xform.h revision 218794
155714Skris/* $FreeBSD: head/sys/netipsec/xform.h 218794 2011-02-18 09:40:13Z vanhu $ */ 255714Skris/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ 355714Skris/*- 455714Skris * The authors of this code are John Ioannidis (ji@tla.org), 555714Skris * Angelos D. Keromytis (kermit@csd.uch.gr), 655714Skris * Niels Provos (provos@physnet.uni-hamburg.de) and 755714Skris * Niklas Hallqvist (niklas@appli.se). 8167612Ssimon * 9162911Ssimon * The original version of this code was written by John Ioannidis 10167612Ssimon * for BSD/OS in Athens, Greece, in November 1995. 11167612Ssimon * 12167612Ssimon * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 13167612Ssimon * by Angelos D. Keromytis. 14167612Ssimon * 15162911Ssimon * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 16162911Ssimon * and Niels Provos. 17162911Ssimon * 18162911Ssimon * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. 19162911Ssimon * 20162911Ssimon * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 21162911Ssimon * Angelos D. Keromytis and Niels Provos. 22162911Ssimon * Copyright (c) 1999 Niklas Hallqvist. 23162911Ssimon * Copyright (c) 2001, Angelos D. Keromytis. 24160814Ssimon * 25160814Ssimon * Permission to use, copy, and modify this software with or without fee 26160814Ssimon * is hereby granted, provided that this entire notice is included in 27160814Ssimon * all copies of any software which is or includes a copy or 28160814Ssimon * modification of this software. 29160814Ssimon * You may use this code under the GNU public license if you so wish. Please 30160814Ssimon * contribute changes back to the authors under this freer than GPL license 31160814Ssimon * so that we may further the use of strong encryption without limitations to 32160814Ssimon * all. 33160814Ssimon * 34160814Ssimon * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 35160814Ssimon * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 36162911Ssimon * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 37160814Ssimon * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 38160814Ssimon * PURPOSE. 39160814Ssimon */ 40160814Ssimon 41160814Ssimon#ifndef _NETIPSEC_XFORM_H_ 42160814Ssimon#define _NETIPSEC_XFORM_H_ 43160814Ssimon 44160814Ssimon#include <sys/types.h> 45160814Ssimon#include <netinet/in.h> 46160814Ssimon#include <opencrypto/xform.h> 47160814Ssimon 48160814Ssimon#define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ 49160814Ssimon#define AH_HMAC_MAXHASHLEN (SHA2_512_HASH_LEN/2) /* Keep this updated */ 50160814Ssimon#define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ 51160814Ssimon 52160814Ssimon/* 53160814Ssimon * Packet tag assigned on completion of IPsec processing; used 54160814Ssimon * to speedup processing when/if the packet comes back for more 55160814Ssimon * processing. 56160814Ssimon */ 57160814Ssimonstruct tdb_ident { 58160814Ssimon u_int32_t spi; 59160814Ssimon union sockaddr_union dst; 60160814Ssimon u_int8_t proto; 61160814Ssimon /* Cache those two for enc(4) in xform_ipip. */ 62160814Ssimon u_int8_t alg_auth; 63160814Ssimon u_int8_t alg_enc; 64160814Ssimon}; 65160814Ssimon 66160814Ssimon/* 67160814Ssimon * Opaque data structure hung off a crypto operation descriptor. 68160814Ssimon */ 69160814Ssimonstruct tdb_crypto { 70160814Ssimon struct ipsecrequest *tc_isr; /* ipsec request state */ 71160814Ssimon u_int32_t tc_spi; /* associated SPI */ 72160814Ssimon union sockaddr_union tc_dst; /* dst addr of packet */ 73160814Ssimon u_int8_t tc_proto; /* current protocol, e.g. AH */ 74160814Ssimon u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ 75160814Ssimon int tc_protoff; /* current protocol offset */ 76160814Ssimon int tc_skip; /* data offset */ 77160814Ssimon caddr_t tc_ptr; /* associated crypto data */ 78160814Ssimon}; 79160814Ssimon 80160814Ssimonstruct secasvar; 81160814Ssimonstruct ipescrequest; 82160814Ssimon 83160814Ssimonstruct xformsw { 84160814Ssimon u_short xf_type; /* xform ID */ 85160814Ssimon#define XF_IP4 1 /* IP inside IP */ 86160814Ssimon#define XF_AH 2 /* AH */ 87160814Ssimon#define XF_ESP 3 /* ESP */ 88160814Ssimon#define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ 89160814Ssimon#define XF_IPCOMP 6 /* IPCOMP */ 90160814Ssimon u_short xf_flags; 91160814Ssimon#define XFT_AUTH 0x0001 92160814Ssimon#define XFT_CONF 0x0100 93160814Ssimon#define XFT_COMP 0x1000 94160814Ssimon char *xf_name; /* human-readable name */ 95160814Ssimon int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ 96160814Ssimon int (*xf_zeroize)(struct secasvar*); /* cleanup */ 97160814Ssimon int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ 98160814Ssimon int, int); 99160814Ssimon int (*xf_output)(struct mbuf*, /* output */ 100160814Ssimon struct ipsecrequest *, struct mbuf **, int, int); 101160814Ssimon struct xformsw *xf_next; /* list of registered xforms */ 102160814Ssimon}; 103160814Ssimon 104160814Ssimon#ifdef _KERNEL 105160814Ssimonextern void xform_register(struct xformsw*); 106160814Ssimonextern int xform_init(struct secasvar *sav, int xftype); 107160814Ssimon 108160814Ssimonstruct cryptoini; 109160814Ssimon 110160814Ssimon/* XF_IP4 */ 111160814Ssimonextern int ip4_input6(struct mbuf **m, int *offp, int proto); 112160814Ssimonextern void ip4_input(struct mbuf *m, int); 113167612Ssimonextern int ipip_output(struct mbuf *, struct ipsecrequest *, 114167612Ssimon struct mbuf **, int, int); 115167612Ssimon 116167612Ssimon/* XF_AH */ 117167612Ssimonextern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); 118162911Ssimonextern int ah_zeroize(struct secasvar *sav); 119162911Ssimonextern struct auth_hash *ah_algorithm_lookup(int alg); 120162911Ssimonextern size_t ah_hdrsiz(struct secasvar *); 121162911Ssimon 122160814Ssimon/* XF_ESP */ 123160814Ssimonextern struct enc_xform *esp_algorithm_lookup(int alg); 124160814Ssimonextern size_t esp_hdrsiz(struct secasvar *sav); 125160814Ssimon 126160814Ssimon/* XF_COMP */ 127160814Ssimonextern struct comp_algo *ipcomp_algorithm_lookup(int alg); 128160814Ssimon 129160814Ssimon#endif /* _KERNEL */ 130160814Ssimon#endif /* _NETIPSEC_XFORM_H_ */ 131160814Ssimon