Home | History | Annotate | Line # | Download | only in netipsec
xform.h revision 1.1 
      1  1.1  jonathan /*	$NetBSD: xform.h,v 1.1 2003/08/13 20:06:51 jonathan Exp $	*/
      2  1.1  jonathan /*	$FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
      3  1.1  jonathan /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
      4  1.1  jonathan /*
      5  1.1  jonathan  * The authors of this code are John Ioannidis (ji (at) tla.org),
      6  1.1  jonathan  * Angelos D. Keromytis (kermit (at) csd.uch.gr),
      7  1.1  jonathan  * Niels Provos (provos (at) physnet.uni-hamburg.de) and
      8  1.1  jonathan  * Niklas Hallqvist (niklas (at) appli.se).
      9  1.1  jonathan  *
     10  1.1  jonathan  * The original version of this code was written by John Ioannidis
     11  1.1  jonathan  * for BSD/OS in Athens, Greece, in November 1995.
     12  1.1  jonathan  *
     13  1.1  jonathan  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
     14  1.1  jonathan  * by Angelos D. Keromytis.
     15  1.1  jonathan  *
     16  1.1  jonathan  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
     17  1.1  jonathan  * and Niels Provos.
     18  1.1  jonathan  *
     19  1.1  jonathan  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
     20  1.1  jonathan  *
     21  1.1  jonathan  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
     22  1.1  jonathan  * Angelos D. Keromytis and Niels Provos.
     23  1.1  jonathan  * Copyright (c) 1999 Niklas Hallqvist.
     24  1.1  jonathan  * Copyright (c) 2001, Angelos D. Keromytis.
     25  1.1  jonathan  *
     26  1.1  jonathan  * Permission to use, copy, and modify this software with or without fee
     27  1.1  jonathan  * is hereby granted, provided that this entire notice is included in
     28  1.1  jonathan  * all copies of any software which is or includes a copy or
     29  1.1  jonathan  * modification of this software.
     30  1.1  jonathan  * You may use this code under the GNU public license if you so wish. Please
     31  1.1  jonathan  * contribute changes back to the authors under this freer than GPL license
     32  1.1  jonathan  * so that we may further the use of strong encryption without limitations to
     33  1.1  jonathan  * all.
     34  1.1  jonathan  *
     35  1.1  jonathan  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
     36  1.1  jonathan  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
     37  1.1  jonathan  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
     38  1.1  jonathan  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
     39  1.1  jonathan  * PURPOSE.
     40  1.1  jonathan  */
     41  1.1  jonathan 
     42  1.1  jonathan #ifndef _NETIPSEC_XFORM_H_
     43  1.1  jonathan #define _NETIPSEC_XFORM_H_
     44  1.1  jonathan 
     45  1.1  jonathan #include <sys/types.h>
     46  1.1  jonathan #include <netinet/in.h>
     47  1.1  jonathan #include <opencrypto/xform.h>
     48  1.1  jonathan 
     49  1.1  jonathan #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
     50  1.1  jonathan #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
     51  1.1  jonathan 
     52  1.1  jonathan /*
     53  1.1  jonathan  * Packet tag assigned on completion of IPsec processing; used
     54  1.1  jonathan  * to speedup processing when/if the packet comes back for more
     55  1.1  jonathan  * processing.
     56  1.1  jonathan  */
     57  1.1  jonathan struct tdb_ident {
     58  1.1  jonathan 	u_int32_t spi;
     59  1.1  jonathan 	union sockaddr_union dst;
     60  1.1  jonathan 	u_int8_t proto;
     61  1.1  jonathan };
     62  1.1  jonathan 
     63  1.1  jonathan /*
     64  1.1  jonathan  * Opaque data structure hung off a crypto operation descriptor.
     65  1.1  jonathan  */
     66  1.1  jonathan struct tdb_crypto {
     67  1.1  jonathan 	struct ipsecrequest	*tc_isr;	/* ipsec request state */
     68  1.1  jonathan 	u_int32_t		tc_spi;		/* associated SPI */
     69  1.1  jonathan 	union sockaddr_union	tc_dst;		/* dst addr of packet */
     70  1.1  jonathan 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
     71  1.1  jonathan 	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
     72  1.1  jonathan 	int			tc_protoff;	/* current protocol offset */
     73  1.1  jonathan 	int			tc_skip;	/* data offset */
     74  1.1  jonathan 	caddr_t			tc_ptr;		/* associated crypto data */
     75  1.1  jonathan };
     76  1.1  jonathan 
     77  1.1  jonathan struct secasvar;
     78  1.1  jonathan struct ipescrequest;
     79  1.1  jonathan 
     80  1.1  jonathan struct xformsw {
     81  1.1  jonathan 	u_short	xf_type;		/* xform ID */
     82  1.1  jonathan #define	XF_IP4		1	/* IP inside IP */
     83  1.1  jonathan #define	XF_AH		2	/* AH */
     84  1.1  jonathan #define	XF_ESP		3	/* ESP */
     85  1.1  jonathan #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
     86  1.1  jonathan #define	XF_IPCOMP	6	/* IPCOMP */
     87  1.1  jonathan 	u_short	xf_flags;
     88  1.1  jonathan #define	XFT_AUTH	0x0001
     89  1.1  jonathan #define	XFT_CONF	0x0100
     90  1.1  jonathan #define	XFT_COMP	0x1000
     91  1.1  jonathan 	char	*xf_name;			/* human-readable name */
     92  1.1  jonathan 	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
     93  1.1  jonathan 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
     94  1.1  jonathan 	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
     95  1.1  jonathan 			int, int);
     96  1.1  jonathan 	int	(*xf_output)(struct mbuf*,	       		/* output */
     97  1.1  jonathan 			struct ipsecrequest *, struct mbuf **, int, int);
     98  1.1  jonathan 	struct xformsw *xf_next;		/* list of registered xforms */
     99  1.1  jonathan };
    100  1.1  jonathan 
    101  1.1  jonathan #ifdef _KERNEL
    102  1.1  jonathan extern void xform_register(struct xformsw*);
    103  1.1  jonathan extern int xform_init(struct secasvar *sav, int xftype);
    104  1.1  jonathan 
    105  1.1  jonathan struct cryptoini;
    106  1.1  jonathan 
    107  1.1  jonathan /* XF_IP4 */
    108  1.1  jonathan extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
    109  1.1  jonathan extern	void ip4_input(struct mbuf *m, ...);
    110  1.1  jonathan extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
    111  1.1  jonathan 			struct mbuf **, int, int);
    112  1.1  jonathan 
    113  1.1  jonathan /* XF_AH */
    114  1.1  jonathan extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
    115  1.1  jonathan extern int ah_zeroize(struct secasvar *sav);
    116  1.1  jonathan extern struct auth_hash *ah_algorithm_lookup(int alg);
    117  1.1  jonathan extern size_t ah_hdrsiz(struct secasvar *);
    118  1.1  jonathan 
    119  1.1  jonathan /* XF_ESP */
    120  1.1  jonathan extern struct enc_xform *esp_algorithm_lookup(int alg);
    121  1.1  jonathan extern size_t esp_hdrsiz(struct secasvar *sav);
    122  1.1  jonathan 
    123  1.1  jonathan /* XF_COMP */
    124  1.1  jonathan extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
    125  1.1  jonathan 
    126  1.1  jonathan #endif /* _KERNEL */
    127  1.1  jonathan #endif /* _NETIPSEC_XFORM_H_ */
    128