1 | /* $FreeBSD$ */ |
---|
2 | /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ |
---|
3 | /*- |
---|
4 | * The authors of this code are John Ioannidis (ji@tla.org), |
---|
5 | * Angelos D. Keromytis (kermit@csd.uch.gr), |
---|
6 | * Niels Provos (provos@physnet.uni-hamburg.de) and |
---|
7 | * Niklas Hallqvist (niklas@appli.se). |
---|
8 | * |
---|
9 | * The original version of this code was written by John Ioannidis |
---|
10 | * for BSD/OS in Athens, Greece, in November 1995. |
---|
11 | * |
---|
12 | * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, |
---|
13 | * by Angelos D. Keromytis. |
---|
14 | * |
---|
15 | * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis |
---|
16 | * and Niels Provos. |
---|
17 | * |
---|
18 | * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. |
---|
19 | * |
---|
20 | * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, |
---|
21 | * Angelos D. Keromytis and Niels Provos. |
---|
22 | * Copyright (c) 1999 Niklas Hallqvist. |
---|
23 | * Copyright (c) 2001, Angelos D. Keromytis. |
---|
24 | * |
---|
25 | * Permission to use, copy, and modify this software with or without fee |
---|
26 | * is hereby granted, provided that this entire notice is included in |
---|
27 | * all copies of any software which is or includes a copy or |
---|
28 | * modification of this software. |
---|
29 | * You may use this code under the GNU public license if you so wish. Please |
---|
30 | * contribute changes back to the authors under this freer than GPL license |
---|
31 | * so that we may further the use of strong encryption without limitations to |
---|
32 | * all. |
---|
33 | * |
---|
34 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
---|
35 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
---|
36 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
---|
37 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
---|
38 | * PURPOSE. |
---|
39 | */ |
---|
40 | |
---|
41 | #ifndef _NETIPSEC_XFORM_H_ |
---|
42 | #define _NETIPSEC_XFORM_H_ |
---|
43 | |
---|
44 | #include <rtems/bsd/sys/types.h> |
---|
45 | #include <netinet/in.h> |
---|
46 | #include <opencrypto/xform.h> |
---|
47 | |
---|
48 | #define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ |
---|
49 | #define AH_HMAC_MAXHASHLEN (SHA2_512_HASH_LEN/2) /* Keep this updated */ |
---|
50 | #define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ |
---|
51 | |
---|
52 | /* |
---|
53 | * Packet tag assigned on completion of IPsec processing; used |
---|
54 | * to speedup processing when/if the packet comes back for more |
---|
55 | * processing. |
---|
56 | */ |
---|
57 | struct tdb_ident { |
---|
58 | u_int32_t spi; |
---|
59 | union sockaddr_union dst; |
---|
60 | u_int8_t proto; |
---|
61 | /* Cache those two for enc(4) in xform_ipip. */ |
---|
62 | u_int8_t alg_auth; |
---|
63 | u_int8_t alg_enc; |
---|
64 | }; |
---|
65 | |
---|
66 | /* |
---|
67 | * Opaque data structure hung off a crypto operation descriptor. |
---|
68 | */ |
---|
69 | struct tdb_crypto { |
---|
70 | struct ipsecrequest *tc_isr; /* ipsec request state */ |
---|
71 | u_int32_t tc_spi; /* associated SPI */ |
---|
72 | union sockaddr_union tc_dst; /* dst addr of packet */ |
---|
73 | u_int8_t tc_proto; /* current protocol, e.g. AH */ |
---|
74 | u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ |
---|
75 | int tc_protoff; /* current protocol offset */ |
---|
76 | int tc_skip; /* data offset */ |
---|
77 | caddr_t tc_ptr; /* associated crypto data */ |
---|
78 | struct secasvar *tc_sav; /* related SA */ |
---|
79 | }; |
---|
80 | |
---|
81 | struct secasvar; |
---|
82 | struct ipescrequest; |
---|
83 | |
---|
84 | struct xformsw { |
---|
85 | u_short xf_type; /* xform ID */ |
---|
86 | #define XF_IP4 1 /* IP inside IP */ |
---|
87 | #define XF_AH 2 /* AH */ |
---|
88 | #define XF_ESP 3 /* ESP */ |
---|
89 | #define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ |
---|
90 | #define XF_IPCOMP 6 /* IPCOMP */ |
---|
91 | u_short xf_flags; |
---|
92 | #define XFT_AUTH 0x0001 |
---|
93 | #define XFT_CONF 0x0100 |
---|
94 | #define XFT_COMP 0x1000 |
---|
95 | char *xf_name; /* human-readable name */ |
---|
96 | int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ |
---|
97 | int (*xf_zeroize)(struct secasvar*); /* cleanup */ |
---|
98 | int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ |
---|
99 | int, int); |
---|
100 | int (*xf_output)(struct mbuf*, /* output */ |
---|
101 | struct ipsecrequest *, struct mbuf **, int, int); |
---|
102 | struct xformsw *xf_next; /* list of registered xforms */ |
---|
103 | }; |
---|
104 | |
---|
105 | #ifdef _KERNEL |
---|
106 | extern void xform_register(struct xformsw*); |
---|
107 | extern int xform_init(struct secasvar *sav, int xftype); |
---|
108 | |
---|
109 | struct cryptoini; |
---|
110 | |
---|
111 | /* XF_IP4 */ |
---|
112 | extern int ip4_input6(struct mbuf **m, int *offp, int proto); |
---|
113 | extern void ip4_input(struct mbuf *m, int); |
---|
114 | extern int ipip_output(struct mbuf *, struct ipsecrequest *, |
---|
115 | struct mbuf **, int, int); |
---|
116 | |
---|
117 | /* XF_AH */ |
---|
118 | extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); |
---|
119 | extern int ah_zeroize(struct secasvar *sav); |
---|
120 | extern struct auth_hash *ah_algorithm_lookup(int alg); |
---|
121 | extern size_t ah_hdrsiz(struct secasvar *); |
---|
122 | |
---|
123 | /* XF_ESP */ |
---|
124 | extern struct enc_xform *esp_algorithm_lookup(int alg); |
---|
125 | extern size_t esp_hdrsiz(struct secasvar *sav); |
---|
126 | |
---|
127 | /* XF_COMP */ |
---|
128 | extern struct comp_algo *ipcomp_algorithm_lookup(int alg); |
---|
129 | |
---|
130 | #endif /* _KERNEL */ |
---|
131 | #endif /* _NETIPSEC_XFORM_H_ */ |
---|