xform.h revision 157306 
1/*	$FreeBSD: head/sys/netipsec/xform.h 157306 2006-03-30 18:57:04Z bz $	*/
2/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
3/*-
4 * The authors of this code are John Ioannidis (ji@tla.org),
5 * Angelos D. Keromytis (kermit@csd.uch.gr),
6 * Niels Provos (provos@physnet.uni-hamburg.de) and
7 * Niklas Hallqvist (niklas@appli.se).
8 *
9 * The original version of this code was written by John Ioannidis
10 * for BSD/OS in Athens, Greece, in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 *
20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
22 * Copyright (c) 1999 Niklas Hallqvist.
23 * Copyright (c) 2001, Angelos D. Keromytis.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41#ifndef _NETIPSEC_XFORM_H_
42#define _NETIPSEC_XFORM_H_
43
44#include <sys/types.h>
45#include <netinet/in.h>
46#include <opencrypto/xform.h>
47
48#define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
49#define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
50
51/*
52 * Packet tag assigned on completion of IPsec processing; used
53 * to speedup processing when/if the packet comes back for more
54 * processing.
55 */
56struct tdb_ident {
57	u_int32_t spi;
58	union sockaddr_union dst;
59	u_int8_t proto;
60};
61
62/*
63 * Opaque data structure hung off a crypto operation descriptor.
64 */
65struct tdb_crypto {
66	struct ipsecrequest	*tc_isr;	/* ipsec request state */
67	u_int32_t		tc_spi;		/* associated SPI */
68	union sockaddr_union	tc_dst;		/* dst addr of packet */
69	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
70	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
71	int			tc_protoff;	/* current protocol offset */
72	int			tc_skip;	/* data offset */
73	caddr_t			tc_ptr;		/* associated crypto data */
74};
75
76struct secasvar;
77struct ipescrequest;
78
79struct xformsw {
80	u_short	xf_type;		/* xform ID */
81#define	XF_IP4		1	/* IP inside IP */
82#define	XF_AH		2	/* AH */
83#define	XF_ESP		3	/* ESP */
84#define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
85#define	XF_IPCOMP	6	/* IPCOMP */
86	u_short	xf_flags;
87#define	XFT_AUTH	0x0001
88#define	XFT_CONF	0x0100
89#define	XFT_COMP	0x1000
90	char	*xf_name;			/* human-readable name */
91	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
92	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
93	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
94			int, int);
95	int	(*xf_output)(struct mbuf*,	       		/* output */
96			struct ipsecrequest *, struct mbuf **, int, int);
97	struct xformsw *xf_next;		/* list of registered xforms */
98};
99
100#ifdef _KERNEL
101extern void xform_register(struct xformsw*);
102extern int xform_init(struct secasvar *sav, int xftype);
103
104struct cryptoini;
105
106/* XF_IP4 */
107extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
108extern	void ip4_input(struct mbuf *m, int);
109extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
110			struct mbuf **, int, int);
111
112/* XF_AH */
113extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
114extern int ah_zeroize(struct secasvar *sav);
115extern struct auth_hash *ah_algorithm_lookup(int alg);
116extern size_t ah_hdrsiz(struct secasvar *);
117
118/* XF_ESP */
119extern struct enc_xform *esp_algorithm_lookup(int alg);
120extern size_t esp_hdrsiz(struct secasvar *sav);
121
122/* XF_COMP */
123extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
124
125#endif /* _KERNEL */
126#endif /* _NETIPSEC_XFORM_H_ */
127