xform.h revision 269699 
1192811Srmacklem/*	$FreeBSD: head/sys/netipsec/xform.h 269699 2014-08-08 01:57:15Z kevlo $	*/
2192811Srmacklem/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
3192811Srmacklem/*-
4192811Srmacklem * The authors of this code are John Ioannidis (ji@tla.org),
5192811Srmacklem * Angelos D. Keromytis (kermit@csd.uch.gr),
6192811Srmacklem * Niels Provos (provos@physnet.uni-hamburg.de) and
7 * Niklas Hallqvist (niklas@appli.se).
8 *
9 * The original version of this code was written by John Ioannidis
10 * for BSD/OS in Athens, Greece, in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 *
20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
22 * Copyright (c) 1999 Niklas Hallqvist.
23 * Copyright (c) 2001, Angelos D. Keromytis.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41#ifndef _NETIPSEC_XFORM_H_
42#define _NETIPSEC_XFORM_H_
43
44#include <sys/types.h>
45#include <netinet/in.h>
46#include <opencrypto/xform.h>
47
48#define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
49#define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
50#define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
51
52/*
53 * Packet tag assigned on completion of IPsec processing; used
54 * to speedup processing when/if the packet comes back for more
55 * processing.
56 */
57struct tdb_ident {
58	u_int32_t spi;
59	union sockaddr_union dst;
60	u_int8_t proto;
61	/* Cache those two for enc(4) in xform_ipip. */
62	u_int8_t alg_auth;
63	u_int8_t alg_enc;
64};
65
66/*
67 * Opaque data structure hung off a crypto operation descriptor.
68 */
69struct tdb_crypto {
70	struct ipsecrequest	*tc_isr;	/* ipsec request state */
71	u_int32_t		tc_spi;		/* associated SPI */
72	union sockaddr_union	tc_dst;		/* dst addr of packet */
73	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
74	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
75	int			tc_protoff;	/* current protocol offset */
76	int			tc_skip;	/* data offset */
77	caddr_t			tc_ptr;		/* associated crypto data */
78	struct secasvar 	*tc_sav;	/* related SA */
79};
80
81struct secasvar;
82struct ipescrequest;
83
84struct xformsw {
85	u_short	xf_type;		/* xform ID */
86#define	XF_IP4		1	/* IP inside IP */
87#define	XF_AH		2	/* AH */
88#define	XF_ESP		3	/* ESP */
89#define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
90#define	XF_IPCOMP	6	/* IPCOMP */
91	u_short	xf_flags;
92#define	XFT_AUTH	0x0001
93#define	XFT_CONF	0x0100
94#define	XFT_COMP	0x1000
95	char	*xf_name;			/* human-readable name */
96	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
97	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
98	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
99			int, int);
100	int	(*xf_output)(struct mbuf*,	       		/* output */
101			struct ipsecrequest *, struct mbuf **, int, int);
102	struct xformsw *xf_next;		/* list of registered xforms */
103};
104
105#ifdef _KERNEL
106extern void xform_register(struct xformsw*);
107extern int xform_init(struct secasvar *sav, int xftype);
108
109struct cryptoini;
110
111/* XF_IP4 */
112extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
113extern	int ip4_input(struct mbuf **, int *, int);
114extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
115			struct mbuf **, int, int);
116
117/* XF_AH */
118extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
119extern int ah_zeroize(struct secasvar *sav);
120extern struct auth_hash *ah_algorithm_lookup(int alg);
121extern size_t ah_hdrsiz(struct secasvar *);
122
123/* XF_ESP */
124extern struct enc_xform *esp_algorithm_lookup(int alg);
125extern size_t esp_hdrsiz(struct secasvar *sav);
126
127/* XF_COMP */
128extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
129
130#endif /* _KERNEL */
131#endif /* _NETIPSEC_XFORM_H_ */
132