| 1 | /* $NetBSD: xform.h,v 1.8 2016/01/26 06:00:10 knakahara Exp $ */ |
| 2 | /* $FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ |
| 3 | /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ |
| 4 | /* |
| 5 | * The authors of this code are John Ioannidis (ji@tla.org), |
| 6 | * Angelos D. Keromytis (kermit@csd.uch.gr), |
| 7 | * Niels Provos (provos@physnet.uni-hamburg.de) and |
| 8 | * Niklas Hallqvist (niklas@appli.se). |
| 9 | * |
| 10 | * The original version of this code was written by John Ioannidis |
| 11 | * for BSD/OS in Athens, Greece, in November 1995. |
| 12 | * |
| 13 | * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, |
| 14 | * by Angelos D. Keromytis. |
| 15 | * |
| 16 | * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis |
| 17 | * and Niels Provos. |
| 18 | * |
| 19 | * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. |
| 20 | * |
| 21 | * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, |
| 22 | * Angelos D. Keromytis and Niels Provos. |
| 23 | * Copyright (c) 1999 Niklas Hallqvist. |
| 24 | * Copyright (c) 2001, Angelos D. Keromytis. |
| 25 | * |
| 26 | * Permission to use, copy, and modify this software with or without fee |
| 27 | * is hereby granted, provided that this entire notice is included in |
| 28 | * all copies of any software which is or includes a copy or |
| 29 | * modification of this software. |
| 30 | * You may use this code under the GNU public license if you so wish. Please |
| 31 | * contribute changes back to the authors under this freer than GPL license |
| 32 | * so that we may further the use of strong encryption without limitations to |
| 33 | * all. |
| 34 | * |
| 35 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
| 36 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
| 37 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
| 38 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
| 39 | * PURPOSE. |
| 40 | */ |
| 41 | |
| 42 | #ifndef _NETIPSEC_XFORM_H_ |
| 43 | #define _NETIPSEC_XFORM_H_ |
| 44 | |
| 45 | #include <sys/types.h> |
| 46 | #include <netinet/in.h> |
| 47 | #include <opencrypto/xform.h> |
| 48 | |
| 49 | #define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ |
| 50 | |
| 51 | /* |
| 52 | * Packet tag assigned on completion of IPsec processing; used |
| 53 | * to speedup processing when/if the packet comes back for more |
| 54 | * processing. |
| 55 | */ |
| 56 | struct tdb_ident { |
| 57 | u_int32_t spi; |
| 58 | union sockaddr_union dst; |
| 59 | u_int8_t proto; |
| 60 | }; |
| 61 | |
| 62 | /* |
| 63 | * Opaque data structure hung off a crypto operation descriptor. |
| 64 | */ |
| 65 | struct tdb_crypto { |
| 66 | struct ipsecrequest *tc_isr; /* ipsec request state */ |
| 67 | u_int32_t tc_spi; /* associated SPI */ |
| 68 | union sockaddr_union tc_dst; /* dst addr of packet */ |
| 69 | u_int8_t tc_proto; /* current protocol, e.g. AH */ |
| 70 | u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ |
| 71 | int tc_protoff; /* current protocol offset */ |
| 72 | int tc_skip; /* data offset */ |
| 73 | void * tc_ptr; /* associated crypto data */ |
| 74 | }; |
| 75 | |
| 76 | struct secasvar; |
| 77 | struct ipescrequest; |
| 78 | |
| 79 | struct xformsw { |
| 80 | u_short xf_type; /* xform ID */ |
| 81 | #define XF_IP4 1 /* IP inside IP */ |
| 82 | #define XF_AH 2 /* AH */ |
| 83 | #define XF_ESP 3 /* ESP */ |
| 84 | #define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ |
| 85 | #define XF_IPCOMP 6 /* IPCOMP */ |
| 86 | u_short xf_flags; |
| 87 | #define XFT_AUTH 0x0001 |
| 88 | #define XFT_CONF 0x0100 |
| 89 | #define XFT_COMP 0x1000 |
| 90 | const char *xf_name; /* human-readable name */ |
| 91 | int (*xf_init)(struct secasvar*, const struct xformsw*);/* setup */ |
| 92 | int (*xf_zeroize)(struct secasvar*); /* cleanup */ |
| 93 | int (*xf_input)(struct mbuf*, const struct secasvar*, /* input */ |
| 94 | int, int); |
| 95 | int (*xf_output)(struct mbuf*, /* output */ |
| 96 | struct ipsecrequest *, struct mbuf **, int, int); |
| 97 | struct xformsw *xf_next; /* list of registered xforms */ |
| 98 | }; |
| 99 | |
| 100 | #ifdef _KERNEL |
| 101 | extern void xform_register(struct xformsw*); |
| 102 | extern int xform_init(struct secasvar *sav, int xftype); |
| 103 | |
| 104 | struct cryptoini; |
| 105 | |
| 106 | /* XF_IP4 */ |
| 107 | extern int ip4_input6(struct mbuf **m, int *offp, int proto); |
| 108 | extern void ip4_input(struct mbuf *m, int, int); |
| 109 | extern int ipip_output(struct mbuf *, struct ipsecrequest *, |
| 110 | struct mbuf **, int, int); |
| 111 | |
| 112 | /* XF_AH */ |
| 113 | extern int ah_init0(struct secasvar *, const struct xformsw *, |
| 114 | struct cryptoini *); |
| 115 | extern int ah_zeroize(struct secasvar *sav); |
| 116 | extern const struct auth_hash *ah_algorithm_lookup(int alg); |
| 117 | extern size_t ah_hdrsiz(const struct secasvar *); |
| 118 | |
| 119 | /* XF_ESP */ |
| 120 | extern const struct enc_xform *esp_algorithm_lookup(int alg); |
| 121 | extern size_t esp_hdrsiz(const struct secasvar *sav); |
| 122 | |
| 123 | /* XF_COMP */ |
| 124 | extern const struct comp_algo *ipcomp_algorithm_lookup(int alg); |
| 125 | |
| 126 | #endif /* _KERNEL */ |
| 127 | #endif /* !_NETIPSEC_XFORM_H_ */ |
| 128 | |