sys/netipsec/xform.h

55714Skris/*	$FreeBSD: head/sys/netipsec/xform.h 218794 2011-02-18 09:40:13Z vanhu $	*/
55714Skris/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
55714Skris/*-
55714Skris * The authors of this code are John Ioannidis (ji@tla.org),
55714Skris * Angelos D. Keromytis (kermit@csd.uch.gr),
55714Skris * Niels Provos (provos@physnet.uni-hamburg.de) and
55714Skris * Niklas Hallqvist (niklas@appli.se).
167612Ssimon *
162911Ssimon * The original version of this code was written by John Ioannidis
167612Ssimon * for BSD/OS in Athens, Greece, in November 1995.
167612Ssimon *
167612Ssimon * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
167612Ssimon * by Angelos D. Keromytis.
167612Ssimon *
162911Ssimon * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
162911Ssimon * and Niels Provos.
162911Ssimon *
162911Ssimon * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
162911Ssimon *
162911Ssimon * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
162911Ssimon * Angelos D. Keromytis and Niels Provos.
162911Ssimon * Copyright (c) 1999 Niklas Hallqvist.
162911Ssimon * Copyright (c) 2001, Angelos D. Keromytis.
160814Ssimon *
160814Ssimon * Permission to use, copy, and modify this software with or without fee
160814Ssimon * is hereby granted, provided that this entire notice is included in
160814Ssimon * all copies of any software which is or includes a copy or
160814Ssimon * modification of this software.
160814Ssimon * You may use this code under the GNU public license if you so wish. Please
160814Ssimon * contribute changes back to the authors under this freer than GPL license
160814Ssimon * so that we may further the use of strong encryption without limitations to
160814Ssimon * all.
160814Ssimon *
160814Ssimon * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
160814Ssimon * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
162911Ssimon * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
160814Ssimon * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
160814Ssimon * PURPOSE.
160814Ssimon */
160814Ssimon
160814Ssimon#ifndef _NETIPSEC_XFORM_H_
160814Ssimon#define _NETIPSEC_XFORM_H_
160814Ssimon
160814Ssimon#include <sys/types.h>
160814Ssimon#include <netinet/in.h>
160814Ssimon#include <opencrypto/xform.h>
160814Ssimon
160814Ssimon#define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
160814Ssimon#define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
160814Ssimon#define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
160814Ssimon
160814Ssimon/*
160814Ssimon * Packet tag assigned on completion of IPsec processing; used
160814Ssimon * to speedup processing when/if the packet comes back for more
160814Ssimon * processing.
160814Ssimon */
160814Ssimonstruct tdb_ident {
160814Ssimon	u_int32_t spi;
160814Ssimon	union sockaddr_union dst;
160814Ssimon	u_int8_t proto;
160814Ssimon	/* Cache those two for enc(4) in xform_ipip. */
160814Ssimon	u_int8_t alg_auth;
160814Ssimon	u_int8_t alg_enc;
160814Ssimon};
160814Ssimon
160814Ssimon/*
160814Ssimon * Opaque data structure hung off a crypto operation descriptor.
160814Ssimon */
160814Ssimonstruct tdb_crypto {
160814Ssimon	struct ipsecrequest	*tc_isr;	/* ipsec request state */
160814Ssimon	u_int32_t		tc_spi;		/* associated SPI */
160814Ssimon	union sockaddr_union	tc_dst;		/* dst addr of packet */
160814Ssimon	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
160814Ssimon	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
160814Ssimon	int			tc_protoff;	/* current protocol offset */
160814Ssimon	int			tc_skip;	/* data offset */
160814Ssimon	caddr_t			tc_ptr;		/* associated crypto data */
160814Ssimon};
160814Ssimon
160814Ssimonstruct secasvar;
160814Ssimonstruct ipescrequest;
160814Ssimon
160814Ssimonstruct xformsw {
160814Ssimon	u_short	xf_type;		/* xform ID */
160814Ssimon#define	XF_IP4		1	/* IP inside IP */
160814Ssimon#define	XF_AH		2	/* AH */
160814Ssimon#define	XF_ESP		3	/* ESP */
160814Ssimon#define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
160814Ssimon#define	XF_IPCOMP	6	/* IPCOMP */
160814Ssimon	u_short	xf_flags;
160814Ssimon#define	XFT_AUTH	0x0001
160814Ssimon#define	XFT_CONF	0x0100
160814Ssimon#define	XFT_COMP	0x1000
160814Ssimon	char	*xf_name;			/* human-readable name */
160814Ssimon	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
160814Ssimon	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
160814Ssimon	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
160814Ssimon			int, int);
160814Ssimon	int	(*xf_output)(struct mbuf*,	       		/* output */
160814Ssimon			struct ipsecrequest *, struct mbuf **, int, int);
160814Ssimon	struct xformsw *xf_next;		/* list of registered xforms */
160814Ssimon};
160814Ssimon
160814Ssimon#ifdef _KERNEL
160814Ssimonextern void xform_register(struct xformsw*);
160814Ssimonextern int xform_init(struct secasvar *sav, int xftype);
160814Ssimon
160814Ssimonstruct cryptoini;
160814Ssimon
160814Ssimon/* XF_IP4 */
160814Ssimonextern	int ip4_input6(struct mbuf **m, int *offp, int proto);
160814Ssimonextern	void ip4_input(struct mbuf *m, int);
167612Ssimonextern	int ipip_output(struct mbuf *, struct ipsecrequest *,
167612Ssimon			struct mbuf **, int, int);
167612Ssimon
167612Ssimon/* XF_AH */
167612Ssimonextern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
162911Ssimonextern int ah_zeroize(struct secasvar *sav);
162911Ssimonextern struct auth_hash *ah_algorithm_lookup(int alg);
162911Ssimonextern size_t ah_hdrsiz(struct secasvar *);
162911Ssimon
160814Ssimon/* XF_ESP */
160814Ssimonextern struct enc_xform *esp_algorithm_lookup(int alg);
160814Ssimonextern size_t esp_hdrsiz(struct secasvar *sav);
160814Ssimon
160814Ssimon/* XF_COMP */
160814Ssimonextern struct comp_algo *ipcomp_algorithm_lookup(int alg);
160814Ssimon
160814Ssimon#endif /* _KERNEL */
160814Ssimon#endif /* _NETIPSEC_XFORM_H_ */
160814Ssimon