aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/sa/ike_sa.h
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/sa/ike_sa.h')
-rw-r--r--Source/charon/sa/ike_sa.h287
1 files changed, 287 insertions, 0 deletions
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h
new file mode 100644
index 000000000..34e95ab9a
--- /dev/null
+++ b/Source/charon/sa/ike_sa.h
@@ -0,0 +1,287 @@
+/**
+ * @file ike_sa.h
+ *
+ * @brief Class ike_sa_t. An object of this type is managed by an
+ * ike_sa_manager_t object and represents an IKE_SA
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IKE_SA_H_
+#define IKE_SA_H_
+
+#include <types.h>
+#include <encoding/message.h>
+#include <sa/ike_sa_id.h>
+#include <utils/logger.h>
+#include <utils/randomizer.h>
+#include <sa/states/state.h>
+#include <transforms/prfs/prf.h>
+#include <transforms/crypters/crypter.h>
+#include <transforms/signers/signer.h>
+
+
+
+/**
+ * Nonce size in bytes of all sent nonces
+ */
+#define NONCE_SIZE 16
+
+/**
+ * @brief This class is used to represent an IKE_SA
+ *
+ */
+typedef struct ike_sa_s ike_sa_t;
+
+struct ike_sa_s {
+
+ /**
+ * @brief Processes a incoming IKEv2-Message of type message_t
+ *
+ * @param this ike_sa_t object object
+ * @param[in] message message_t object to process
+ * @return SUCCESSFUL if succeeded, FAILED otherwise
+ */
+ status_t (*process_message) (ike_sa_t *this,message_t *message);
+
+ /**
+ * Initiate a new connection with given configuration name
+ *
+ * @param this calling object
+ * @param name name of the configuration
+ * @return TODO
+ */
+ status_t (*initialize_connection) (ike_sa_t *this, char *name);
+
+ /**
+ * @brief Get the id of the SA
+ *
+ * @param this ike_sa_t-message_t object object
+ * @return ike_sa's ike_sa_id_t
+ */
+ ike_sa_id_t* (*get_id) (ike_sa_t *this);
+
+ /**
+ * @brief Destroys a ike_sa_t object
+ *
+ * @param this ike_sa_t object
+ * @return SUCCESSFUL if succeeded, FAILED otherwise
+ */
+ status_t (*destroy) (ike_sa_t *this);
+};
+
+/**
+ * Protected data of an ike_sa_t object
+ */
+typedef struct protected_ike_sa_s protected_ike_sa_t;
+
+struct protected_ike_sa_s {
+
+ /**
+ * Public part of a ike_sa_t object
+ */
+ ike_sa_t public;
+
+ /**
+ * Builds an empty IKEv2-Message and fills in default informations.
+ *
+ * Depending on the type of message (request or response), the message id is
+ * either message_id_out or message_id_in.
+ *
+ * Used in every state.
+ *
+ * @param this calling object
+ * @param type exchange type of new message
+ * @param request TRUE, if message has to be a request
+ * @param message new message is stored at this location
+ * @return
+ * - SUCCESS
+ * - OUT_OF_RES
+ */
+ status_t (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
+
+ /**
+ * Initiate a new connection with given configuration name
+ *
+ * @param this calling object
+ * @param dh_shared_secret shared secret of diffie hellman exchange
+ * @param initiator_nonce nonce of initiator
+ * @param responder_nonce nonce of responder
+ * @return TODO
+ */
+ status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
+
+ /**
+ * Creates a job to delete the given IKE_SA
+ */
+ status_t (*create_delete_job) (protected_ike_sa_t *this);
+
+ /**
+ * Resends the last sent reply
+ */
+ status_t (*resend_last_reply) (protected_ike_sa_t *this);
+
+
+ /* protected values */
+
+ /**
+ * Identifier for the current IKE_SA
+ */
+ ike_sa_id_t *ike_sa_id;
+
+ /**
+ * Linked List containing the child sa's of the current IKE_SA
+ */
+ linked_list_t *child_sas;
+
+ /**
+ * Current state of the IKE_SA
+ */
+ state_t *current_state;
+
+ /**
+ * this SA's source for random data
+ */
+ randomizer_t *randomizer;
+
+ /**
+ * contains the last responded message
+ *
+ */
+ message_t *last_responded_message;
+
+ /**
+ * contains the last requested message
+ *
+ */
+ message_t *last_requested_message;
+
+ /**
+ * Informations of this host
+ */
+ struct {
+ host_t *host;
+ } me;
+
+ /**
+ * Informations of the other host
+ */
+ struct {
+ host_t *host;
+ } other;
+
+ /**
+ * Crypter object for initiator
+ */
+ crypter_t *crypter_initiator;
+
+ /**
+ * Crypter object for responder
+ */
+ crypter_t *crypter_responder;
+
+ /**
+ * Signer object for initiator
+ */
+ signer_t *signer_initiator;
+
+ /**
+ * Signer object for responder
+ */
+ signer_t *signer_responder;
+
+ /**
+ * prf function
+ */
+ prf_t *prf;
+
+
+
+ /**
+ * Shared secrets
+ */
+ struct {
+ /**
+ * Key used for deriving other keys
+ */
+ chunk_t d_key;
+
+ /**
+ * Key for authenticate (initiator)
+ */
+ chunk_t ai_key;
+
+ /**
+ * Key for authenticate (responder)
+ */
+ chunk_t ar_key;
+
+ /**
+ * Key for encryption (initiator)
+ */
+ chunk_t ei_key;
+
+ /**
+ * Key for encryption (responder)
+ */
+ chunk_t er_key;
+
+ /**
+ * Key for generating auth payload (initiator)
+ */
+ chunk_t pi_key;
+
+ /**
+ * Key for generating auth payload (responder)
+ */
+ chunk_t pr_key;
+
+ } secrets;
+
+ /**
+ * next message id to receive
+ */
+ u_int32_t message_id_in;
+
+ /**
+ * next message id to send
+ */
+ u_int32_t message_id_out;
+
+ /**
+ * a logger for this IKE_SA
+ */
+ logger_t *logger;
+};
+
+
+
+/**
+ * Creates an ike_sa_t object with a specific ike_sa_id_t object
+ *
+ * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
+ * The object is internal getting cloned
+ * and so has to be destroyed by the caller.
+ *
+ * @warning the Content of internal ike_sa_id_t object can change over time
+ * e.g. when a IKE_SA_INIT has been finished
+ *
+ * @return created ike_sa_t object
+ */
+ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
+
+#endif /*IKE_SA_H_*/