]>
Commit | Line | Data |
---|---|---|
7ba38761 JH |
1 | /** |
2 | * @file ike_sa.h | |
c3dc6f1a | 3 | * |
7ba38761 | 4 | * @brief Class ike_sa_t. An object of this type is managed by an |
c3dc6f1a JH |
5 | * ike_sa_manager_t object and represents an IKE_SA |
6 | * | |
7ba38761 JH |
7 | */ |
8 | ||
9 | /* | |
10 | * Copyright (C) 2005 Jan Hutter, Martin Willi | |
11 | * Hochschule fuer Technik Rapperswil | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify it | |
14 | * under the terms of the GNU General Public License as published by the | |
15 | * Free Software Foundation; either version 2 of the License, or (at your | |
16 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, but | |
19 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
21 | * for more details. | |
22 | */ | |
23 | ||
24 | #ifndef IKE_SA_H_ | |
25 | #define IKE_SA_H_ | |
26 | ||
021c2322 MW |
27 | #include <types.h> |
28 | #include <message.h> | |
29 | #include <ike_sa_id.h> | |
30 | #include <utils/logger.h> | |
31 | #include <utils/randomizer.h> | |
32 | #include <states/state.h> | |
33 | #include <transforms/prfs/prf.h> | |
34 | #include <transforms/crypters/crypter.h> | |
35 | #include <transforms/signers/signer.h> | |
8323a9c1 JH |
36 | |
37 | ||
38 | ||
39 | /** | |
40 | * Nonce size in bytes of all sent nonces | |
41 | */ | |
42 | #define NONCE_SIZE 16 | |
7ba38761 JH |
43 | |
44 | /** | |
45 | * @brief This class is used to represent an IKE_SA | |
c3dc6f1a | 46 | * |
7ba38761 JH |
47 | */ |
48 | typedef struct ike_sa_s ike_sa_t; | |
49 | ||
c3dc6f1a | 50 | struct ike_sa_s { |
7ba38761 JH |
51 | |
52 | /** | |
53 | * @brief Processes a incoming IKEv2-Message of type message_t | |
c3dc6f1a JH |
54 | * |
55 | * @param this ike_sa_t object object | |
56 | * @param[in] message message_t object to process | |
7ba38761 JH |
57 | * @return SUCCESSFUL if succeeded, FAILED otherwise |
58 | */ | |
59 | status_t (*process_message) (ike_sa_t *this,message_t *message); | |
60 | ||
2c220249 JH |
61 | /** |
62 | * Initiate a new connection with given configuration name | |
63 | * | |
64 | * @param this calling object | |
65 | * @param name name of the configuration | |
66 | * @return TODO | |
67 | */ | |
c923dc61 | 68 | status_t (*initialize_connection) (ike_sa_t *this, char *name); |
c3dc6f1a | 69 | |
472217f1 MW |
70 | /** |
71 | * @brief Get the id of the SA | |
c3dc6f1a | 72 | * |
472217f1 MW |
73 | * @param this ike_sa_t-message_t object object |
74 | * @return ike_sa's ike_sa_id_t | |
75 | */ | |
76 | ike_sa_id_t* (*get_id) (ike_sa_t *this); | |
7ba38761 JH |
77 | |
78 | /** | |
79 | * @brief Destroys a ike_sa_t object | |
c3dc6f1a | 80 | * |
7ba38761 JH |
81 | * @param this ike_sa_t object |
82 | * @return SUCCESSFUL if succeeded, FAILED otherwise | |
83 | */ | |
84 | status_t (*destroy) (ike_sa_t *this); | |
85 | }; | |
86 | ||
8323a9c1 JH |
87 | /** |
88 | * Protected data of an ike_sa_t object | |
89 | */ | |
90 | typedef struct protected_ike_sa_s protected_ike_sa_t; | |
91 | ||
92 | struct protected_ike_sa_s { | |
93 | ||
94 | /** | |
95 | * Public part of a ike_sa_t object | |
96 | */ | |
97 | ike_sa_t public; | |
98 | ||
99 | /** | |
100 | * Builds an empty IKEv2-Message and fills in default informations. | |
101 | * | |
102 | * Depending on the type of message (request or response), the message id is | |
103 | * either message_id_out or message_id_in. | |
104 | * | |
105 | * Used in every state. | |
106 | * | |
107 | * @param this calling object | |
108 | * @param type exchange type of new message | |
109 | * @param request TRUE, if message has to be a request | |
110 | * @param message new message is stored at this location | |
111 | * @return | |
112 | * - SUCCESS | |
113 | * - OUT_OF_RES | |
114 | */ | |
115 | status_t (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message); | |
116 | ||
2c220249 JH |
117 | /** |
118 | * Initiate a new connection with given configuration name | |
119 | * | |
120 | * @param this calling object | |
121 | * @param dh_shared_secret shared secret of diffie hellman exchange | |
122 | * @param initiator_nonce nonce of initiator | |
123 | * @param responder_nonce nonce of responder | |
124 | * @return TODO | |
125 | */ | |
126 | status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce); | |
127 | ||
8323a9c1 JH |
128 | /** |
129 | * Creates a job to delete the given IKE_SA | |
130 | */ | |
131 | status_t (*create_delete_job) (protected_ike_sa_t *this); | |
132 | ||
133 | /** | |
134 | * Resends the last sent reply | |
135 | */ | |
136 | status_t (*resend_last_reply) (protected_ike_sa_t *this); | |
137 | ||
138 | ||
139 | /* protected values */ | |
140 | ||
141 | /** | |
142 | * Identifier for the current IKE_SA | |
143 | */ | |
144 | ike_sa_id_t *ike_sa_id; | |
145 | ||
146 | /** | |
147 | * Linked List containing the child sa's of the current IKE_SA | |
148 | */ | |
149 | linked_list_t *child_sas; | |
150 | ||
151 | /** | |
152 | * Current state of the IKE_SA | |
153 | */ | |
154 | state_t *current_state; | |
155 | ||
156 | /** | |
157 | * this SA's source for random data | |
158 | */ | |
159 | randomizer_t *randomizer; | |
160 | ||
161 | /** | |
162 | * contains the last responded message | |
163 | * | |
164 | */ | |
165 | message_t *last_responded_message; | |
166 | ||
167 | /** | |
168 | * contains the last requested message | |
169 | * | |
170 | */ | |
171 | message_t *last_requested_message; | |
172 | ||
173 | /** | |
174 | * Informations of this host | |
175 | */ | |
176 | struct { | |
177 | host_t *host; | |
178 | } me; | |
179 | ||
180 | /** | |
181 | * Informations of the other host | |
182 | */ | |
183 | struct { | |
184 | host_t *host; | |
185 | } other; | |
186 | ||
2c220249 JH |
187 | /** |
188 | * Crypter object for initiator | |
189 | */ | |
190 | crypter_t *crypter_initiator; | |
191 | ||
192 | /** | |
193 | * Crypter object for responder | |
194 | */ | |
195 | crypter_t *crypter_responder; | |
8323a9c1 | 196 | |
2c220249 JH |
197 | /** |
198 | * Signer object for initiator | |
199 | */ | |
200 | signer_t *signer_initiator; | |
8323a9c1 | 201 | |
2c220249 JH |
202 | /** |
203 | * Signer object for responder | |
204 | */ | |
205 | signer_t *signer_responder; | |
206 | ||
207 | /** | |
208 | * prf function | |
209 | */ | |
210 | prf_t *prf; | |
211 | ||
212 | ||
213 | ||
214 | /** | |
215 | * Shared secrets | |
216 | */ | |
217 | struct { | |
218 | /** | |
219 | * Key used for deriving other keys | |
220 | */ | |
221 | chunk_t d_key; | |
222 | ||
223 | /** | |
224 | * Key for authenticate (initiator) | |
225 | */ | |
226 | chunk_t ai_key; | |
227 | ||
228 | /** | |
229 | * Key for authenticate (responder) | |
230 | */ | |
231 | chunk_t ar_key; | |
232 | ||
233 | /** | |
234 | * Key for encryption (initiator) | |
235 | */ | |
236 | chunk_t ei_key; | |
237 | ||
238 | /** | |
239 | * Key for encryption (responder) | |
240 | */ | |
241 | chunk_t er_key; | |
242 | ||
243 | /** | |
244 | * Key for generating auth payload (initiator) | |
245 | */ | |
246 | chunk_t pi_key; | |
247 | ||
248 | /** | |
249 | * Key for generating auth payload (responder) | |
250 | */ | |
251 | chunk_t pr_key; | |
252 | ||
253 | } secrets; | |
8323a9c1 JH |
254 | |
255 | /** | |
256 | * next message id to receive | |
257 | */ | |
258 | u_int32_t message_id_in; | |
259 | ||
260 | /** | |
261 | * next message id to send | |
262 | */ | |
263 | u_int32_t message_id_out; | |
264 | ||
265 | /** | |
266 | * a logger for this IKE_SA | |
267 | */ | |
268 | logger_t *logger; | |
269 | }; | |
270 | ||
271 | ||
272 | ||
7ba38761 | 273 | /** |
c3dc6f1a JH |
274 | * Creates an ike_sa_t object with a specific ike_sa_id_t object |
275 | * | |
276 | * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA. | |
277 | * The object is internal getting cloned | |
4acf505a | 278 | * and so has to be destroyed by the caller. |
7ba38761 | 279 | * |
c3dc6f1a | 280 | * @warning the Content of internal ike_sa_id_t object can change over time |
7ba38761 JH |
281 | * e.g. when a IKE_SA_INIT has been finished |
282 | * | |
283 | * @return created ike_sa_t object | |
284 | */ | |
285 | ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id); | |
286 | ||
287 | #endif /*IKE_SA_H_*/ |