Imported Upstream version 5.0.1

1 files changed, 77 insertions, 17 deletions

diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index cc8c481c8..9a88cccd5 100644
--- a/src/libcharon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
@@ -28,14 +28,11 @@ typedef struct sa_payload_t sa_payload_t;
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <utils/linked_list.h>
+#include <kernel/kernel_ipsec.h>
+#include <sa/authenticator.h>
 
 /**
- * SA_PAYLOAD length in bytes without any proposal substructure.
- */
-#define SA_PAYLOAD_HEADER_LENGTH 4
-
-/**
- * Class representing an IKEv2-SA Payload.
+ * Class representing an IKEv1 or IKEv2 SA Payload.
  *
  * The SA Payload format is described in RFC section 3.3.
  */
@@ -49,16 +46,47 @@ struct sa_payload_t {
 	/**
 	 * Gets the proposals in this payload as a list.
 	 *
-	 * @return					a list containing proposal_t s
+	 * @return				a list containing proposal_ts
 	 */
 	linked_list_t *(*get_proposals) (sa_payload_t *this);
 
 	/**
-	 * Add a child proposal (AH/ESP) to the payload.
+	 * Gets the proposals from the first proposal in this payload with IPComp
+	 * enabled (IKEv1 only).
+	 *
+	 * @param cpi			the CPI of the first IPComp (sub)proposal
+	 * @return				a list containing proposal_ts
+	 */
+	linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, u_int16_t *cpi);
+
+	/**
+	 * Get the (shortest) lifetime of a proposal (IKEv1 only).
+	 *
+	 * @return					lifetime, in seconds
+	 */
+	u_int32_t (*get_lifetime)(sa_payload_t *this);
+
+	/**
+	 * Get the (shortest) life duration of a proposal (IKEv1 only).
+	 *
+	 * @return					life duration, in bytes
+	 */
+	u_int64_t (*get_lifebytes)(sa_payload_t *this);
+
+	/**
+	 * Get the first authentication method from the proposal (IKEv1 only).
 	 *
-	 * @param proposal			child proposal to add to the payload
+	 * @return					auth method, or AUTH_NONE
 	 */
-	void (*add_proposal) (sa_payload_t *this, proposal_t *proposal);
+	auth_method_t (*get_auth_method)(sa_payload_t *this);
+
+	/**
+	 * Get the (first) encapsulation mode from a proposal (IKEv1 only).
+	 *
+	 * @param udp				set to TRUE if UDP encapsulation used
+	 * @return					ipsec encapsulation mode
+	 */
+	ipsec_mode_t (*get_encap_mode)(sa_payload_t *this, bool *udp);
 
 	/**
 	 * Create an enumerator over all proposal substructures.
@@ -76,27 +104,59 @@ struct sa_payload_t {
 /**
  * Creates an empty sa_payload_t object
  *
+ * @param type				SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1
  * @return					created sa_payload_t object
  */
-sa_payload_t *sa_payload_create(void);
+sa_payload_t *sa_payload_create(payload_type_t type);
 
 /**
- * Creates a sa_payload_t object from a list of proposals.
+ * Creates an IKEv2 sa_payload_t object from a list of proposals.
  *
  * @param proposals			list of proposals to build the payload from
  * @return					sa_payload_t object
  */
-sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
+sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals);
 
 /**
- * Creates a sa_payload_t object from a single proposal.
+ * Creates an IKEv2 sa_payload_t object from a single proposal.
  *
- * This is only for convenience. Use sa_payload_create_from_proposal_list
- * if you want to add more than one proposal.
+ * @param proposal			proposal from which the payload should be built.
+ * @return					sa_payload_t object
+ */
+sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
+
+/**
+ * Creates an IKEv1 sa_payload_t object from a list of proposals.
+ *
+ * @param proposals			list of proposals to build the payload from
+ * @param lifetime			lifetime in seconds
+ * @param lifebytes			lifebytes, in bytes
+ * @param auth				authentication method to use, or AUTH_NONE
+ * @param mode				IPsec encapsulation mode, TRANSPORT or TUNNEL
+ * @param udp				TRUE to use UDP encapsulation
+ * @param cpi				CPI in case IPComp should be used
+ * @return					sa_payload_t object
+ */
+sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
+							u_int32_t lifetime, u_int64_t lifebytes,
+							auth_method_t auth, ipsec_mode_t mode, bool udp,
+							u_int16_t cpi);
+
+/**
+ * Creates an IKEv1 sa_payload_t object from a single proposal.
  *
  * @param proposal			proposal from which the payload should be built.
+ * @param lifetime			lifetime in seconds
+ * @param lifebytes			lifebytes, in bytes
+ * @param auth				authentication method to use, or AUTH_NONE
+ * @param mode				IPsec encapsulation mode, TRANSPORT or TUNNEL
+ * @param udp				TRUE to use UDP encapsulation
+ * @param cpi				CPI in case IPComp should be used
  * @return					sa_payload_t object
  */
-sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal);
+sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
+							u_int32_t lifetime, u_int64_t lifebytes,
+							auth_method_t auth, ipsec_mode_t mode, bool udp,
+							u_int16_t cpi);
 
 #endif /** SA_PAYLOAD_H_ @}*/