Home | History | Annotate | Line # | Download | only in netipsec
xform.h revision 1.4.70.1 
      1  1.4.70.1    jruoho /*	$NetBSD: xform.h,v 1.4.70.1 2011/06/06 09:10:01 jruoho Exp $	*/
      2       1.1  jonathan /*	$FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
      3       1.1  jonathan /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
      4       1.1  jonathan /*
      5       1.1  jonathan  * The authors of this code are John Ioannidis (ji (at) tla.org),
      6       1.1  jonathan  * Angelos D. Keromytis (kermit (at) csd.uch.gr),
      7       1.1  jonathan  * Niels Provos (provos (at) physnet.uni-hamburg.de) and
      8       1.1  jonathan  * Niklas Hallqvist (niklas (at) appli.se).
      9       1.1  jonathan  *
     10       1.1  jonathan  * The original version of this code was written by John Ioannidis
     11       1.1  jonathan  * for BSD/OS in Athens, Greece, in November 1995.
     12       1.1  jonathan  *
     13       1.1  jonathan  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
     14       1.1  jonathan  * by Angelos D. Keromytis.
     15       1.1  jonathan  *
     16       1.1  jonathan  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
     17       1.1  jonathan  * and Niels Provos.
     18       1.1  jonathan  *
     19       1.1  jonathan  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
     20       1.1  jonathan  *
     21       1.1  jonathan  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
     22       1.1  jonathan  * Angelos D. Keromytis and Niels Provos.
     23       1.1  jonathan  * Copyright (c) 1999 Niklas Hallqvist.
     24       1.1  jonathan  * Copyright (c) 2001, Angelos D. Keromytis.
     25       1.1  jonathan  *
     26       1.1  jonathan  * Permission to use, copy, and modify this software with or without fee
     27       1.1  jonathan  * is hereby granted, provided that this entire notice is included in
     28       1.1  jonathan  * all copies of any software which is or includes a copy or
     29       1.1  jonathan  * modification of this software.
     30       1.1  jonathan  * You may use this code under the GNU public license if you so wish. Please
     31       1.1  jonathan  * contribute changes back to the authors under this freer than GPL license
     32       1.1  jonathan  * so that we may further the use of strong encryption without limitations to
     33       1.1  jonathan  * all.
     34       1.1  jonathan  *
     35       1.1  jonathan  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
     36       1.1  jonathan  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
     37       1.1  jonathan  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
     38       1.1  jonathan  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
     39       1.1  jonathan  * PURPOSE.
     40       1.1  jonathan  */
     41       1.1  jonathan 
     42       1.1  jonathan #ifndef _NETIPSEC_XFORM_H_
     43       1.1  jonathan #define _NETIPSEC_XFORM_H_
     44       1.1  jonathan 
     45       1.1  jonathan #include <sys/types.h>
     46       1.1  jonathan #include <netinet/in.h>
     47       1.1  jonathan #include <opencrypto/xform.h>
     48       1.1  jonathan 
     49       1.1  jonathan #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
     50       1.1  jonathan 
     51       1.1  jonathan /*
     52       1.1  jonathan  * Packet tag assigned on completion of IPsec processing; used
     53       1.1  jonathan  * to speedup processing when/if the packet comes back for more
     54       1.1  jonathan  * processing.
     55       1.1  jonathan  */
     56       1.1  jonathan struct tdb_ident {
     57       1.1  jonathan 	u_int32_t spi;
     58       1.1  jonathan 	union sockaddr_union dst;
     59       1.1  jonathan 	u_int8_t proto;
     60       1.1  jonathan };
     61       1.1  jonathan 
     62       1.1  jonathan /*
     63       1.1  jonathan  * Opaque data structure hung off a crypto operation descriptor.
     64       1.1  jonathan  */
     65       1.1  jonathan struct tdb_crypto {
     66       1.1  jonathan 	struct ipsecrequest	*tc_isr;	/* ipsec request state */
     67       1.1  jonathan 	u_int32_t		tc_spi;		/* associated SPI */
     68       1.1  jonathan 	union sockaddr_union	tc_dst;		/* dst addr of packet */
     69       1.1  jonathan 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
     70       1.1  jonathan 	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
     71       1.1  jonathan 	int			tc_protoff;	/* current protocol offset */
     72       1.1  jonathan 	int			tc_skip;	/* data offset */
     73       1.4  christos 	void *			tc_ptr;		/* associated crypto data */
     74       1.1  jonathan };
     75       1.1  jonathan 
     76       1.1  jonathan struct secasvar;
     77       1.1  jonathan struct ipescrequest;
     78       1.1  jonathan 
     79       1.1  jonathan struct xformsw {
     80       1.1  jonathan 	u_short	xf_type;		/* xform ID */
     81       1.1  jonathan #define	XF_IP4		1	/* IP inside IP */
     82       1.1  jonathan #define	XF_AH		2	/* AH */
     83       1.1  jonathan #define	XF_ESP		3	/* ESP */
     84       1.1  jonathan #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
     85       1.1  jonathan #define	XF_IPCOMP	6	/* IPCOMP */
     86       1.1  jonathan 	u_short	xf_flags;
     87       1.1  jonathan #define	XFT_AUTH	0x0001
     88       1.1  jonathan #define	XFT_CONF	0x0100
     89       1.1  jonathan #define	XFT_COMP	0x1000
     90       1.2  christos 	const char	*xf_name;		/* human-readable name */
     91  1.4.70.1    jruoho 	int	(*xf_init)(struct secasvar*, const struct xformsw*);/* setup */
     92       1.1  jonathan 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
     93  1.4.70.1    jruoho 	int	(*xf_input)(struct mbuf*, const struct secasvar*, /* input */
     94       1.1  jonathan 			int, int);
     95       1.1  jonathan 	int	(*xf_output)(struct mbuf*,	       		/* output */
     96       1.1  jonathan 			struct ipsecrequest *, struct mbuf **, int, int);
     97       1.1  jonathan 	struct xformsw *xf_next;		/* list of registered xforms */
     98       1.1  jonathan };
     99       1.1  jonathan 
    100       1.1  jonathan #ifdef _KERNEL
    101       1.1  jonathan extern void xform_register(struct xformsw*);
    102       1.1  jonathan extern int xform_init(struct secasvar *sav, int xftype);
    103       1.1  jonathan 
    104       1.1  jonathan struct cryptoini;
    105       1.1  jonathan 
    106       1.1  jonathan /* XF_IP4 */
    107       1.1  jonathan extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
    108       1.1  jonathan extern	void ip4_input(struct mbuf *m, ...);
    109       1.1  jonathan extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
    110       1.1  jonathan 			struct mbuf **, int, int);
    111       1.1  jonathan 
    112       1.1  jonathan /* XF_AH */
    113  1.4.70.1    jruoho extern int ah_init0(struct secasvar *, const struct xformsw *,
    114  1.4.70.1    jruoho 		    struct cryptoini *);
    115       1.1  jonathan extern int ah_zeroize(struct secasvar *sav);
    116  1.4.70.1    jruoho extern const struct auth_hash *ah_algorithm_lookup(int alg);
    117  1.4.70.1    jruoho extern size_t ah_hdrsiz(const struct secasvar *);
    118       1.1  jonathan 
    119       1.1  jonathan /* XF_ESP */
    120  1.4.70.1    jruoho extern const struct enc_xform *esp_algorithm_lookup(int alg);
    121  1.4.70.1    jruoho extern size_t esp_hdrsiz(const struct secasvar *sav);
    122       1.1  jonathan 
    123       1.1  jonathan /* XF_COMP */
    124  1.4.70.1    jruoho extern const struct comp_algo *ipcomp_algorithm_lookup(int alg);
    125       1.1  jonathan 
    126       1.1  jonathan #endif /* _KERNEL */
    127       1.3      elad #endif /* !_NETIPSEC_XFORM_H_ */
    128