diff options
Diffstat (limited to 'Source/charon/sa/ike_sa.h')
-rw-r--r-- | Source/charon/sa/ike_sa.h | 462 |
1 files changed, 0 insertions, 462 deletions
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h deleted file mode 100644 index c526c6347..000000000 --- a/Source/charon/sa/ike_sa.h +++ /dev/null @@ -1,462 +0,0 @@ -/** - * @file ike_sa.h - * - * @brief Interface of ike_sa_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef IKE_SA_H_ -#define IKE_SA_H_ - -#include <types.h> -#include <encoding/message.h> -#include <encoding/payloads/proposal_substructure.h> -#include <sa/ike_sa_id.h> -#include <sa/child_sa.h> -#include <sa/states/state.h> -#include <config/configuration.h> -#include <utils/logger.h> -#include <utils/randomizer.h> -#include <crypto/prfs/prf.h> -#include <crypto/crypters/crypter.h> -#include <crypto/signers/signer.h> -#include <config/connections/connection.h> -#include <config/policies/policy.h> -#include <utils/logger.h> - -/** - * Nonce size in bytes for nonces sending to other peer. - * - * @warning Nonce size MUST be between 16 and 256 bytes. - * - * @ingroup sa - */ -#define NONCE_SIZE 16 - - -typedef struct ike_sa_t ike_sa_t; - -/** - * @brief Class ike_sa_t representing an IKE_SA. - * - * An object of this type is managed by an ike_sa_manager_t object - * and represents an IKE_SA. Message processing is split up in different states. - * They will handle all related things for the state they represent. - * - * @b Constructors: - * - ike_sa_create() - * - * @ingroup sa - */ -struct ike_sa_t { - - /** - * @brief Processes a incoming IKEv2-Message of type message_t. - * - * @param this ike_sa_t object object - * @param[in] message message_t object to process - * @return - * - SUCCESS - * - FAILED - * - DELETE_ME if this IKE_SA MUST be deleted - */ - status_t (*process_message) (ike_sa_t *this,message_t *message); - - /** - * @brief Initiate a new connection with given connection_t object. - * - * The connection_t object is owned by the IKE_SA after the call, so - * do not modify or destroy it. - * - * @param this calling object - * @param connection connection to initiate - * @return - * - SUCCESS if initialization started - * - FAILED if in wrong state - * - DELETE_ME if initialization failed and IKE_SA MUST be deleted - */ - status_t (*initiate_connection) (ike_sa_t *this, connection_t *connection); - - /** - * @brief Retransmits a request. - * - * @param this calling object - * @param message_id ID of the request to retransmit - * @return - * - SUCCESS - * - NOT_FOUND if request doesn't have to be retransmited - */ - status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id); - - /** - * @brief Sends a request to delete IKE_SA. - * - * Only supported in state IKE_SA_ESTABLISHED - * - * @param this calling object - */ - void (*send_delete_ike_sa_request) (ike_sa_t *this); - - /** - * @brief Get the id of the SA. - * - * Returned ike_sa_id_t object is not getting cloned! - * - * @param this calling object - * @return ike_sa's ike_sa_id_t - */ - ike_sa_id_t* (*get_id) (ike_sa_t *this); - - /** - * @brief Get local peer address of the IKE_SA. - * - * @param this calling object - * @return local host_t - */ - host_t* (*get_my_host) (ike_sa_t *this); - - /** - * @brief Get remote peer address of the IKE_SA. - * - * @param this calling object - * @return remote host_t - */ - host_t* (*get_other_host) (ike_sa_t *this); - - /** - * @brief Get own ID of the IKE_SA. - * - * @param this calling object - * @return local identification_t - */ - identification_t* (*get_my_id) (ike_sa_t *this); - - /** - * @brief Get remote ID the IKE_SA. - * - * @param this calling object - * @return remote identification_t - */ - identification_t* (*get_other_id) (ike_sa_t *this); - - /** - * @brief Get the connection of the IKE_SA. - * - * The internal used connection specification - * can be queried to get some data of an IKE_SA. - * The connection is still owned to the IKE_SA - * and must not be manipulated. - * - * @param this calling object - * @return connection_t - */ - connection_t* (*get_connection) (ike_sa_t *this); - - /** - * @brief Get the state of type of associated state object. - * - * @param this calling object - * @return state of IKE_SA - */ - ike_sa_state_t (*get_state) (ike_sa_t *this); - - /** - * @brief Log the status of a the ike sa to a logger. - * - * The status of the IKE SA and all child SAs is logged. - * Supplying NULL as logger uses the internal child_sa logger - * to do the logging. The log is only done if the supplied - * connection name is NULL or matches the connections name. - * - * @param this calling object - * @param logger logger to use for logging - * @param name name of the connection - */ - void (*log_status) (ike_sa_t *this, logger_t *logger, char *name); - - /** - * @brief Destroys a ike_sa_t object. - * - * @param this calling object - */ - void (*destroy) (ike_sa_t *this); -}; - - -typedef struct protected_ike_sa_t protected_ike_sa_t; - -/** - * @brief Protected functions of an ike_sa_t object. - * - * This members are only accessed out from - * the various state_t implementations. - * - * @ingroup sa - */ -struct protected_ike_sa_t { - - /** - * Public interface of an ike_sa_t object. - */ - ike_sa_t public; - - /** - * @brief Build an empty IKEv2-Message and fills in default informations. - * - * Depending on the type of message (request or response), the message id is - * either message_id_out or message_id_in. - * - * Used in state_t Implementation to build an empty IKEv2-Message. - * - * @param this calling object - * @param type exchange type of new message - * @param request TRUE, if message has to be a request - * @param message new message is stored at this location - */ - void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message); - - /** - * @brief Get the internal stored connection_t object. - * - * @param this calling object - * @return pointer to the internal stored connection_t object - */ - connection_t *(*get_connection) (protected_ike_sa_t *this); - - /** - * @brief Set the internal connection object. - * - * @param this calling object - * @param connection object of type connection_t - */ - void (*set_connection) (protected_ike_sa_t *this, connection_t *connection); - - /** - * @brief Get the internal stored policy object. - * - * @param this calling object - * @return pointer to the internal stored policy_t object - */ - policy_t *(*get_policy) (protected_ike_sa_t *this); - - /** - * @brief Set the internal policy_t object. - * - * @param this calling object - * @param policy object of type policy_t - */ - void (*set_policy) (protected_ike_sa_t *this,policy_t *policy); - - /** - * @brief Derive all keys and create the transforms for IKE communication. - * - * Keys are derived using the diffie hellman secret, nonces and internal - * stored SPIs. - * Allready existing objects get destroyed. - * - * @param this calling object - * @param proposal proposal which contains algorithms to use - * @param dh diffie hellman object with shared secret - * @param nonce_i initiators nonce - * @param nonce_r responders nonce - */ - status_t (*build_transforms) (protected_ike_sa_t *this, proposal_t* proposal, - diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); - - /** - * @brief Send the next request message. - * - * Also the first retransmit job is created. - * - * Last stored requested message gets destroyed. Object gets not cloned! - * - * @param this calling object - * @param message pointer to the message which should be sent - * @return - * - SUCCESS - * - FAILED if message id is not next expected one - */ - status_t (*send_request) (protected_ike_sa_t *this,message_t * message); - - /** - * @brief Send the next response message. - * - * Last stored responded message gets destroyed. Object gets not cloned! - * - * @param this calling object - * @param message pointer to the message which should be sent - * return - * - SUCCESS - * - FAILED if message id is not next expected one - */ - status_t (*send_response) (protected_ike_sa_t *this,message_t * message); - - /** - * @brief Send a notify reply message. - * - * @param this calling object - * @param exchange_type type of exchange in which the notify should be wrapped - * @param type type of the notify message to send - * @param data notification data - */ - void (*send_notify) (protected_ike_sa_t *this, exchange_type_t exchange_type, notify_message_type_t type, chunk_t data); - - /** - * @brief Get the internal stored randomizer_t object. - * - * @param this calling object - * @return pointer to the internal randomizer_t object - */ - randomizer_t *(*get_randomizer) (protected_ike_sa_t *this); - - /** - * @brief Set the new state_t object of the IKE_SA object. - * - * The old state_t object gets not destroyed. It's the callers duty to - * make sure old state is destroyed (Normally the old state is the caller). - * - * @param this calling object - * @param state pointer to the new state_t object - */ - void (*set_new_state) (protected_ike_sa_t *this,state_t *state); - - /** - * @brief Set the last replied message id. - * - * @param this calling object - * @param message_id message id - */ - void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id); - - /** - * @brief Get the internal stored initiator crypter_t object. - * - * @param this calling object - * @return pointer to crypter_t object - */ - crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this); - - /** - * @brief Get the internal stored initiator signer_t object. - * - * @param this calling object - * @return pointer to signer_t object - */ - signer_t *(*get_signer_initiator) (protected_ike_sa_t *this); - - /** - * @brief Get the internal stored responder crypter_t object. - * - * @param this calling object - * @return pointer to crypter_t object - */ - crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this); - - /** - * @brief Get the internal stored responder signer object. - * - * @param this calling object - * @return pointer to signer_t object - */ - signer_t *(*get_signer_responder) (protected_ike_sa_t *this); - - /** - * @brief Get the multi purpose prf. - * - * @param this calling object - * @return pointer to prf_t object - */ - prf_t *(*get_prf) (protected_ike_sa_t *this); - - /** - * @brief Get the prf-object, which is used to derive keys for child SAs. - * - * @param this calling object - * @return pointer to prf_t object - */ - prf_t *(*get_child_prf) (protected_ike_sa_t *this); - - /** - * @brief Get the prf used for authentication of initiator. - * - * @param this calling object - * @return pointer to prf_t object - */ - prf_t *(*get_prf_auth_i) (protected_ike_sa_t *this); - - /** - * @brief Get the prf used for authentication of responder. - * - * @param this calling object - * @return pointer to prf_t object - */ - prf_t *(*get_prf_auth_r) (protected_ike_sa_t *this); - - /** - * @brief Associates a child SA to this IKE SA - * - * @param this calling object - * @param child_sa child_sa to add - */ - void (*add_child_sa) (protected_ike_sa_t *this, child_sa_t *child_sa); - - /** - * @brief Get the last responded message. - * - * @param this calling object - * @return - * - last received as message_t object - * - NULL if no last request available - */ - message_t *(*get_last_responded_message) (protected_ike_sa_t *this); - - /** - * @brief Get the last requested message. - * - * @param this calling object - * @return - * - last sent as message_t object - * - NULL if no last request available - */ - message_t *(*get_last_requested_message) (protected_ike_sa_t *this); - - /** - * @brief Resets message counters and does destroy stored received and sent messages. - * - * @param this calling object - */ - void (*reset_message_buffers) (protected_ike_sa_t *this); -}; - - -/** - * @brief Creates an ike_sa_t object with a specific ID. - * - * @warning the Content of internal ike_sa_id_t object can change over time - * e.g. when a IKE_SA_INIT has been finished. - * - * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA. - * The object is internal getting cloned - * and so has to be destroyed by the caller. - * @return ike_sa_t object - * - * @ingroup sa - */ -ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id); - -#endif /*IKE_SA_H_*/ |