1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
/**
* @file sa_config.h
*
* @brief Interface of sa_config_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _SA_CONFIG_H_
#define _SA_CONFIG_H_
#include <types.h>
#include <utils/identification.h>
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <network/host.h>
#include <transforms/crypters/crypter.h>
#include <transforms/signers/signer.h>
#include <transforms/diffie_hellman.h>
#include <config/traffic_selector.h>
#include <config/proposal.h>
typedef struct sa_config_t sa_config_t;
/**
* @brief Stores configuration of an initialized connection.
*
* During the IKE_AUTH phase, we have enough data to specify a
* configuration.
*
* @warning This config is not thread save.
*
* @b Constructors:
* - sa_config_create()
*
* @ingroup config
*/
struct sa_config_t {
/**
* @brief Get own id to use for identification.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return own id
*/
identification_t *(*get_my_id) (sa_config_t *this);
/**
* @brief Get id of communication partner.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return other id
*/
identification_t *(*get_other_id) (sa_config_t *this);
/**
* @brief Get authentication method to use for IKE_AUTH.
*
* @param this calling object
* @return authentication methood
*/
auth_method_t (*get_auth_method) (sa_config_t *this);
/**
* @brief Get lifetime of IKE_SA in milliseconds.
*
* @return IKE_SA lifetime in milliseconds.
*/
u_int32_t (*get_ike_sa_lifetime) (sa_config_t *this);
/**
* @brief Get configured traffic selectors for initiator site.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param[out] traffic_selectors pointer where traffic selectors will be allocated
* @return number of returned traffic selectors
*/
size_t (*get_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
/**
* @brief Get configured traffic selectors for responder site.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param[out] traffic_selectors pointer where traffic selectors will be allocated
* @return number of returned traffic selectors
*/
size_t (*get_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
/**
* @brief Select traffic selectors from a supplied list for initiator.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param supplied pointer to an array of ts to select from.
* @param count number of ts stored at supplied
* @param[out] traffic_selectors pointer where selected traffic selectors will be allocated
* @return number of selected traffic selectors
*/
size_t (*select_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
/**
* @brief Select traffic selectors from a supplied list for responder.
*
* Returns a pointer to an allocated array, in which
* pointers to traffic selectors are stored.
*
* @warning Resulting pointer array must be freed!
* @warning Traffic selectors in array must be destroyed!
*
* @param this calling object
* @param supplied pointer to an array of ts to select from.
* @param count number of ts stored at supplied
* @param[out] traffic_selectors pointer where selected traffic selectors will be allocated
* @return number of selected traffic selectors
*/
size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
/**
* @brief Get the list of internally stored proposals.
*
* Rembember: sa_config_t does store proposals for AH/ESP,
* IKE proposals are in the init_config_t
*
* @warning List and Items are still owned by sa_config and MUST NOT
* be manipulated or freed!
*
* @param this calling object
* @return lists with proposals
*/
linked_list_t *(*get_proposals) (sa_config_t *this);
/**
* @brief Select a proposal from a supplied list.
*
* @param this calling object
* @param proposals list from from wich proposals are selected
* @return selected proposal, or NULL if nothing matches
*/
proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals);
/**
* @brief Add a traffic selector to the list for initiator.
*
* Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_traffic_selector_initiator) (sa_config_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a traffic selector to the list for responder.
*
* Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_traffic_selector_responder) (sa_config_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a proposal to the list.
*
* The proposals are stored by priority, first added
* is the most prefered.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param proposal proposal to add
*/
void (*add_proposal) (sa_config_t *this, proposal_t *proposal);
/**
* @brief Destroys the config object
*
* @param this calling object
*/
void (*destroy) (sa_config_t *this);
};
/**
* @brief Create a configuration object for IKE_AUTH and later.
*
* @param my_id_type type of my identification
* @param my_id my identification as string
* @param other_id_type type of other identification
* @param other_id other identification as string
* @param auth_method Method of authentication
* @param ike_sa_lifetime lifetime of this IKE_SA in milliseconds. IKE_SA will be deleted
* after this lifetime!
* @return sa_config_t object
*
* @ingroup config
*/
sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other_id_type, char *other_id, auth_method_t auth_method, u_int32_t ike_sa_lifetime);
#endif //_SA_CONFIG_H_
|
