1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
/**
* @file sa_config.h
*
* @brief Interface of sa_config_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _SA_CONFIG_H_
#define _SA_CONFIG_H_
#include <types.h>
#include <utils/identification.h>
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <network/host.h>
#include <transforms/crypters/crypter.h>
#include <transforms/signers/signer.h>
#include <transforms/diffie_hellman.h>
#include <config/traffic_selector.h>
typedef struct child_proposal_t child_proposal_t;
/**
* @brief Storage structure for a proposal for a child sa.
*
* A proposal for a child sa contains data for
* AH, ESP, or both.
*
* @ingroup config
*/
struct child_proposal_t {
/**
* Data for AH, if set.
*/
struct {
bool is_set;
integrity_algorithm_t integrity_algorithm;
size_t integrity_algorithm_key_size;
diffie_hellman_group_t diffie_hellman_group;
extended_sequence_numbers_t extended_sequence_numbers;
u_int8_t spi[4];
} ah;
/**
* Data for ESP, if set.
*/
struct {
bool is_set;
encryption_algorithm_t encryption_algorithm;
size_t encryption_algorithm_key_size;
integrity_algorithm_t integrity_algorithm;
size_t integrity_algorithm_key_size;
diffie_hellman_group_t diffie_hellman_group;
extended_sequence_numbers_t extended_sequence_numbers;
u_int8_t spi[4];
} esp;
};
typedef struct sa_config_t sa_config_t;
/**
* @brief Stores configuration of an initialized connection.
*
* During the IKE_AUTH phase, we have enough data to specify a
* configuration.
*
* @warning This config is not thread save.
*
* @b Constructors:
* - sa_config_create()
*
* @ingroup config
*/
struct sa_config_t {
/**
* @brief Get own id to use for identification.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return own id
*/
identification_t *(*get_my_id) (sa_config_t *this);
/**
* @brief Get id of communication partner.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return other id
*/
identification_t *(*get_other_id) (sa_config_t *this);
/**
* @brief Get authentication method to use for IKE_AUTH.
*
* @param this calling object
* @return authentication methood
*/
auth_method_t (*get_auth_method) (sa_config_t *this);
/**
* @brief Get lifetime of IKE_SA in milliseconds.
*
* @return IKE_SA lifetime in milliseconds.
*/
u_int32_t (*get_ike_sa_lifetime) (sa_config_t *this);
/**
* @brief Get configured traffic selectors for initiator site.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param[out]traffic_selectors pointer where traffic selectors will be allocated
* @return number of returned traffic selectors
*/
size_t (*get_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
/**
* @brief Get configured traffic selectors for responder site.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param[out]traffic_selectors pointer where traffic selectors will be allocated
* @return number of returned traffic selectors
*/
size_t (*get_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
/**
* @brief Select traffic selectors from a supplied list for initiator.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param supplied pointer to an array of ts to select from.
* @param count number of ts stored at supplied
* @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
* @return number of selected traffic selectors
*/
size_t (*select_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
/**
* @brief Select traffic selectors from a supplied list for responder.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param supplied pointer to an array of ts to select from.
* @param count number of ts stored at supplied
* @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
* @return number of selected traffic selectors
*/
size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
/**
* @brief Get the list of proposals for this config.
*
* @warning Resulting array must be freed!
*
* @param this calling object
* @param[out]traffic_selectors pointer where proposals will be allocated
* @return number of allocated proposals
*/
size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *proposals[]);
/**
* @brief Select a proposal from a supplied list
*
* @warning Resulting array must be freed!
*
* @param this calling object
* @param supplied pointer to an array of proposals to select from.
* @param count number of proposals stored at supplied
* @return the selected proposal
*/
child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count);
/**
* @brief Add a traffic selector to the list for initiator.
*
* Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_traffic_selector_initiator) (sa_config_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a traffic selector to the list for responder.
*
* Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_traffic_selector_responder) (sa_config_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a proposal to the list.
*
* The proposals are stored by priority, first added
* is the most prefered.
* Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param proposal proposal to add
*/
void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal);
/**
* @brief Destroys the config object
*
* @param this calling object
*/
void (*destroy) (sa_config_t *this);
};
/**
* @brief Create a configuration object for IKE_AUTH and later.
*
* @param my_id_type type of my identification
* @param my_id my identification as string
* @param other_id_type type of other identification
* @param other_id other identification as string
* @param auth_method Method of authentication
* @param ike_sa_lifetime lifetime of this IKE_SA in milliseconds. IKE_SA will be deleted
* after this lifetime!
* @return created sa_config_t
*
* @ingroup config
*/
sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other_id_type, char *other_id, auth_method_t auth_method, u_int32_t ike_sa_lifetime);
#endif //_SA_CONFIG_H_
|
