xform.h revision 275159
138494Sobrien/* $FreeBSD: head/sys/netipsec/xform.h 275159 2014-11-27 00:27:39Z ae $ */ 2174294Sobrien/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ 338494Sobrien/*- 438494Sobrien * The authors of this code are John Ioannidis (ji@tla.org), 538494Sobrien * Angelos D. Keromytis (kermit@csd.uch.gr), 638494Sobrien * Niels Provos (provos@physnet.uni-hamburg.de) and 738494Sobrien * Niklas Hallqvist (niklas@appli.se). 838494Sobrien * 938494Sobrien * The original version of this code was written by John Ioannidis 1038494Sobrien * for BSD/OS in Athens, Greece, in November 1995. 1138494Sobrien * 1238494Sobrien * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 1338494Sobrien * by Angelos D. Keromytis. 1438494Sobrien * 1538494Sobrien * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 1638494Sobrien * and Niels Provos. 1738494Sobrien * 1838494Sobrien * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. 1938494Sobrien * 2042629Sobrien * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 2138494Sobrien * Angelos D. Keromytis and Niels Provos. 2238494Sobrien * Copyright (c) 1999 Niklas Hallqvist. 2338494Sobrien * Copyright (c) 2001, Angelos D. Keromytis. 2438494Sobrien * 2538494Sobrien * Permission to use, copy, and modify this software with or without fee 2638494Sobrien * is hereby granted, provided that this entire notice is included in 2738494Sobrien * all copies of any software which is or includes a copy or 2838494Sobrien * modification of this software. 2938494Sobrien * You may use this code under the GNU public license if you so wish. Please 3038494Sobrien * contribute changes back to the authors under this freer than GPL license 3138494Sobrien * so that we may further the use of strong encryption without limitations to 3238494Sobrien * all. 3338494Sobrien * 3438494Sobrien * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 3538494Sobrien * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 3638494Sobrien * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 3738494Sobrien * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 3838494Sobrien * PURPOSE. 3938494Sobrien */ 40174294Sobrien 4138494Sobrien#ifndef _NETIPSEC_XFORM_H_ 4238494Sobrien#define _NETIPSEC_XFORM_H_ 4338494Sobrien 4438494Sobrien#include <sys/types.h> 4538494Sobrien#include <netinet/in.h> 4638494Sobrien#include <opencrypto/xform.h> 4738494Sobrien 4838494Sobrien#define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ 4938494Sobrien#define AH_HMAC_MAXHASHLEN (SHA2_512_HASH_LEN/2) /* Keep this updated */ 5038494Sobrien#define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ 5138494Sobrien 52174294Sobrien/* 53174294Sobrien * Packet tag assigned on completion of IPsec processing; used 5438494Sobrien * to speedup processing when/if the packet comes back for more 5538494Sobrien * processing. 5638494Sobrien */ 5738494Sobrienstruct tdb_ident { 5838494Sobrien u_int32_t spi; 5938494Sobrien union sockaddr_union dst; 6038494Sobrien u_int8_t proto; 6138494Sobrien /* Cache those two for enc(4) in xform_ipip. */ 6238494Sobrien u_int8_t alg_auth; 6338494Sobrien u_int8_t alg_enc; 6438494Sobrien}; 6538494Sobrien 6638494Sobrien/* 6738494Sobrien * Opaque data structure hung off a crypto operation descriptor. 6838494Sobrien */ 6938494Sobrienstruct tdb_crypto { 7038494Sobrien struct ipsecrequest *tc_isr; /* ipsec request state */ 7138494Sobrien u_int32_t tc_spi; /* associated SPI */ 7238494Sobrien union sockaddr_union tc_dst; /* dst addr of packet */ 7338494Sobrien u_int8_t tc_proto; /* current protocol, e.g. AH */ 7438494Sobrien u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ 7538494Sobrien int tc_protoff; /* current protocol offset */ 7638494Sobrien int tc_skip; /* data offset */ 7738494Sobrien caddr_t tc_ptr; /* associated crypto data */ 7838494Sobrien struct secasvar *tc_sav; /* related SA */ 7938494Sobrien}; 8082794Sobrien 8138494Sobrienstruct secasvar; 8238494Sobrienstruct ipescrequest; 8338494Sobrien 8438494Sobrienstruct xformsw { 8582794Sobrien u_short xf_type; /* xform ID */ 8682794Sobrien#define XF_IP4 1 /* IP inside IP */ 8782794Sobrien#define XF_AH 2 /* AH */ 8882794Sobrien#define XF_ESP 3 /* ESP */ 8982794Sobrien#define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ 9082794Sobrien#define XF_IPCOMP 6 /* IPCOMP */ 9182794Sobrien u_short xf_flags; 9282794Sobrien#define XFT_AUTH 0x0001 9338494Sobrien#define XFT_CONF 0x0100 9438494Sobrien#define XFT_COMP 0x1000 9538494Sobrien char *xf_name; /* human-readable name */ 9638494Sobrien int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ 9738494Sobrien int (*xf_zeroize)(struct secasvar*); /* cleanup */ 98119679Smbr int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ 9938494Sobrien int, int); 10038494Sobrien int (*xf_output)(struct mbuf*, /* output */ 10138494Sobrien struct ipsecrequest *, struct mbuf **, int, int); 10238494Sobrien struct xformsw *xf_next; /* list of registered xforms */ 10338494Sobrien}; 10438494Sobrien 10538494Sobrien#ifdef _KERNEL 10638494Sobrienextern void xform_register(struct xformsw*); 10738494Sobrienextern int xform_init(struct secasvar *sav, int xftype); 10838494Sobrien 10938494Sobrienstruct cryptoini; 11038494Sobrien 11138494Sobrien/* XF_IP4 */ 11238494Sobrienextern int ipip_output(struct mbuf *, struct ipsecrequest *, 11338494Sobrien struct mbuf **, int, int); 11438494Sobrien 115174294Sobrien/* XF_AH */ 116174294Sobrienextern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); 117174294Sobrienextern int ah_zeroize(struct secasvar *sav); 11838494Sobrienextern struct auth_hash *ah_algorithm_lookup(int alg); 11938494Sobrienextern size_t ah_hdrsiz(struct secasvar *); 12038494Sobrien 12138494Sobrien/* XF_ESP */ 12238494Sobrienextern struct enc_xform *esp_algorithm_lookup(int alg); 12338494Sobrienextern size_t esp_hdrsiz(struct secasvar *sav); 12438494Sobrien 12538494Sobrien/* XF_COMP */ 12638494Sobrienextern struct comp_algo *ipcomp_algorithm_lookup(int alg); 12738494Sobrien 12838494Sobrien#endif /* _KERNEL */ 12938494Sobrien#endif /* _NETIPSEC_XFORM_H_ */ 13038494Sobrien