]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/encoding/payloads/sa_payload.h
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libcharon / encoding / payloads / sa_payload.h
1 /*
2 * Copyright (C) 2012-2020 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 *
6 * Copyright (C) secunet Security Networks AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /**
20 * @defgroup sa_payload sa_payload
21 * @{ @ingroup payloads
22 */
23
24 #ifndef SA_PAYLOAD_H_
25 #define SA_PAYLOAD_H_
26
27 typedef struct sa_payload_t sa_payload_t;
28
29 #include <library.h>
30 #include <encoding/payloads/payload.h>
31 #include <encoding/payloads/proposal_substructure.h>
32 #include <collections/linked_list.h>
33 #include <kernel/kernel_ipsec.h>
34 #include <sa/authenticator.h>
35
36 /**
37 * Class representing an IKEv1 or IKEv2 SA Payload.
38 *
39 * The SA Payload format is described in RFC section 3.3.
40 */
41 struct sa_payload_t {
42
43 /**
44 * The payload_t interface.
45 */
46 payload_t payload_interface;
47
48 /**
49 * Gets the proposals in this payload as a list.
50 *
51 * @return a list containing proposal_ts
52 */
53 linked_list_t *(*get_proposals) (sa_payload_t *this);
54
55 /**
56 * Gets the proposals from the first proposal in this payload with IPComp
57 * enabled (IKEv1 only).
58 *
59 * @param cpi the CPI of the first IPComp (sub)proposal
60 * @return a list containing proposal_ts
61 */
62 linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, uint16_t *cpi);
63
64 /**
65 * Get the lifetime of a proposal/transform (IKEv1 only).
66 *
67 * @param proposal proposal for which to get lifetime
68 * @return lifetime, in seconds
69 */
70 uint32_t (*get_lifetime)(sa_payload_t *this, proposal_t *proposal);
71
72 /**
73 * Get the life duration of a proposal/transform (IKEv1 only).
74 *
75 * @param proposal proposal for which to get life duration
76 * @return life duration, in bytes
77 */
78 uint64_t (*get_lifebytes)(sa_payload_t *this, proposal_t *proposal);
79
80 /**
81 * Get the first authentication method from the proposal (IKEv1 only).
82 *
83 * @return auth method, or AUTH_NONE
84 */
85 auth_method_t (*get_auth_method)(sa_payload_t *this);
86
87 /**
88 * Get the (first) encapsulation mode from a proposal (IKEv1 only).
89 *
90 * @param udp set to TRUE if UDP encapsulation used
91 * @return ipsec encapsulation mode
92 */
93 ipsec_mode_t (*get_encap_mode)(sa_payload_t *this, bool *udp);
94
95 /**
96 * Create an enumerator over all proposal substructures.
97 *
98 * @return enumerator over proposal_substructure_t
99 */
100 enumerator_t* (*create_substructure_enumerator)(sa_payload_t *this);
101
102 /**
103 * Destroys an sa_payload_t object.
104 */
105 void (*destroy) (sa_payload_t *this);
106 };
107
108 /**
109 * Creates an empty sa_payload_t object
110 *
111 * @param type PLV2_SECURITY_ASSOCIATION or PLV1_SECURITY_ASSOCIATION
112 * @return created sa_payload_t object
113 */
114 sa_payload_t *sa_payload_create(payload_type_t type);
115
116 /**
117 * Creates an IKEv2 sa_payload_t object from a list of proposals.
118 *
119 * @param proposals list of proposals to build the payload from
120 * @return sa_payload_t object
121 */
122 sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals);
123
124 /**
125 * Creates an IKEv2 sa_payload_t object from a single proposal.
126 *
127 * @param proposal proposal from which the payload should be built.
128 * @return sa_payload_t object
129 */
130 sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
131
132 /**
133 * Creates an IKEv1 sa_payload_t object from a list of proposals.
134 *
135 * @param proposals list of proposals to build the payload from
136 * @param lifetime lifetime in seconds
137 * @param lifebytes lifebytes, in bytes
138 * @param auth authentication method to use, or AUTH_NONE
139 * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
140 * @param udp ENCAP_UDP to use UDP encapsulation
141 * @param cpi CPI in case IPComp should be used
142 * @return sa_payload_t object
143 */
144 sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
145 uint32_t lifetime, uint64_t lifebytes,
146 auth_method_t auth, ipsec_mode_t mode, encap_t udp,
147 uint16_t cpi);
148
149 /**
150 * Creates an IKEv1 sa_payload_t object from a single proposal.
151 *
152 * @param proposal proposal from which the payload should be built.
153 * @param lifetime lifetime in seconds
154 * @param lifebytes lifebytes, in bytes
155 * @param auth authentication method to use, or AUTH_NONE
156 * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
157 * @param udp ENCAP_UDP to use UDP encapsulation
158 * @param cpi CPI in case IPComp should be used
159 * @return sa_payload_t object
160 */
161 sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
162 uint32_t lifetime, uint64_t lifebytes,
163 auth_method_t auth, ipsec_mode_t mode, encap_t udp,
164 uint16_t cpi);
165
166 #endif /** SA_PAYLOAD_H_ @}*/
Unnamed repository; edit this file 'description' to name the repository.