sys/netipsec/xform.h

38494Sobrien/*	$FreeBSD: head/sys/netipsec/xform.h 275159 2014-11-27 00:27:39Z ae $	*/
174294Sobrien/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
38494Sobrien/*-
38494Sobrien * The authors of this code are John Ioannidis (ji@tla.org),
38494Sobrien * Angelos D. Keromytis (kermit@csd.uch.gr),
38494Sobrien * Niels Provos (provos@physnet.uni-hamburg.de) and
38494Sobrien * Niklas Hallqvist (niklas@appli.se).
38494Sobrien *
38494Sobrien * The original version of this code was written by John Ioannidis
38494Sobrien * for BSD/OS in Athens, Greece, in November 1995.
38494Sobrien *
38494Sobrien * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
38494Sobrien * by Angelos D. Keromytis.
38494Sobrien *
38494Sobrien * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
38494Sobrien * and Niels Provos.
38494Sobrien *
38494Sobrien * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
38494Sobrien *
42629Sobrien * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
38494Sobrien * Angelos D. Keromytis and Niels Provos.
38494Sobrien * Copyright (c) 1999 Niklas Hallqvist.
38494Sobrien * Copyright (c) 2001, Angelos D. Keromytis.
38494Sobrien *
38494Sobrien * Permission to use, copy, and modify this software with or without fee
38494Sobrien * is hereby granted, provided that this entire notice is included in
38494Sobrien * all copies of any software which is or includes a copy or
38494Sobrien * modification of this software.
38494Sobrien * You may use this code under the GNU public license if you so wish. Please
38494Sobrien * contribute changes back to the authors under this freer than GPL license
38494Sobrien * so that we may further the use of strong encryption without limitations to
38494Sobrien * all.
38494Sobrien *
38494Sobrien * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
38494Sobrien * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
38494Sobrien * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38494Sobrien * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38494Sobrien * PURPOSE.
38494Sobrien */
174294Sobrien
38494Sobrien#ifndef _NETIPSEC_XFORM_H_
38494Sobrien#define _NETIPSEC_XFORM_H_
38494Sobrien
38494Sobrien#include <sys/types.h>
38494Sobrien#include <netinet/in.h>
38494Sobrien#include <opencrypto/xform.h>
38494Sobrien
38494Sobrien#define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
38494Sobrien#define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
38494Sobrien#define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
38494Sobrien
174294Sobrien/*
174294Sobrien * Packet tag assigned on completion of IPsec processing; used
38494Sobrien * to speedup processing when/if the packet comes back for more
38494Sobrien * processing.
38494Sobrien */
38494Sobrienstruct tdb_ident {
38494Sobrien	u_int32_t spi;
38494Sobrien	union sockaddr_union dst;
38494Sobrien	u_int8_t proto;
38494Sobrien	/* Cache those two for enc(4) in xform_ipip. */
38494Sobrien	u_int8_t alg_auth;
38494Sobrien	u_int8_t alg_enc;
38494Sobrien};
38494Sobrien
38494Sobrien/*
38494Sobrien * Opaque data structure hung off a crypto operation descriptor.
38494Sobrien */
38494Sobrienstruct tdb_crypto {
38494Sobrien	struct ipsecrequest	*tc_isr;	/* ipsec request state */
38494Sobrien	u_int32_t		tc_spi;		/* associated SPI */
38494Sobrien	union sockaddr_union	tc_dst;		/* dst addr of packet */
38494Sobrien	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
38494Sobrien	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
38494Sobrien	int			tc_protoff;	/* current protocol offset */
38494Sobrien	int			tc_skip;	/* data offset */
38494Sobrien	caddr_t			tc_ptr;		/* associated crypto data */
38494Sobrien	struct secasvar 	*tc_sav;	/* related SA */
38494Sobrien};
82794Sobrien
38494Sobrienstruct secasvar;
38494Sobrienstruct ipescrequest;
38494Sobrien
38494Sobrienstruct xformsw {
82794Sobrien	u_short	xf_type;		/* xform ID */
82794Sobrien#define	XF_IP4		1	/* IP inside IP */
82794Sobrien#define	XF_AH		2	/* AH */
82794Sobrien#define	XF_ESP		3	/* ESP */
82794Sobrien#define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
82794Sobrien#define	XF_IPCOMP	6	/* IPCOMP */
82794Sobrien	u_short	xf_flags;
82794Sobrien#define	XFT_AUTH	0x0001
38494Sobrien#define	XFT_CONF	0x0100
38494Sobrien#define	XFT_COMP	0x1000
38494Sobrien	char	*xf_name;			/* human-readable name */
38494Sobrien	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
38494Sobrien	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
119679Smbr	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
38494Sobrien			int, int);
38494Sobrien	int	(*xf_output)(struct mbuf*,	       		/* output */
38494Sobrien			struct ipsecrequest *, struct mbuf **, int, int);
38494Sobrien	struct xformsw *xf_next;		/* list of registered xforms */
38494Sobrien};
38494Sobrien
38494Sobrien#ifdef _KERNEL
38494Sobrienextern void xform_register(struct xformsw*);
38494Sobrienextern int xform_init(struct secasvar *sav, int xftype);
38494Sobrien
38494Sobrienstruct cryptoini;
38494Sobrien
38494Sobrien/* XF_IP4 */
38494Sobrienextern	int ipip_output(struct mbuf *, struct ipsecrequest *,
38494Sobrien			struct mbuf **, int, int);
38494Sobrien
174294Sobrien/* XF_AH */
174294Sobrienextern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
174294Sobrienextern int ah_zeroize(struct secasvar *sav);
38494Sobrienextern struct auth_hash *ah_algorithm_lookup(int alg);
38494Sobrienextern size_t ah_hdrsiz(struct secasvar *);
38494Sobrien
38494Sobrien/* XF_ESP */
38494Sobrienextern struct enc_xform *esp_algorithm_lookup(int alg);
38494Sobrienextern size_t esp_hdrsiz(struct secasvar *sav);
38494Sobrien
38494Sobrien/* XF_COMP */
38494Sobrienextern struct comp_algo *ipcomp_algorithm_lookup(int alg);
38494Sobrien
38494Sobrien#endif /* _KERNEL */
38494Sobrien#endif /* _NETIPSEC_XFORM_H_ */
38494Sobrien