source: rtems-libbsd/freebsd/sys/netipsec/xform.h @ af5333e

4.1155-freebsd-126-freebsd-12freebsd-9.3
Last change on this file since af5333e was af5333e, checked in by Sebastian Huber <sebastian.huber@…>, on 11/04/13 at 10:33:00

Update to FreeBSD 8.4
  • Property mode set to 100644
File size: 4.3 KB
Line 
1/*      $FreeBSD$       */
2/*      $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $   */
3/*-
4 * The authors of this code are John Ioannidis (ji@tla.org),
5 * Angelos D. Keromytis (kermit@csd.uch.gr),
6 * Niels Provos (provos@physnet.uni-hamburg.de) and
7 * Niklas Hallqvist (niklas@appli.se).
8 *
9 * The original version of this code was written by John Ioannidis
10 * for BSD/OS in Athens, Greece, in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 *
20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
22 * Copyright (c) 1999 Niklas Hallqvist.
23 * Copyright (c) 2001, Angelos D. Keromytis.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41#ifndef _NETIPSEC_XFORM_H_
42#define _NETIPSEC_XFORM_H_
43
44#include <rtems/bsd/sys/types.h>
45#include <netinet/in.h>
46#include <opencrypto/xform.h>
47
48#define AH_HMAC_HASHLEN         12      /* 96 bits of authenticator */
49#define AH_HMAC_MAXHASHLEN      (SHA2_512_HASH_LEN/2)   /* Keep this updated */
50#define AH_HMAC_INITIAL_RPL     1       /* replay counter initial value */
51
52/*
53 * Packet tag assigned on completion of IPsec processing; used
54 * to speedup processing when/if the packet comes back for more
55 * processing.
56 */
57struct tdb_ident {
58        u_int32_t spi;
59        union sockaddr_union dst;
60        u_int8_t proto;
61        /* Cache those two for enc(4) in xform_ipip. */
62        u_int8_t alg_auth;
63        u_int8_t alg_enc;
64};
65
66/*
67 * Opaque data structure hung off a crypto operation descriptor.
68 */
69struct tdb_crypto {
70        struct ipsecrequest     *tc_isr;        /* ipsec request state */
71        u_int32_t               tc_spi;         /* associated SPI */
72        union sockaddr_union    tc_dst;         /* dst addr of packet */
73        u_int8_t                tc_proto;       /* current protocol, e.g. AH */
74        u_int8_t                tc_nxt;         /* next protocol, e.g. IPV4 */
75        int                     tc_protoff;     /* current protocol offset */
76        int                     tc_skip;        /* data offset */
77        caddr_t                 tc_ptr;         /* associated crypto data */
78        struct secasvar         *tc_sav;        /* related SA */
79};
80
81struct secasvar;
82struct ipescrequest;
83
84struct xformsw {
85        u_short xf_type;                /* xform ID */
86#define XF_IP4          1       /* IP inside IP */
87#define XF_AH           2       /* AH */
88#define XF_ESP          3       /* ESP */
89#define XF_TCPSIGNATURE 5       /* TCP MD5 Signature option, RFC 2358 */
90#define XF_IPCOMP       6       /* IPCOMP */
91        u_short xf_flags;
92#define XFT_AUTH        0x0001
93#define XFT_CONF        0x0100
94#define XFT_COMP        0x1000
95        char    *xf_name;                       /* human-readable name */
96        int     (*xf_init)(struct secasvar*, struct xformsw*);  /* setup */
97        int     (*xf_zeroize)(struct secasvar*);                /* cleanup */
98        int     (*xf_input)(struct mbuf*, struct secasvar*,     /* input */
99                        int, int);
100        int     (*xf_output)(struct mbuf*,                      /* output */
101                        struct ipsecrequest *, struct mbuf **, int, int);
102        struct xformsw *xf_next;                /* list of registered xforms */
103};
104
105#ifdef _KERNEL
106extern void xform_register(struct xformsw*);
107extern int xform_init(struct secasvar *sav, int xftype);
108
109struct cryptoini;
110
111/* XF_IP4 */
112extern  int ip4_input6(struct mbuf **m, int *offp, int proto);
113extern  void ip4_input(struct mbuf *m, int);
114extern  int ipip_output(struct mbuf *, struct ipsecrequest *,
115                        struct mbuf **, int, int);
116
117/* XF_AH */
118extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
119extern int ah_zeroize(struct secasvar *sav);
120extern struct auth_hash *ah_algorithm_lookup(int alg);
121extern size_t ah_hdrsiz(struct secasvar *);
122
123/* XF_ESP */
124extern struct enc_xform *esp_algorithm_lookup(int alg);
125extern size_t esp_hdrsiz(struct secasvar *sav);
126
127/* XF_COMP */
128extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
129
130#endif /* _KERNEL */
131#endif /* _NETIPSEC_XFORM_H_ */
Note: See TracBrowser for help on using the repository browser.