4 * @brief Interface of connection_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include <utils/host.h>
28 #include <utils/linked_list.h>
29 #include <utils/identification.h>
30 #include <config/proposal.h>
31 #include <crypto/diffie_hellman.h>
34 typedef enum auth_method_t auth_method_t
;
43 * Computed as specified in section 2.15 of RFC using
44 * an RSA private key over a PKCS#1 padded hash.
46 RSA_DIGITAL_SIGNATURE
= 1,
49 * Computed as specified in section 2.15 of RFC using the
50 * shared key associated with the identity in the ID payload
51 * and the negotiated prf function
53 SHARED_KEY_MESSAGE_INTEGRITY_CODE
= 2,
56 * Computed as specified in section 2.15 of RFC using a
57 * DSS private key over a SHA-1 hash.
59 DSS_DIGITAL_SIGNATURE
= 3,
63 * string mappings for auth method.
67 extern mapping_t auth_method_m
[];
70 typedef struct connection_t connection_t
;
73 * @brief A connection_t defines the rules to set up an IKE_SA.
77 * - connection_create()
84 * @brief Get my ID for this connection.
86 * Object is NOT getting cloned.
88 * @param this calling object
89 * @return host information as identification_t object
91 identification_t
*(*get_my_id
) (connection_t
*this);
94 * @brief Get others ID for this connection.
96 * Object is NOT getting cloned.
98 * @param this calling object
99 * @return host information as identification_t object
101 identification_t
*(*get_other_id
) (connection_t
*this);
104 * @brief Get my address as host_t object.
106 * Object is NOT getting cloned.
108 * @param this calling object
109 * @return host information as host_t object
111 host_t
*(*get_my_host
) (connection_t
*this);
114 * @brief Get others address as host_t object.
116 * Object is NOT getting cloned.
118 * @param this calling object
119 * @return host information as host_t object
121 host_t
*(*get_other_host
) (connection_t
*this);
124 * @brief Update address of my host.
126 * It may be necessary to uptdate own address, as it
127 * is set to the default route (0.0.0.0) in some cases.
128 * Old host is destroyed, new one NOT cloned.
130 * @param this calling object
131 * @param my_host new host to set as my_host
133 void (*update_my_host
) (connection_t
*this, host_t
*my_host
);
136 * @brief Update address of remote host.
138 * It may be necessary to uptdate remote address, as a
139 * connection may define %any (0.0.0.0) or a subnet.
140 * Old host is destroyed, new one NOT cloned.
142 * @param this calling object
143 * @param my_host new host to set as other_host
145 void (*update_other_host
) (connection_t
*this, host_t
*other_host
);
148 * @brief Returns a list of all supported proposals.
150 * Returned list is still owned by connection and MUST NOT
151 * modified or destroyed.
153 * @param this calling object
154 * @return list containing all the proposals
156 linked_list_t
*(*get_proposals
) (connection_t
*this);
159 * @brief Adds a proposal to the list.
161 * The first added proposal has the highest priority, the last
164 * @param this calling object
165 * @param proposal proposal to add
167 void (*add_proposal
) (connection_t
*this, proposal_t
*proposal
);
170 * @brief Select a proposed from suggested proposals.
172 * Returned proposal must be destroyed after usage.
174 * @param this calling object
175 * @param proposals list of proposals to select from
176 * @return selected proposal, or NULL if none matches.
178 proposal_t
*(*select_proposal
) (connection_t
*this, linked_list_t
*proposals
);
181 * @brief Get the authentication method to use
183 * @param this calling object
184 * @return authentication method
186 auth_method_t (*get_auth_method
) (connection_t
*this);
189 * @brief Get the DH group to use for connection initialization.
191 * @param this calling object
192 * @return dh group to use for initialization
194 diffie_hellman_group_t (*get_dh_group
) (connection_t
*this);
197 * @brief Check if a suggested dh group is acceptable.
199 * If we guess a wrong DH group for IKE_SA_INIT, the other
200 * peer will send us a offer. But is this acceptable for us?
202 * @param this calling object
203 * @return TRUE if group acceptable
205 bool (*check_dh_group
) (connection_t
*this, diffie_hellman_group_t dh_group
);
208 * @brief Clone a connection_t object.
210 * @param this connection to clone
211 * @return clone of it
213 connection_t
*(*clone
) (connection_t
*this);
216 * @brief Destroys a connection_t object.
218 * @param this calling object
220 void (*destroy
) (connection_t
*this);
224 * @brief Creates a connection_t object.
226 * Supplied hosts/IDs become owned by connection, so
227 * do not modify or destroy them after a call to
228 * connection_create().
230 * @param my_host host_t representing local address
231 * @param other_host host_t representing remote address
232 * @param my_id identification_t for me
233 * @param other_id identification_t for other
234 * @param auth_method Authentication method to use for our(!) auth data
235 * @return connection_t object.
239 connection_t
* connection_create(host_t
*my_host
, host_t
*other_host
,
240 identification_t
*my_id
,
241 identification_t
*other_id
,
242 auth_method_t auth_method
);
244 #endif /* CONNECTION_H_ */
projects / people / ms / strongswan.git / blob