src/libstrongswan/crypto/proposal/proposal.h

   1 /*
   2  * Copyright (C) 2009-2016 Tobias Brunner
   3  * Copyright (C) 2006 Martin Willi
   4  * HSR Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 /**
  18  * @defgroup proposal proposal
  19  * @{ @ingroup crypto
  20  */
  21
  22 #ifndef PROPOSAL_H_
  23 #define PROPOSAL_H_
  24
  25 typedef enum protocol_id_t protocol_id_t;
  26 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
  27 typedef struct proposal_t proposal_t;
  28
  29 #include <library.h>
  30 #include <utils/identification.h>
  31 #include <collections/linked_list.h>
  32 #include <networking/host.h>
  33 #include <crypto/transform.h>
  34 #include <crypto/crypters/crypter.h>
  35 #include <crypto/signers/signer.h>
  36 #include <crypto/diffie_hellman.h>
  37 #include <selectors/traffic_selector.h>
  38
  39 /**
  40  * Protocol ID of a proposal.
  41  */
  42 enum protocol_id_t {
  43         PROTO_NONE = 0,
  44         PROTO_IKE = 1,
  45         PROTO_AH = 2,
  46         PROTO_ESP = 3,
  47         PROTO_IPCOMP = 4, /* IKEv1 only */
  48 };
  49
  50 /**
  51  * enum names for protocol_id_t
  52  */
  53 extern enum_name_t *protocol_id_names;
  54
  55 /**
  56  * Stores a set of algorithms used for an SA.
  57  *
  58  * A proposal stores algorithms for a specific
  59  * protocol. It can store algorithms for one protocol.
  60  * Proposals with multiple protocols are not supported,
  61  * as it's not specified in RFC4301 anymore.
  62  */
  63 struct proposal_t {
  64
  65         /**
  66          * Add an algorithm to the proposal.
  67          *
  68          * The algorithms are stored by priority, first added
  69          * is the most preferred.
  70          * Key size is only needed for encryption algorithms
  71          * with variable key size (such as AES). Must be set
  72          * to zero if key size is not specified.
  73          * The alg parameter accepts encryption_algorithm_t,
  74          * integrity_algorithm_t, dh_group_number_t and
  75          * extended_sequence_numbers_t.
  76          *
  77          * @param type                  kind of algorithm
  78          * @param alg                   identifier for algorithm
  79          * @param key_size              key size to use
  80          */
  81         void (*add_algorithm) (proposal_t *this, transform_type_t type,
  82                                                    uint16_t alg, uint16_t key_size);
  83
  84         /**
  85          * Get an enumerator over algorithms for a specific algo type.
  86          *
  87          * @param type                  kind of algorithm
  88          * @return                              enumerator over uint16_t alg, uint16_t key_size
  89          */
  90         enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
  91
  92         /**
  93          * Get the algorithm for a type to use.
  94          *
  95          * If there are multiple algorithms, only the first is returned.
  96          *
  97          * @param type                  kind of algorithm
  98          * @param alg                   pointer which receives algorithm
  99          * @param key_size              pointer which receives the key size
 100          * @return                              TRUE if algorithm of this kind available
 101          */
 102         bool (*get_algorithm) (proposal_t *this, transform_type_t type,
 103                                                    uint16_t *alg, uint16_t *key_size);
 104
 105         /**
 106          * Check if the proposal has a specific DH group.
 107          *
 108          * @param group                 group to check for
 109          * @return                              TRUE if algorithm included
 110          */
 111         bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
 112
 113         /**
 114          * Strip DH groups from proposal to use it without PFS.
 115          *
 116          * @param keep                  group to keep (MODP_NONE to remove all)
 117          */
 118         void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep);
 119
 120         /**
 121          * Compare two proposal, and select a matching subset.
 122          *
 123          * If the proposals are for the same protocols (AH/ESP), they are
 124          * compared. If they have at least one algorithm of each type
 125          * in common, a resulting proposal of this kind is created.
 126          *
 127          * @param other                 proposal to compare against
 128          * @param other_remote  whether other is the remote proposal from which to
 129          *                                              copy SPI and proposal number to the result,
 130          *                                              otherwise copy from this proposal
 131          * @param private               accepts algorithms allocated in a private range
 132          * @return                              selected proposal, NULL if proposals don't match
 133          */
 134         proposal_t *(*select)(proposal_t *this, proposal_t *other,
 135                                                   bool other_remote, bool private);
 136
 137         /**
 138          * Get the protocol ID of the proposal.
 139          *
 140          * @return                              protocol of the proposal
 141          */
 142         protocol_id_t (*get_protocol) (proposal_t *this);
 143
 144         /**
 145          * Get the SPI of the proposal.
 146          *
 147          * @return                              spi for proto
 148          */
 149         uint64_t (*get_spi) (proposal_t *this);
 150
 151         /**
 152          * Set the SPI of the proposal.
 153          *
 154          * @param spi                   spi to set for proto
 155          */
 156         void (*set_spi) (proposal_t *this, uint64_t spi);
 157
 158         /**
 159          * Get the proposal number, as encoded in SA payload
 160          *
 161          * @return                              proposal number
 162          */
 163         u_int (*get_number)(proposal_t *this);
 164
 165         /**
 166          * Check for the eqality of two proposals.
 167          *
 168          * @param other                 other proposal to check for equality
 169          * @return                              TRUE if other equal to this
 170          */
 171         bool (*equals)(proposal_t *this, proposal_t *other);
 172
 173         /**
 174          * Clone a proposal.
 175          *
 176          * @return                              clone of proposal
 177          */
 178         proposal_t *(*clone) (proposal_t *this);
 179
 180         /**
 181          * Destroys the proposal object.
 182          */
 183         void (*destroy) (proposal_t *this);
 184 };
 185
 186 /**
 187  * Create a child proposal for AH, ESP or IKE.
 188  *
 189  * @param protocol                      protocol, such as PROTO_ESP
 190  * @param number                        proposal number, as encoded in SA payload
 191  * @return                                      proposal_t object
 192  */
 193 proposal_t *proposal_create(protocol_id_t protocol, u_int number);
 194
 195 /**
 196  * Create a default proposal if nothing further specified.
 197  *
 198  * @param protocol                      protocol, such as PROTO_ESP
 199  * @return                                      proposal_t object
 200  */
 201 proposal_t *proposal_create_default(protocol_id_t protocol);
 202
 203 /**
 204  * Create a default proposal for supported AEAD algorithms
 205  *
 206  * @param protocol                      protocol, such as PROTO_ESP
 207  * @return                                      proposal_t object, NULL if none supported
 208  */
 209 proposal_t *proposal_create_default_aead(protocol_id_t protocol);
 210
 211 /**
 212  * Create a proposal from a string identifying the algorithms.
 213  *
 214  * The string is in the same form as a in the ipsec.conf file.
 215  * E.g.:        aes128-sha2_256-modp2048
 216  *                3des-md5
 217  * An additional '!' at the end of the string forces this proposal,
 218  * without it the peer may choose another algorithm we support.
 219  *
 220  * @param protocol                      protocol, such as PROTO_ESP
 221  * @param algs                          algorithms as string
 222  * @return                                      proposal_t object
 223  */
 224 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
 225
 226 /**
 227  * printf hook function for proposal_t.
 228  *
 229  * Arguments are:
 230  *      proposal_t *proposal
 231  * With the #-specifier, arguments are:
 232  *      linked_list_t *list containing proposal_t*
 233  */
 234 int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
 235                                                  const void *const *args);
 236
 237 #endif /** PROPOSAL_H_ @}*/