #include <networking/host.h> |
433cb51b | 33 | #include <crypto/transform.h> |
68621281 MW |
34 | #include <crypto/crypters/crypter.h> |
35 | #include <crypto/signers/signer.h> | |
36 | #include <crypto/diffie_hellman.h> | |
1125a0be | 37 | #include <selectors/traffic_selector.h> |
c06dbbab | 38 | |
c06dbbab MW |
39 | /** |
40 | * Protocol ID of a proposal. | |
c06dbbab MW |
41 | */ |
42 | enum protocol_id_t { | |
dec59822 MW |
43 | PROTO_NONE = 0, |
44 | PROTO_IKE = 1, | |
45 | PROTO_AH = 2, | |
46 | PROTO_ESP = 3, | |
7a75cae8 | 47 | PROTO_IPCOMP = 4, /* IKEv1 only */ |
c06dbbab MW |
48 | }; |
49 | ||
60356f33 MW |
50 | /** |
51 | * enum names for protocol_id_t | |
c06dbbab | 52 | */ |
60356f33 | 53 | extern enum_name_t *protocol_id_names; |
c06dbbab | 54 | |
c06dbbab | 55 | /** |
552cc11b | 56 | * Stores a set of algorithms used for an SA. |
7daf5226 MW |
57 | * |
58 | * A proposal stores algorithms for a specific | |
8d77edde MW |
59 | * protocol. It can store algorithms for one protocol. |
60 | * Proposals with multiple protocols are not supported, | |
61 | * as it's not specified in RFC4301 anymore. | |
c06dbbab | 62 | */ |
ce461bbd | 63 | struct proposal_t { |
7daf5226 | 64 | |
c06dbbab | 65 | /** |
552cc11b | 66 | * Add an algorithm to the proposal. |
7daf5226 | 67 | * |
c06dbbab MW |
68 | * The algorithms are stored by priority, first added |
69 | * is the most preferred. | |
70 | * Key size is only needed for encryption algorithms | |
a527a426 MW |
71 | * with variable key size (such as AES). Must be set |
72 | * to zero if key size is not specified. | |
c06dbbab MW |
73 | * The alg parameter accepts encryption_algorithm_t, |
74 | * integrity_algorithm_t, dh_group_number_t and | |
75 | * extended_sequence_numbers_t. | |
7daf5226 | 76 | * |
552cc11b MW |
77 | * @param type kind of algorithm |
78 | * @param alg identifier for algorithm | |
79 | * @param key_size key size to use | |
c06dbbab | 80 | */ |
3c7e72f5 | 81 | void (*add_algorithm) (proposal_t *this, transform_type_t type, |
b12c53ce | 82 | uint16_t alg, uint16_t key_size); |
7daf5226 | 83 | |
c06dbbab | 84 | /** |
527b3f0c | 85 | * Get an enumerator over algorithms for a specific algo type. |
7daf5226 | 86 | * |
552cc11b | 87 | * @param type kind of algorithm |
b12c53ce | 88 | * @return enumerator over uint16_t alg, uint16_t key_size |
c06dbbab | 89 | */ |
3c7e72f5 | 90 | enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); |
7daf5226 | 91 | |
93df94ac | 92 | /** |
552cc11b | 93 | * Get the algorithm for a type to use. |
7daf5226 | 94 | * |
93df94ac | 95 | * If there are multiple algorithms, only the first is returned. |
7daf5226 | 96 | * |
552cc11b | 97 | * @param type kind of algorithm |
3c7e72f5 MW |
98 | * @param alg pointer which receives algorithm |
99 | * @param key_size pointer which receives the key size | |
552cc11b | 100 | * @return TRUE if algorithm of this kind available |
93df94ac | 101 | */ |
3c7e72f5 | 102 | bool (*get_algorithm) (proposal_t *this, transform_type_t type, |
b12c53ce | 103 | uint16_t *alg, uint16_t *key_size); |
7daf5226 | 104 | |
1fd5383e | 105 | /** |
552cc11b | 106 | * Check if the proposal has a specific DH group. |
7daf5226 | 107 | * |
552cc11b MW |
108 | * @param group group to check for |
109 | * @return TRUE if algorithm included | |
1fd5383e MW |
110 | */ |
111 | bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group); | |
7daf5226 | 112 | |
3c7e72f5 MW |
113 | /** |
114 | * Strip DH groups from proposal to use it without PFS. | |
4eba7269 TB |
115 | * |
116 | * @param keep group to keep (MODP_NONE to remove all) | |
3c7e72f5 | 117 | */ |
4eba7269 | 118 | void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep); |
c06dbbab MW |
119 | |
120 | /** | |
552cc11b | 121 | * Compare two proposal, and select a matching subset. |
7daf5226 | 122 | * |
c06dbbab MW |
123 | * If the proposals are for the same protocols (AH/ESP), they are |
124 | * compared. If they have at least one algorithm of each type | |
125 | * in common, a resulting proposal of this kind is created. | |
7daf5226 | 126 | * |
f3bb1bd0 | 127 | * @param other proposal to compare against |
22f13dce TB |
128 | * @param other_remote whether other is the remote proposal from which to |
129 | * copy SPI and proposal number to the result, | |
130 | * otherwise copy from this proposal | |
023fd8f1 | 131 | * @param private accepts algorithms allocated in a private range |
552cc11b | 132 | * @return selected proposal, NULL if proposals don't match |
c06dbbab | 133 | */ |
22f13dce TB |
134 | proposal_t *(*select)(proposal_t *this, proposal_t *other, |
135 | bool other_remote, bool private); | |
7daf5226 | 136 | |
c06dbbab | 137 | /** |
552cc11b | 138 | * Get the protocol ID of the proposal. |
8d77edde | 139 | * |
552cc11b | 140 | * @return protocol of the proposal |
c06dbbab | 141 | */ |
8d77edde | 142 | protocol_id_t (*get_protocol) (proposal_t *this); |
7daf5226 | 143 | |
c06dbbab | 144 | /** |
552cc11b | 145 | * Get the SPI of the proposal. |
7daf5226 | 146 | * |
552cc11b | 147 | * @return spi for proto |
c06dbbab | 148 | */ |
b12c53ce | 149 | uint64_t (*get_spi) (proposal_t *this); |
7daf5226 | 150 | |
c06dbbab | 151 | /** |
552cc11b | 152 | * Set the SPI of the proposal. |
7daf5226 | 153 | * |
552cc11b | 154 | * @param spi spi to set for proto |
c06dbbab | 155 | */ |
b12c53ce | 156 | void (*set_spi) (proposal_t *this, uint64_t spi); |
7daf5226 | 157 | |
bb162175 MW |
158 | /** |
159 | * Get the proposal number, as encoded in SA payload | |
160 | * | |
161 | * @return proposal number | |
162 | */ | |
163 | u_int (*get_number)(proposal_t *this); | |
164 | ||
3c7e72f5 MW |
165 | /** |
166 | * Check for the eqality of two proposals. | |
167 | * | |
168 | * @param other other proposal to check for equality | |
169 | * @return TRUE if other equal to this | |
170 | */ | |
171 | bool (*equals)(proposal_t *this, proposal_t *other); | |
7daf5226 | 172 | |
87a217f9 | 173 | /** |
552cc11b | 174 | * Clone a proposal. |
7daf5226 | 175 | * |
552cc11b | 176 | * @return clone of proposal |
87a217f9 MW |
177 | */ |
178 | proposal_t *(*clone) (proposal_t *this); | |
7daf5226 | 179 | |
c06dbbab | 180 | /** |
552cc11b | 181 | * Destroys the proposal object. |
c06dbbab | 182 | */ |
ce461bbd | 183 | void (*destroy) (proposal_t *this); |
c06dbbab MW |
184 | }; |
185 | ||
186 | /** | |
552cc11b | 187 | * Create a child proposal for AH, ESP or IKE. |
c095388f | 188 | * |
8d77edde | 189 | * @param protocol protocol, such as PROTO_ESP |
bb162175 | 190 | * @param number proposal number, as encoded in SA payload |
f3bb1bd0 | 191 | * @return proposal_t object |
c06dbbab | 192 | */ |
bb162175 | 193 | proposal_t *proposal_create(protocol_id_t protocol, u_int number); |
c06dbbab | 194 | |
c095388f | 195 | /** |
552cc11b | 196 | * Create a default proposal if nothing further specified. |
c095388f MW |
197 | * |
198 | * @param protocol protocol, such as PROTO_ESP | |
f3bb1bd0 | 199 | * @return proposal_t object |
c095388f MW |
200 | */ |
201 | proposal_t *proposal_create_default(protocol_id_t protocol); | |
202 | ||
8642f8bd MW |
203 | /** |
204 | * Create a default proposal for supported AEAD algorithms | |
205 | * | |
206 | * @param protocol protocol, such as PROTO_ESP | |
207 | * @return proposal_t object, NULL if none supported | |
208 | */ | |
209 | proposal_t *proposal_create_default_aead(protocol_id_t protocol); | |
210 | ||
c095388f | 211 | /** |
552cc11b | 212 | * Create a proposal from a string identifying the algorithms. |
c095388f MW |
213 | * |
214 | * The string is in the same form as a in the ipsec.conf file. | |
215 | * E.g.: aes128-sha2_256-modp2048 | |
323f9f99 | 216 | * 3des-md5 |
c095388f MW |
217 | * An additional '!' at the end of the string forces this proposal, |
218 | * without it the peer may choose another algorithm we support. | |
219 | * | |
220 | * @param protocol protocol, such as PROTO_ESP | |
221 | * @param algs algorithms as string | |
f3bb1bd0 | 222 | * @return proposal_t object |
c095388f MW |
223 | */ |
224 | proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); | |
225 | ||
035930fc | 226 | /** |
d25ce370 | 227 | * printf hook function for proposal_t. |
035930fc | 228 | * |
7daf5226 | 229 | * Arguments are: |
323f9f99 | 230 | * proposal_t *proposal |
035930fc | 231 | * With the #-specifier, arguments are: |
323f9f99 | 232 | * linked_list_t *list containing proposal_t* |
035930fc | 233 | */ |
1b40b74d | 234 | int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, |
d25ce370 | 235 | const void *const *args); |
035930fc | 236 | |
1490ff4d | 237 | #endif /** PROPOSAL_H_ @}*/ |