Source/charon/config/child_proposal.h

   1 /**
   2  * @file child_proposal.h
   3  *
   4  * @brief Interface of child_proposal_t.
   5  *
   6  */
   7
   8 /*
   9  * Copyright (C) 2006 Martin Willi
  10  * Hochschule fuer Technik Rapperswil
  11  *
  12  * This program is free software; you can redistribute it and/or modify it
  13  * under the terms of the GNU General Public License as published by the
  14  * Free Software Foundation; either version 2 of the License, or (at your
  15  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  16  *
  17  * This program is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  19  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  20  * for more details.
  21  */
  22
  23 #ifndef _CHILD_PROPOSAL_H_
  24 #define _CHILD_PROPOSAL_H_
  25
  26 #include <types.h>
  27 #include <utils/identification.h>
  28 #include <utils/linked_list.h>
  29 #include <network/host.h>
  30 #include <transforms/crypters/crypter.h>
  31 #include <transforms/signers/signer.h>
  32 #include <transforms/diffie_hellman.h>
  33 #include <config/traffic_selector.h>
  34
  35
  36 typedef enum protocol_id_t protocol_id_t;
  37
  38 /**
  39  * Protocol ID of a proposal.
  40  *
  41  * @ingroup config
  42  */
  43 enum protocol_id_t {
  44         UNDEFINED_PROTOCOL_ID = 201,
  45         IKE = 1,
  46         AH = 2,
  47         ESP = 3,
  48 };
  49
  50 /**
  51  * String mappings for protocol_id_t.
  52  *
  53  * @ingroup config
  54  */
  55 extern mapping_t protocol_id_m[];
  56
  57
  58 typedef enum transform_type_t transform_type_t;
  59
  60 /**
  61  * Type of a transform, as in IKEv2 draft 3.3.2.
  62  *
  63  * @ingroup payloads
  64  */
  65 enum transform_type_t {
  66         UNDEFINED_TRANSFORM_TYPE = 241,
  67         ENCRYPTION_ALGORITHM = 1,
  68         PSEUDO_RANDOM_FUNCTION = 2,
  69         INTEGRITY_ALGORITHM = 3,
  70         DIFFIE_HELLMAN_GROUP = 4,
  71         EXTENDED_SEQUENCE_NUMBERS = 5
  72 };
  73
  74 /**
  75  * String mappings for transform_type_t.
  76  *
  77  * @ingroup payloads
  78  */
  79 extern mapping_t transform_type_m[];
  80
  81
  82 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
  83
  84 /**
  85  * Extended sequence numbers, as in IKEv2 draft 3.3.2.
  86  *
  87  * @ingroup payloads
  88  */
  89 enum extended_sequence_numbers_t {
  90         NO_EXT_SEQ_NUMBERS = 0,
  91         EXT_SEQ_NUMBERS = 1
  92 };
  93
  94 /**
  95  * String mappings for extended_sequence_numbers_t.
  96  *
  97  * @ingroup payloads
  98  */
  99 extern mapping_t extended_sequence_numbers_m[];
 100
 101
 102 typedef struct algorithm_t algorithm_t;
 103
 104 /**
 105  * Struct used to store different kinds of algorithms. The internal
 106  * lists of algorithms contain such structures.
 107  */
 108 struct algorithm_t {
 109         /**
 110          * Value from an encryption_algorithm_t/integrity_algorithm_t/...
 111          */
 112         u_int16_t algorithm;
 113
 114         /**
 115          * the associated key size, or zero if not needed
 116          */
 117         u_int16_t key_size;
 118 };
 119
 120 typedef struct child_proposal_t child_proposal_t;
 121
 122 /**
 123  * @brief Stores a proposal for a child SA.
 124  *
 125  * A child_proposal may contain more than one algorithm
 126  * of the same kind. ONE of them can be selected.
 127  *
 128  * @warning This class is NOT thread-save!
 129  *
 130  * @b Constructors:
 131  *   - child_proposal_create()
 132  *
 133  * @ingroup config
 134  */
 135 struct child_proposal_t {
 136
 137         /**
 138          * @brief Add an algorithm to the proposal.
 139          *
 140          * The algorithms are stored by priority, first added
 141          * is the most preferred.
 142          * Key size is only needed for encryption algorithms
 143          * with variable key size (such as AES), or integrity
 144          * algorithms.
 145          * The alg parameter accepts encryption_algorithm_t,
 146          * integrity_algorithm_t, dh_group_number_t and
 147          * extended_sequence_numbers_t.
 148          *
 149          * @warning Do not add while other threads are reading.
 150          *
 151          * @param this                                  calling object
 152          * @param proto                                 desired protocol
 153          * @param type                                  kind of algorithm
 154          * @param alg                                   identifier for algorithm
 155          * @param key_size                              key size to use
 156          */
 157         void (*add_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t alg, size_t key_size);
 158
 159         /**
 160          * @brief Get an iterator over algorithms for a specifc protocol/algo type.
 161          *
 162          * @param this                                  calling object
 163          * @param proto                                 desired protocol
 164          * @param type                                  kind of algorithm
 165          * @return                                              iterator over algorithms
 166          */
 167         iterator_t *(*create_algorithm_iterator) (child_proposal_t *this, protocol_id_t proto, transform_type_t type);
 168
 169         /**
 170          * @brief Get the algorithm for a type to use.
 171          *
 172          * If there are multiple algorithms, only the first is returned.
 173          * Result is still owned by child_proposal, do not modify!
 174          *
 175          * @param this                                  calling object
 176          * @param proto                                 desired protocol
 177          * @param type                                  kind of algorithm
 178          * @param[out] algo                             pointer which receives algorithm and key size
 179          * @return                                              TRUE if algorithm of this kind available
 180          */
 181         bool (*get_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo);
 182
 183         /**
 184          * @brief Compare two proposal, and select a matching subset.
 185          *
 186          * If the proposals are for the same protocols (AH/ESP), they are
 187          * compared. If they have at least one algorithm of each type
 188          * in common, a resulting proposal of this kind is created.
 189          *
 190          * @param this                                  calling object
 191          * @param other                                 proposal to compair agains
 192          * @return
 193          *                                                              - selected proposal, if possible
 194          *                                                              - NULL, if proposals don't match
 195          */
 196         child_proposal_t *(*select) (child_proposal_t *this, child_proposal_t *other);
 197
 198         /**
 199          * @brief Get the number set on construction.
 200          *
 201          * @param this                          calling object
 202          * @return                                      number
 203          */
 204         u_int8_t (*get_number) (child_proposal_t *this);
 205
 206         /**
 207          * @brief Get the protocol ids in the proposals.
 208          *
 209          * With AH and ESP, there could be two protocols in one
 210          * proposal.
 211          *
 212          * @param this                          calling object
 213          * @param ids                           array of protocol ids,
 214          */
 215         void (*get_protocols) (child_proposal_t *this, protocol_id_t ids[2]);
 216
 217         /**
 218          * @brief Get the spi for a specific protocol.
 219          *
 220          * @param this                          calling object
 221          * @param proto                         AH/ESP
 222          * @return                                      spi for proto
 223          */
 224         u_int64_t (*get_spi) (child_proposal_t *this, protocol_id_t proto);
 225
 226         /**
 227          * @brief Set the spi for a specific protocol.
 228          *
 229          * @param this                          calling object
 230          * @param proto                         AH/ESP
 231          * @param spi                           spi to set for proto
 232          */
 233         void (*set_spi) (child_proposal_t *this, protocol_id_t proto, u_int64_t spi);
 234
 235         /**
 236          * @brief Destroys the proposal object.
 237          *
 238          * @param this                          calling object
 239          */
 240         void (*destroy) (child_proposal_t *this);
 241 };
 242
 243 /**
 244  * @brief Create a child proposal for AH and/or ESP.
 245  *
 246  * @param number                        number of the proposal, as in the payload
 247  * @return                                      child_proposal_t object
 248  *
 249  * @ingroup config
 250  */
 251 child_proposal_t *child_proposal_create(u_int8_t number);
 252
 253 #endif //_CHILD_PROPOSAL_H_