diff options
Diffstat (limited to 'Source/charon/sa/ike_sa.h')
-rw-r--r-- | Source/charon/sa/ike_sa.h | 287 |
1 files changed, 287 insertions, 0 deletions
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h new file mode 100644 index 000000000..34e95ab9a --- /dev/null +++ b/Source/charon/sa/ike_sa.h @@ -0,0 +1,287 @@ +/** + * @file ike_sa.h + * + * @brief Class ike_sa_t. An object of this type is managed by an + * ike_sa_manager_t object and represents an IKE_SA + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef IKE_SA_H_ +#define IKE_SA_H_ + +#include <types.h> +#include <encoding/message.h> +#include <sa/ike_sa_id.h> +#include <utils/logger.h> +#include <utils/randomizer.h> +#include <sa/states/state.h> +#include <transforms/prfs/prf.h> +#include <transforms/crypters/crypter.h> +#include <transforms/signers/signer.h> + + + +/** + * Nonce size in bytes of all sent nonces + */ +#define NONCE_SIZE 16 + +/** + * @brief This class is used to represent an IKE_SA + * + */ +typedef struct ike_sa_s ike_sa_t; + +struct ike_sa_s { + + /** + * @brief Processes a incoming IKEv2-Message of type message_t + * + * @param this ike_sa_t object object + * @param[in] message message_t object to process + * @return SUCCESSFUL if succeeded, FAILED otherwise + */ + status_t (*process_message) (ike_sa_t *this,message_t *message); + + /** + * Initiate a new connection with given configuration name + * + * @param this calling object + * @param name name of the configuration + * @return TODO + */ + status_t (*initialize_connection) (ike_sa_t *this, char *name); + + /** + * @brief Get the id of the SA + * + * @param this ike_sa_t-message_t object object + * @return ike_sa's ike_sa_id_t + */ + ike_sa_id_t* (*get_id) (ike_sa_t *this); + + /** + * @brief Destroys a ike_sa_t object + * + * @param this ike_sa_t object + * @return SUCCESSFUL if succeeded, FAILED otherwise + */ + status_t (*destroy) (ike_sa_t *this); +}; + +/** + * Protected data of an ike_sa_t object + */ +typedef struct protected_ike_sa_s protected_ike_sa_t; + +struct protected_ike_sa_s { + + /** + * Public part of a ike_sa_t object + */ + ike_sa_t public; + + /** + * Builds an empty IKEv2-Message and fills in default informations. + * + * Depending on the type of message (request or response), the message id is + * either message_id_out or message_id_in. + * + * Used in every state. + * + * @param this calling object + * @param type exchange type of new message + * @param request TRUE, if message has to be a request + * @param message new message is stored at this location + * @return + * - SUCCESS + * - OUT_OF_RES + */ + status_t (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message); + + /** + * Initiate a new connection with given configuration name + * + * @param this calling object + * @param dh_shared_secret shared secret of diffie hellman exchange + * @param initiator_nonce nonce of initiator + * @param responder_nonce nonce of responder + * @return TODO + */ + status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce); + + /** + * Creates a job to delete the given IKE_SA + */ + status_t (*create_delete_job) (protected_ike_sa_t *this); + + /** + * Resends the last sent reply + */ + status_t (*resend_last_reply) (protected_ike_sa_t *this); + + + /* protected values */ + + /** + * Identifier for the current IKE_SA + */ + ike_sa_id_t *ike_sa_id; + + /** + * Linked List containing the child sa's of the current IKE_SA + */ + linked_list_t *child_sas; + + /** + * Current state of the IKE_SA + */ + state_t *current_state; + + /** + * this SA's source for random data + */ + randomizer_t *randomizer; + + /** + * contains the last responded message + * + */ + message_t *last_responded_message; + + /** + * contains the last requested message + * + */ + message_t *last_requested_message; + + /** + * Informations of this host + */ + struct { + host_t *host; + } me; + + /** + * Informations of the other host + */ + struct { + host_t *host; + } other; + + /** + * Crypter object for initiator + */ + crypter_t *crypter_initiator; + + /** + * Crypter object for responder + */ + crypter_t *crypter_responder; + + /** + * Signer object for initiator + */ + signer_t *signer_initiator; + + /** + * Signer object for responder + */ + signer_t *signer_responder; + + /** + * prf function + */ + prf_t *prf; + + + + /** + * Shared secrets + */ + struct { + /** + * Key used for deriving other keys + */ + chunk_t d_key; + + /** + * Key for authenticate (initiator) + */ + chunk_t ai_key; + + /** + * Key for authenticate (responder) + */ + chunk_t ar_key; + + /** + * Key for encryption (initiator) + */ + chunk_t ei_key; + + /** + * Key for encryption (responder) + */ + chunk_t er_key; + + /** + * Key for generating auth payload (initiator) + */ + chunk_t pi_key; + + /** + * Key for generating auth payload (responder) + */ + chunk_t pr_key; + + } secrets; + + /** + * next message id to receive + */ + u_int32_t message_id_in; + + /** + * next message id to send + */ + u_int32_t message_id_out; + + /** + * a logger for this IKE_SA + */ + logger_t *logger; +}; + + + +/** + * Creates an ike_sa_t object with a specific ike_sa_id_t object + * + * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA. + * The object is internal getting cloned + * and so has to be destroyed by the caller. + * + * @warning the Content of internal ike_sa_id_t object can change over time + * e.g. when a IKE_SA_INIT has been finished + * + * @return created ike_sa_t object + */ +ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id); + +#endif /*IKE_SA_H_*/ |