xform.h revision 174054 
1/*	$FreeBSD: head/sys/netipsec/xform.h 174054 2007-11-28 22:33:53Z bz $	*/
2/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
3/*-
4 * The authors of this code are John Ioannidis (ji@tla.org),
5 * Angelos D. Keromytis (kermit@csd.uch.gr),
6 * Niels Provos (provos@physnet.uni-hamburg.de) and
7 * Niklas Hallqvist (niklas@appli.se).
8 *
9 * The original version of this code was written by John Ioannidis
10 * for BSD/OS in Athens, Greece, in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 *
20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
22 * Copyright (c) 1999 Niklas Hallqvist.
23 * Copyright (c) 2001, Angelos D. Keromytis.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41#ifndef _NETIPSEC_XFORM_H_
42#define _NETIPSEC_XFORM_H_
43
44#include <sys/types.h>
45#include <netinet/in.h>
46#include <opencrypto/xform.h>
47
48#define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
49#define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
50
51/*
52 * Packet tag assigned on completion of IPsec processing; used
53 * to speedup processing when/if the packet comes back for more
54 * processing.
55 */
56struct tdb_ident {
57	u_int32_t spi;
58	union sockaddr_union dst;
59	u_int8_t proto;
60	/* Cache those two for enc(4) in xform_ipip. */
61	u_int8_t alg_auth;
62	u_int8_t alg_enc;
63};
64
65/*
66 * Opaque data structure hung off a crypto operation descriptor.
67 */
68struct tdb_crypto {
69	struct ipsecrequest	*tc_isr;	/* ipsec request state */
70	u_int32_t		tc_spi;		/* associated SPI */
71	union sockaddr_union	tc_dst;		/* dst addr of packet */
72	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
73	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
74	int			tc_protoff;	/* current protocol offset */
75	int			tc_skip;	/* data offset */
76	caddr_t			tc_ptr;		/* associated crypto data */
77};
78
79struct secasvar;
80struct ipescrequest;
81
82struct xformsw {
83	u_short	xf_type;		/* xform ID */
84#define	XF_IP4		1	/* IP inside IP */
85#define	XF_AH		2	/* AH */
86#define	XF_ESP		3	/* ESP */
87#define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
88#define	XF_IPCOMP	6	/* IPCOMP */
89	u_short	xf_flags;
90#define	XFT_AUTH	0x0001
91#define	XFT_CONF	0x0100
92#define	XFT_COMP	0x1000
93	char	*xf_name;			/* human-readable name */
94	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
95	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
96	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
97			int, int);
98	int	(*xf_output)(struct mbuf*,	       		/* output */
99			struct ipsecrequest *, struct mbuf **, int, int);
100	struct xformsw *xf_next;		/* list of registered xforms */
101};
102
103#ifdef _KERNEL
104extern void xform_register(struct xformsw*);
105extern int xform_init(struct secasvar *sav, int xftype);
106
107struct cryptoini;
108
109/* XF_IP4 */
110extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
111extern	void ip4_input(struct mbuf *m, int);
112extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
113			struct mbuf **, int, int);
114
115/* XF_AH */
116extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
117extern int ah_zeroize(struct secasvar *sav);
118extern struct auth_hash *ah_algorithm_lookup(int alg);
119extern size_t ah_hdrsiz(struct secasvar *);
120
121/* XF_ESP */
122extern struct enc_xform *esp_algorithm_lookup(int alg);
123extern size_t esp_hdrsiz(struct secasvar *sav);
124
125/* XF_COMP */
126extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
127
128#endif /* _KERNEL */
129#endif /* _NETIPSEC_XFORM_H_ */
130