Home | History | Annotate | Line # | Download | only in netipsec
xform.h revision 1.2.2.2 
      1  1.2.2.2      yamt /*	$NetBSD: xform.h,v 1.2.2.2 2007/09/03 14:43:47 yamt Exp $	*/
      2      1.1  jonathan /*	$FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
      3      1.1  jonathan /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
      4      1.1  jonathan /*
      5      1.1  jonathan  * The authors of this code are John Ioannidis (ji (at) tla.org),
      6      1.1  jonathan  * Angelos D. Keromytis (kermit (at) csd.uch.gr),
      7      1.1  jonathan  * Niels Provos (provos (at) physnet.uni-hamburg.de) and
      8      1.1  jonathan  * Niklas Hallqvist (niklas (at) appli.se).
      9      1.1  jonathan  *
     10      1.1  jonathan  * The original version of this code was written by John Ioannidis
     11      1.1  jonathan  * for BSD/OS in Athens, Greece, in November 1995.
     12      1.1  jonathan  *
     13      1.1  jonathan  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
     14      1.1  jonathan  * by Angelos D. Keromytis.
     15      1.1  jonathan  *
     16      1.1  jonathan  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
     17      1.1  jonathan  * and Niels Provos.
     18      1.1  jonathan  *
     19      1.1  jonathan  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
     20      1.1  jonathan  *
     21      1.1  jonathan  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
     22      1.1  jonathan  * Angelos D. Keromytis and Niels Provos.
     23      1.1  jonathan  * Copyright (c) 1999 Niklas Hallqvist.
     24      1.1  jonathan  * Copyright (c) 2001, Angelos D. Keromytis.
     25      1.1  jonathan  *
     26      1.1  jonathan  * Permission to use, copy, and modify this software with or without fee
     27      1.1  jonathan  * is hereby granted, provided that this entire notice is included in
     28      1.1  jonathan  * all copies of any software which is or includes a copy or
     29      1.1  jonathan  * modification of this software.
     30      1.1  jonathan  * You may use this code under the GNU public license if you so wish. Please
     31      1.1  jonathan  * contribute changes back to the authors under this freer than GPL license
     32      1.1  jonathan  * so that we may further the use of strong encryption without limitations to
     33      1.1  jonathan  * all.
     34      1.1  jonathan  *
     35      1.1  jonathan  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
     36      1.1  jonathan  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
     37      1.1  jonathan  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
     38      1.1  jonathan  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
     39      1.1  jonathan  * PURPOSE.
     40      1.1  jonathan  */
     41      1.1  jonathan 
     42      1.1  jonathan #ifndef _NETIPSEC_XFORM_H_
     43      1.1  jonathan #define _NETIPSEC_XFORM_H_
     44      1.1  jonathan 
     45      1.1  jonathan #include <sys/types.h>
     46      1.1  jonathan #include <netinet/in.h>
     47      1.1  jonathan #include <opencrypto/xform.h>
     48      1.1  jonathan 
     49      1.1  jonathan #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
     50      1.1  jonathan #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
     51      1.1  jonathan 
     52      1.1  jonathan /*
     53      1.1  jonathan  * Packet tag assigned on completion of IPsec processing; used
     54      1.1  jonathan  * to speedup processing when/if the packet comes back for more
     55      1.1  jonathan  * processing.
     56      1.1  jonathan  */
     57      1.1  jonathan struct tdb_ident {
     58      1.1  jonathan 	u_int32_t spi;
     59      1.1  jonathan 	union sockaddr_union dst;
     60      1.1  jonathan 	u_int8_t proto;
     61      1.1  jonathan };
     62      1.1  jonathan 
     63      1.1  jonathan /*
     64      1.1  jonathan  * Opaque data structure hung off a crypto operation descriptor.
     65      1.1  jonathan  */
     66      1.1  jonathan struct tdb_crypto {
     67      1.1  jonathan 	struct ipsecrequest	*tc_isr;	/* ipsec request state */
     68      1.1  jonathan 	u_int32_t		tc_spi;		/* associated SPI */
     69      1.1  jonathan 	union sockaddr_union	tc_dst;		/* dst addr of packet */
     70      1.1  jonathan 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
     71      1.1  jonathan 	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
     72      1.1  jonathan 	int			tc_protoff;	/* current protocol offset */
     73      1.1  jonathan 	int			tc_skip;	/* data offset */
     74  1.2.2.2      yamt 	void *			tc_ptr;		/* associated crypto data */
     75      1.1  jonathan };
     76      1.1  jonathan 
     77      1.1  jonathan struct secasvar;
     78      1.1  jonathan struct ipescrequest;
     79      1.1  jonathan 
     80      1.1  jonathan struct xformsw {
     81      1.1  jonathan 	u_short	xf_type;		/* xform ID */
     82      1.1  jonathan #define	XF_IP4		1	/* IP inside IP */
     83      1.1  jonathan #define	XF_AH		2	/* AH */
     84      1.1  jonathan #define	XF_ESP		3	/* ESP */
     85      1.1  jonathan #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
     86      1.1  jonathan #define	XF_IPCOMP	6	/* IPCOMP */
     87      1.1  jonathan 	u_short	xf_flags;
     88      1.1  jonathan #define	XFT_AUTH	0x0001
     89      1.1  jonathan #define	XFT_CONF	0x0100
     90      1.1  jonathan #define	XFT_COMP	0x1000
     91      1.2  christos 	const char	*xf_name;		/* human-readable name */
     92      1.1  jonathan 	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
     93      1.1  jonathan 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
     94      1.1  jonathan 	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
     95      1.1  jonathan 			int, int);
     96      1.1  jonathan 	int	(*xf_output)(struct mbuf*,	       		/* output */
     97      1.1  jonathan 			struct ipsecrequest *, struct mbuf **, int, int);
     98      1.1  jonathan 	struct xformsw *xf_next;		/* list of registered xforms */
     99      1.1  jonathan };
    100      1.1  jonathan 
    101      1.1  jonathan #ifdef _KERNEL
    102      1.1  jonathan extern void xform_register(struct xformsw*);
    103      1.1  jonathan extern int xform_init(struct secasvar *sav, int xftype);
    104      1.1  jonathan 
    105      1.1  jonathan struct cryptoini;
    106      1.1  jonathan 
    107      1.1  jonathan /* XF_IP4 */
    108      1.1  jonathan extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
    109      1.1  jonathan extern	void ip4_input(struct mbuf *m, ...);
    110      1.1  jonathan extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
    111      1.1  jonathan 			struct mbuf **, int, int);
    112      1.1  jonathan 
    113      1.1  jonathan /* XF_AH */
    114      1.1  jonathan extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
    115      1.1  jonathan extern int ah_zeroize(struct secasvar *sav);
    116      1.1  jonathan extern struct auth_hash *ah_algorithm_lookup(int alg);
    117      1.1  jonathan extern size_t ah_hdrsiz(struct secasvar *);
    118      1.1  jonathan 
    119      1.1  jonathan /* XF_ESP */
    120      1.1  jonathan extern struct enc_xform *esp_algorithm_lookup(int alg);
    121      1.1  jonathan extern size_t esp_hdrsiz(struct secasvar *sav);
    122      1.1  jonathan 
    123      1.1  jonathan /* XF_COMP */
    124      1.1  jonathan extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
    125      1.1  jonathan 
    126      1.1  jonathan #endif /* _KERNEL */
    127  1.2.2.1      yamt #endif /* !_NETIPSEC_XFORM_H_ */
    128