2 * Copyright (C) 2012-2020 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * @defgroup sa_payload sa_payload
21 * @{ @ingroup payloads
27 typedef struct sa_payload_t sa_payload_t
;
30 #include <encoding/payloads/payload.h>
31 #include <encoding/payloads/proposal_substructure.h>
32 #include <collections/linked_list.h>
33 #include <kernel/kernel_ipsec.h>
34 #include <sa/authenticator.h>
37 * Class representing an IKEv1 or IKEv2 SA Payload.
39 * The SA Payload format is described in RFC section 3.3.
44 * The payload_t interface.
46 payload_t payload_interface
;
49 * Gets the proposals in this payload as a list.
51 * @return a list containing proposal_ts
53 linked_list_t
*(*get_proposals
) (sa_payload_t
*this);
56 * Gets the proposals from the first proposal in this payload with IPComp
57 * enabled (IKEv1 only).
59 * @param cpi the CPI of the first IPComp (sub)proposal
60 * @return a list containing proposal_ts
62 linked_list_t
*(*get_ipcomp_proposals
) (sa_payload_t
*this, uint16_t *cpi
);
65 * Get the lifetime of a proposal/transform (IKEv1 only).
67 * @param proposal proposal for which to get lifetime
68 * @return lifetime, in seconds
70 uint32_t (*get_lifetime
)(sa_payload_t
*this, proposal_t
*proposal
);
73 * Get the life duration of a proposal/transform (IKEv1 only).
75 * @param proposal proposal for which to get life duration
76 * @return life duration, in bytes
78 uint64_t (*get_lifebytes
)(sa_payload_t
*this, proposal_t
*proposal
);
81 * Get the first authentication method from the proposal (IKEv1 only).
83 * @return auth method, or AUTH_NONE
85 auth_method_t (*get_auth_method
)(sa_payload_t
*this);
88 * Get the (first) encapsulation mode from a proposal (IKEv1 only).
90 * @param udp set to TRUE if UDP encapsulation used
91 * @return ipsec encapsulation mode
93 ipsec_mode_t (*get_encap_mode
)(sa_payload_t
*this, bool *udp
);
96 * Create an enumerator over all proposal substructures.
98 * @return enumerator over proposal_substructure_t
100 enumerator_t
* (*create_substructure_enumerator
)(sa_payload_t
*this);
103 * Destroys an sa_payload_t object.
105 void (*destroy
) (sa_payload_t
*this);
109 * Creates an empty sa_payload_t object
111 * @param type PLV2_SECURITY_ASSOCIATION or PLV1_SECURITY_ASSOCIATION
112 * @return created sa_payload_t object
114 sa_payload_t
*sa_payload_create(payload_type_t type
);
117 * Creates an IKEv2 sa_payload_t object from a list of proposals.
119 * @param proposals list of proposals to build the payload from
120 * @return sa_payload_t object
122 sa_payload_t
*sa_payload_create_from_proposals_v2(linked_list_t
*proposals
);
125 * Creates an IKEv2 sa_payload_t object from a single proposal.
127 * @param proposal proposal from which the payload should be built.
128 * @return sa_payload_t object
130 sa_payload_t
*sa_payload_create_from_proposal_v2(proposal_t
*proposal
);
133 * Creates an IKEv1 sa_payload_t object from a list of proposals.
135 * @param proposals list of proposals to build the payload from
136 * @param lifetime lifetime in seconds
137 * @param lifebytes lifebytes, in bytes
138 * @param auth authentication method to use, or AUTH_NONE
139 * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
140 * @param udp ENCAP_UDP to use UDP encapsulation
141 * @param cpi CPI in case IPComp should be used
142 * @return sa_payload_t object
144 sa_payload_t
*sa_payload_create_from_proposals_v1(linked_list_t
*proposals
,
145 uint32_t lifetime
, uint64_t lifebytes
,
146 auth_method_t auth
, ipsec_mode_t mode
, encap_t udp
,
150 * Creates an IKEv1 sa_payload_t object from a single proposal.
152 * @param proposal proposal from which the payload should be built.
153 * @param lifetime lifetime in seconds
154 * @param lifebytes lifebytes, in bytes
155 * @param auth authentication method to use, or AUTH_NONE
156 * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
157 * @param udp ENCAP_UDP to use UDP encapsulation
158 * @param cpi CPI in case IPComp should be used
159 * @return sa_payload_t object
161 sa_payload_t
*sa_payload_create_from_proposal_v1(proposal_t
*proposal
,
162 uint32_t lifetime
, uint64_t lifebytes
,
163 auth_method_t auth
, ipsec_mode_t mode
, encap_t udp
,
166 #endif /** SA_PAYLOAD_H_ @}*/