Home | History | Annotate | Line # | Download | only in netipsec
xform.h revision 1.10 
      1  1.10     ozaki /*	$NetBSD: xform.h,v 1.10 2017/07/14 01:24:23 ozaki-r Exp $	*/
      2   1.1  jonathan /*	$FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
      3   1.1  jonathan /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
      4   1.1  jonathan /*
      5   1.1  jonathan  * The authors of this code are John Ioannidis (ji (at) tla.org),
      6   1.1  jonathan  * Angelos D. Keromytis (kermit (at) csd.uch.gr),
      7   1.1  jonathan  * Niels Provos (provos (at) physnet.uni-hamburg.de) and
      8   1.1  jonathan  * Niklas Hallqvist (niklas (at) appli.se).
      9   1.1  jonathan  *
     10   1.1  jonathan  * The original version of this code was written by John Ioannidis
     11   1.1  jonathan  * for BSD/OS in Athens, Greece, in November 1995.
     12   1.1  jonathan  *
     13   1.1  jonathan  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
     14   1.1  jonathan  * by Angelos D. Keromytis.
     15   1.1  jonathan  *
     16   1.1  jonathan  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
     17   1.1  jonathan  * and Niels Provos.
     18   1.1  jonathan  *
     19   1.1  jonathan  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
     20   1.1  jonathan  *
     21   1.1  jonathan  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
     22   1.1  jonathan  * Angelos D. Keromytis and Niels Provos.
     23   1.1  jonathan  * Copyright (c) 1999 Niklas Hallqvist.
     24   1.1  jonathan  * Copyright (c) 2001, Angelos D. Keromytis.
     25   1.1  jonathan  *
     26   1.1  jonathan  * Permission to use, copy, and modify this software with or without fee
     27   1.1  jonathan  * is hereby granted, provided that this entire notice is included in
     28   1.1  jonathan  * all copies of any software which is or includes a copy or
     29   1.1  jonathan  * modification of this software.
     30   1.1  jonathan  * You may use this code under the GNU public license if you so wish. Please
     31   1.1  jonathan  * contribute changes back to the authors under this freer than GPL license
     32   1.1  jonathan  * so that we may further the use of strong encryption without limitations to
     33   1.1  jonathan  * all.
     34   1.1  jonathan  *
     35   1.1  jonathan  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
     36   1.1  jonathan  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
     37   1.1  jonathan  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
     38   1.1  jonathan  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
     39   1.1  jonathan  * PURPOSE.
     40   1.1  jonathan  */
     41   1.1  jonathan 
     42   1.1  jonathan #ifndef _NETIPSEC_XFORM_H_
     43   1.1  jonathan #define _NETIPSEC_XFORM_H_
     44   1.1  jonathan 
     45   1.1  jonathan #include <sys/types.h>
     46   1.1  jonathan #include <netinet/in.h>
     47   1.1  jonathan #include <opencrypto/xform.h>
     48   1.1  jonathan 
     49   1.1  jonathan #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
     50   1.1  jonathan 
     51   1.1  jonathan /*
     52   1.1  jonathan  * Packet tag assigned on completion of IPsec processing; used
     53   1.1  jonathan  * to speedup processing when/if the packet comes back for more
     54   1.1  jonathan  * processing.
     55   1.1  jonathan  */
     56   1.1  jonathan struct tdb_ident {
     57   1.1  jonathan 	u_int32_t spi;
     58   1.1  jonathan 	union sockaddr_union dst;
     59   1.1  jonathan 	u_int8_t proto;
     60   1.1  jonathan };
     61   1.1  jonathan 
     62   1.1  jonathan /*
     63   1.1  jonathan  * Opaque data structure hung off a crypto operation descriptor.
     64   1.1  jonathan  */
     65  1.10     ozaki struct secasvar;
     66   1.1  jonathan struct tdb_crypto {
     67   1.1  jonathan 	struct ipsecrequest	*tc_isr;	/* ipsec request state */
     68   1.1  jonathan 	u_int32_t		tc_spi;		/* associated SPI */
     69   1.1  jonathan 	union sockaddr_union	tc_dst;		/* dst addr of packet */
     70   1.1  jonathan 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
     71   1.1  jonathan 	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
     72   1.1  jonathan 	int			tc_protoff;	/* current protocol offset */
     73   1.1  jonathan 	int			tc_skip;	/* data offset */
     74  1.10     ozaki 	struct secasvar		*tc_sav;	/* ipsec SA */
     75   1.1  jonathan };
     76   1.1  jonathan 
     77   1.1  jonathan struct ipescrequest;
     78   1.1  jonathan 
     79   1.1  jonathan struct xformsw {
     80   1.1  jonathan 	u_short	xf_type;		/* xform ID */
     81   1.1  jonathan #define	XF_IP4		1	/* IP inside IP */
     82   1.1  jonathan #define	XF_AH		2	/* AH */
     83   1.1  jonathan #define	XF_ESP		3	/* ESP */
     84   1.1  jonathan #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
     85   1.1  jonathan #define	XF_IPCOMP	6	/* IPCOMP */
     86   1.1  jonathan 	u_short	xf_flags;
     87   1.1  jonathan #define	XFT_AUTH	0x0001
     88   1.1  jonathan #define	XFT_CONF	0x0100
     89   1.1  jonathan #define	XFT_COMP	0x1000
     90   1.2  christos 	const char	*xf_name;		/* human-readable name */
     91   1.6  drochner 	int	(*xf_init)(struct secasvar*, const struct xformsw*);/* setup */
     92   1.1  jonathan 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
     93  1.10     ozaki 	int	(*xf_input)(struct mbuf*, struct secasvar*, /* input */
     94   1.1  jonathan 			int, int);
     95   1.1  jonathan 	int	(*xf_output)(struct mbuf*,	       		/* output */
     96   1.1  jonathan 			struct ipsecrequest *, struct mbuf **, int, int);
     97   1.1  jonathan 	struct xformsw *xf_next;		/* list of registered xforms */
     98   1.1  jonathan };
     99   1.1  jonathan 
    100   1.1  jonathan #ifdef _KERNEL
    101   1.1  jonathan extern void xform_register(struct xformsw*);
    102   1.1  jonathan extern int xform_init(struct secasvar *sav, int xftype);
    103   1.1  jonathan 
    104   1.1  jonathan struct cryptoini;
    105   1.1  jonathan 
    106   1.1  jonathan /* XF_IP4 */
    107   1.1  jonathan extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
    108   1.8  knakahar extern	void ip4_input(struct mbuf *m, int, int);
    109   1.1  jonathan extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
    110   1.1  jonathan 			struct mbuf **, int, int);
    111   1.1  jonathan 
    112   1.1  jonathan /* XF_AH */
    113   1.6  drochner extern int ah_init0(struct secasvar *, const struct xformsw *,
    114   1.6  drochner 		    struct cryptoini *);
    115   1.1  jonathan extern int ah_zeroize(struct secasvar *sav);
    116   1.6  drochner extern const struct auth_hash *ah_algorithm_lookup(int alg);
    117   1.6  drochner extern size_t ah_hdrsiz(const struct secasvar *);
    118   1.1  jonathan 
    119   1.1  jonathan /* XF_ESP */
    120   1.6  drochner extern const struct enc_xform *esp_algorithm_lookup(int alg);
    121   1.6  drochner extern size_t esp_hdrsiz(const struct secasvar *sav);
    122   1.1  jonathan 
    123   1.1  jonathan /* XF_COMP */
    124   1.6  drochner extern const struct comp_algo *ipcomp_algorithm_lookup(int alg);
    125   1.1  jonathan 
    126   1.1  jonathan #endif /* _KERNEL */
    127   1.3      elad #endif /* !_NETIPSEC_XFORM_H_ */
    128