2 * Copyright (C) 2009-2016 Tobias Brunner
3 * Copyright (C) 2006 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * @defgroup proposal proposal
25 typedef enum protocol_id_t protocol_id_t
;
26 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t
;
27 typedef struct proposal_t proposal_t
;
30 #include <utils/identification.h>
31 #include <collections/linked_list.h>
32 #include <networking/host.h>
33 #include <crypto/transform.h>
34 #include <crypto/crypters/crypter.h>
35 #include <crypto/signers/signer.h>
36 #include <crypto/diffie_hellman.h>
37 #include <selectors/traffic_selector.h>
40 * Protocol ID of a proposal.
47 PROTO_IPCOMP
= 4, /* IKEv1 only */
51 * enum names for protocol_id_t
53 extern enum_name_t
*protocol_id_names
;
56 * Stores a set of algorithms used for an SA.
58 * A proposal stores algorithms for a specific
59 * protocol. It can store algorithms for one protocol.
60 * Proposals with multiple protocols are not supported,
61 * as it's not specified in RFC4301 anymore.
66 * Add an algorithm to the proposal.
68 * The algorithms are stored by priority, first added
69 * is the most preferred.
70 * Key size is only needed for encryption algorithms
71 * with variable key size (such as AES). Must be set
72 * to zero if key size is not specified.
73 * The alg parameter accepts encryption_algorithm_t,
74 * integrity_algorithm_t, dh_group_number_t and
75 * extended_sequence_numbers_t.
77 * @param type kind of algorithm
78 * @param alg identifier for algorithm
79 * @param key_size key size to use
81 void (*add_algorithm
) (proposal_t
*this, transform_type_t type
,
82 uint16_t alg
, uint16_t key_size
);
85 * Get an enumerator over algorithms for a specific algo type.
87 * @param type kind of algorithm
88 * @return enumerator over uint16_t alg, uint16_t key_size
90 enumerator_t
*(*create_enumerator
) (proposal_t
*this, transform_type_t type
);
93 * Get the algorithm for a type to use.
95 * If there are multiple algorithms, only the first is returned.
97 * @param type kind of algorithm
98 * @param alg pointer which receives algorithm
99 * @param key_size pointer which receives the key size
100 * @return TRUE if algorithm of this kind available
102 bool (*get_algorithm
) (proposal_t
*this, transform_type_t type
,
103 uint16_t *alg
, uint16_t *key_size
);
106 * Check if the proposal has a specific DH group.
108 * @param group group to check for
109 * @return TRUE if algorithm included
111 bool (*has_dh_group
) (proposal_t
*this, diffie_hellman_group_t group
);
114 * Strip DH groups from proposal to use it without PFS.
116 * @param keep group to keep (MODP_NONE to remove all)
118 void (*strip_dh
)(proposal_t
*this, diffie_hellman_group_t keep
);
121 * Compare two proposal, and select a matching subset.
123 * If the proposals are for the same protocols (AH/ESP), they are
124 * compared. If they have at least one algorithm of each type
125 * in common, a resulting proposal of this kind is created.
127 * @param other proposal to compare against
128 * @param other_remote whether other is the remote proposal from which to
129 * copy SPI and proposal number to the result,
130 * otherwise copy from this proposal
131 * @param private accepts algorithms allocated in a private range
132 * @return selected proposal, NULL if proposals don't match
134 proposal_t
*(*select
)(proposal_t
*this, proposal_t
*other
,
135 bool other_remote
, bool private);
138 * Get the protocol ID of the proposal.
140 * @return protocol of the proposal
142 protocol_id_t (*get_protocol
) (proposal_t
*this);
145 * Get the SPI of the proposal.
147 * @return spi for proto
149 uint64_t (*get_spi
) (proposal_t
*this);
152 * Set the SPI of the proposal.
154 * @param spi spi to set for proto
156 void (*set_spi
) (proposal_t
*this, uint64_t spi
);
159 * Get the proposal number, as encoded in SA payload
161 * @return proposal number
163 u_int (*get_number
)(proposal_t
*this);
166 * Check for the eqality of two proposals.
168 * @param other other proposal to check for equality
169 * @return TRUE if other equal to this
171 bool (*equals
)(proposal_t
*this, proposal_t
*other
);
176 * @return clone of proposal
178 proposal_t
*(*clone
) (proposal_t
*this);
181 * Destroys the proposal object.
183 void (*destroy
) (proposal_t
*this);
187 * Create a child proposal for AH, ESP or IKE.
189 * @param protocol protocol, such as PROTO_ESP
190 * @param number proposal number, as encoded in SA payload
191 * @return proposal_t object
193 proposal_t
*proposal_create(protocol_id_t protocol
, u_int number
);
196 * Create a default proposal if nothing further specified.
198 * @param protocol protocol, such as PROTO_ESP
199 * @return proposal_t object
201 proposal_t
*proposal_create_default(protocol_id_t protocol
);
204 * Create a default proposal for supported AEAD algorithms
206 * @param protocol protocol, such as PROTO_ESP
207 * @return proposal_t object, NULL if none supported
209 proposal_t
*proposal_create_default_aead(protocol_id_t protocol
);
212 * Create a proposal from a string identifying the algorithms.
214 * The string is in the same form as a in the ipsec.conf file.
215 * E.g.: aes128-sha2_256-modp2048
217 * An additional '!' at the end of the string forces this proposal,
218 * without it the peer may choose another algorithm we support.
220 * @param protocol protocol, such as PROTO_ESP
221 * @param algs algorithms as string
222 * @return proposal_t object
224 proposal_t
*proposal_create_from_string(protocol_id_t protocol
, const char *algs
);
227 * printf hook function for proposal_t.
230 * proposal_t *proposal
231 * With the #-specifier, arguments are:
232 * linked_list_t *list containing proposal_t*
234 int proposal_printf_hook(printf_hook_data_t
*data
, printf_hook_spec_t
*spec
,
235 const void *const *args
);
237 #endif /** PROPOSAL_H_ @}*/