ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/libcharon/sa/ikev1/phase1.h

151 lines
4.2 KiB
C
Raw Blame History

/*
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup phase1 phase1
* @{ @ingroup ikev1
*/
#ifndef PHASE1_H_
#define PHASE1_H_
typedef struct phase1_t phase1_t;
#include <sa/ike_sa.h>
#include <crypto/diffie_hellman.h>
/**
* Common phase 1 helper for main and aggressive mode.
*/
struct phase1_t {
/**
* Create keymat hasher.
*
* @return TRUE if hasher created
*/
bool (*create_hasher)(phase1_t *this);
/**
* Create DH object using SA keymat.
*
* @param group negotiated DH group
* @return TRUE if group supported
*/
bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group);
/**
* Derive key material.
*
* @param peer_cfg peer config to look up shared key for, or NULL
* @param method negotiated authenticated method
* @return TRUE if successful
*/
bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
auth_method_t method);
/**
* Verify a HASH or SIG payload in message.
*
* @param method negotiated auth method
* @param message message containing HASH or SIG payload
* @param id_data encoded identity, including protocol/port fields
* @return TRUE if verified successfully
*/
bool (*verify_auth)(phase1_t *this, auth_method_t method,
message_t *message, chunk_t id_data);
/**
* Build a HASH or SIG payload and add it to message.
*
* @param method negotiated auth method
* @param message message to add payload to
* @param id_data encoded identity, including protocol/port fields
* @return TRUE if built successfully
*/
bool (*build_auth)(phase1_t *this, auth_method_t method,
message_t *message, chunk_t id_data);
/**
* Get the IKEv1 authentication method defined by peer config.
*
* @param peer_cfg peer config to get auth method from
* @return auth method, or AUTH_NONE
*/
auth_method_t (*get_auth_method)(phase1_t *this, peer_cfg_t *peer_cfg);
/**
* Select a peer config as responder.
*
* If called after the first successful call the next alternative config
* is returned, if any.
*
* @param method used authentication method
* @param aggressive TRUE to get an aggressive mode config
* @param id initiator identity
* @return selected peer config, NULL if none found
*/
peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method,
bool aggressive, identification_t *id);
/**
* Get configured identity from peer config.
*
* @param peer_cfg peer config to get identity from
* @param local TRUE to get own identity, FALSE for remote
* @return identity, pointing to internal config data
*/
identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
/**
* Extract and store SA payload bytes from encoded message.
*
* @param message message to extract SA payload bytes from
* @return TRUE if SA payload found
*/
bool (*save_sa_payload)(phase1_t *this, message_t *message);
/**
* Add Nonce and KE payload to message.
*
* @param message message to add payloads
* @return TRUE if payloads added successfully
*/
bool (*add_nonce_ke)(phase1_t *this, message_t *message);
/**
* Extract Nonce and KE payload from message.
*
* @param message message to get payloads from
* @return TRUE if payloads extracted successfully
*/
bool (*get_nonce_ke)(phase1_t *this, message_t *message);
/**
* Destroy a phase1_t.
*/
void (*destroy)(phase1_t *this);
};
/**
* Create a phase1 instance.
*
* @param ike_sa IKE_SA to set up
* @param initiator TRUE if initiating actively
* @return Phase 1 helper
*/
phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator);
#endif /** PHASE1_H_ @}*/
View Git Blame Copy Permalink