1/*
2 * Copyright (c) 2011 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef	_NET_IF_UTUN_CRYPTO_H_
30#define	_NET_IF_UTUN_CRYPTO_H_
31
32// constants used in configuring the crypto context
33typedef enum utun_crypto_ver {
34	UTUN_CRYPTO_VER_1 = 1,
35	UTUN_CRYPTO_VER_MAX,
36} utun_crypto_ver_t;
37
38#define UTUN_CRYPTO_KEYS_IPSEC_VER_1                  UTUN_CRYPTO_VER_1
39#define UTUN_CRYPTO_IPSEC_VER_1                       UTUN_CRYPTO_VER_1
40#define UTUN_CRYPTO_DTLS_VER_1                        UTUN_CRYPTO_VER_1
41
42#define UTUN_CRYPTO_ARGS_VER_MAX                      UTUN_CRYPTO_VER_MAX
43#define UTUN_CRYPTO_KEYS_ARGS_VER_MAX                 UTUN_CRYPTO_VER_MAX
44#define UTUN_CRYPTO_FRAMER_ARGS_VER_MAX               UTUN_CRYPTO_VER_MAX
45
46typedef enum utun_crypto_dir {
47	UTUN_CRYPTO_DIR_IN = 1,
48	UTUN_CRYPTO_DIR_OUT,
49	UTUN_CRYPTO_DIR_MAX,
50} utun_crypto_dir_t;
51
52#define UTUN_CRYPTO_CTX_NUM_DIRS 2
53
54#define BITSTOBYTES(n)                                (n >> 3)
55#define BYTESTOBITS(n)                                (n << 3)
56
57#define MAX_KEY_AUTH_LEN_BITS                         512 // corresponds to SHA512
58#define MAX_KEY_AUTH_LEN_BYTES                        (BITSTOBYTES(MAX_KEY_AUTH_LEN_BITS))
59#define MAX_KEY_ENC_LEN_BITS                          256 // corresponds to AES256
60#define MAX_KEY_ENC_LEN_BYTES                         (BITSTOBYTES(MAX_KEY_ENC_LEN_BITS))
61
62typedef enum utun_crypto_type {
63	UTUN_CRYPTO_TYPE_IPSEC = 1,
64	UTUN_CRYPTO_TYPE_DTLS,
65	UTUN_CRYPTO_TYPE_MAX,
66} utun_crypto_type_t;
67
68typedef enum if_utun_crypto_ipsec_mode {
69	IF_UTUN_CRYPTO_IPSEC_MODE_NONE = 0,
70	IF_UTUN_CRYPTO_IPSEC_MODE_TRANSPORT,
71	IF_UTUN_CRYPTO_IPSEC_MODE_TUNNEL,
72	IF_UTUN_CRYPTO_IPSEC_MODE_MAX,
73} if_utun_crypto_ipsec_mode_t;
74
75typedef enum if_utun_crypto_ipsec_proto {
76	IF_UTUN_CRYPTO_IPSEC_PROTO_NONE = 0,
77	IF_UTUN_CRYPTO_IPSEC_PROTO_ESP,
78	IF_UTUN_CRYPTO_IPSEC_PROTO_AH,
79	IF_UTUN_CRYPTO_IPSEC_PROTO_MAX,
80} if_utun_crypto_ipsec_proto_t;
81
82typedef enum if_utun_crypto_ipsec_auth {
83	IF_UTUN_CRYPTO_IPSEC_AUTH_NONE = 0,
84	IF_UTUN_CRYPTO_IPSEC_AUTH_MD5,
85	IF_UTUN_CRYPTO_IPSEC_AUTH_SHA1,
86	IF_UTUN_CRYPTO_IPSEC_AUTH_SHA256,
87	IF_UTUN_CRYPTO_IPSEC_AUTH_SHA384,
88	IF_UTUN_CRYPTO_IPSEC_AUTH_SHA512,
89	IF_UTUN_CRYPTO_IPSEC_AUTH_MAX,
90} if_utun_crypto_ipsec_auth_t;
91
92typedef enum if_utun_crypto_ipsec_enc {
93	IF_UTUN_CRYPTO_IPSEC_ENC_NONE = 0,
94	IF_UTUN_CRYPTO_IPSEC_ENC_DES,
95	IF_UTUN_CRYPTO_IPSEC_ENC_3DES,
96	IF_UTUN_CRYPTO_IPSEC_ENC_AES128,
97	IF_UTUN_CRYPTO_IPSEC_ENC_AES256,
98	IF_UTUN_CRYPTO_IPSEC_ENC_MAX,
99} if_utun_crypto_ipsec_enc_t;
100
101typedef enum if_utun_crypto_ipsec_keepalive {
102	IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NONE = 0,
103	IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NATT,
104	IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_ESP,
105	IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_MAX,
106} if_utun_crypto_ipsec_keepalive_t;
107
108typedef enum if_utun_crypto_ipsec_natd {
109	IF_UTUN_CRYPTO_IPSEC_NATD_NONE = 0,
110	IF_UTUN_CRYPTO_IPSEC_NATD_MINE,
111	IF_UTUN_CRYPTO_IPSEC_NATD_PEER,
112	IF_UTUN_CRYPTO_IPSEC_NATD_BOTH,
113	IF_UTUN_CRYPTO_IPSEC_NATD_MAX,
114} if_utun_crypto_ipsec_natd_t;
115
116// structures used for storing the App's keying index arguments
117typedef struct utun_crypto_keys_idx_ipsec_args_v1 {
118	struct sockaddr_storage                       src_addr; // v4 or v6 socket address (ignore port numbers)
119	struct sockaddr_storage                       dst_addr; // v4 or v6 socket address (ignore port numbers)
120	if_utun_crypto_ipsec_proto_t                  proto;
121	if_utun_crypto_ipsec_mode_t                   mode;
122	u_int32_t                                     reqid; // policy's reqid, default to 0 for now since we are avoiding policies.
123	u_int32_t                                     spi;		  // 0 when requesting the index, otherwise it contains the resulting index
124	u_int32_t                                     spirange_min; // default to 0
125	u_int32_t                                     spirange_max; // default to 0xffffffff
126} __attribute__((packed)) utun_crypto_keys_idx_ipsec_args_v1_t;
127
128typedef struct utun_crypto_keys_idx_dtls_args_v1 {
129	// stub for DTLS keying index arguments
130	u_int32_t                                     unused; // place holder
131} __attribute__((packed)) utun_crypto_keys_idx_dtls_args_v1_t;
132
133// App's parent structure for sending/storing keying index arguments
134typedef struct utun_crypto_keys_idx_args {
135	utun_crypto_ver_t                             ver;
136	utun_crypto_type_t                            type;
137	utun_crypto_dir_t                             dir;
138	u_int32_t                                     args_ulen;
139	u_int32_t                                     varargs_buflen;
140	union {
141		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_CTX_IDX_ARGS_HDR_SIZE breaks backwards compatibility
142		utun_crypto_keys_idx_ipsec_args_v1_t  ipsec_v1;
143		utun_crypto_keys_idx_dtls_args_v1_t   dtls_v1;
144		// future (additional) versions of the arguments may be placed here
145	} u;
146	u_int8_t                                      varargs_buf[0];
147} __attribute__((aligned(4), packed)) utun_crypto_keys_idx_args_t;
148
149// structures used for storing the App's keying material arguments
150typedef struct utun_crypto_keys_ipsec_args_v1 {
151	struct sockaddr_storage                       src_addr; // v4 or v6 socket address (ignore port numbers)
152	struct sockaddr_storage                       dst_addr; // v4 or v6 socket address (ignore port numbers)
153	if_utun_crypto_ipsec_proto_t                  proto;
154	if_utun_crypto_ipsec_mode_t                   mode;
155	if_utun_crypto_ipsec_auth_t                   alg_auth;
156	if_utun_crypto_ipsec_enc_t                    alg_enc;
157	if_utun_crypto_ipsec_keepalive_t              keepalive;
158	if_utun_crypto_ipsec_natd_t                   natd;
159	u_int8_t                                      replay;   // window size default to 4
160	u_int8_t                                      punt_rx_keepalive;
161	u_int16_t                                     interval_tx_keepalive;
162	u_int16_t                                     key_auth_len; // 128 or 160 or 192 or 256 or 384 or 512
163	u_int16_t                                     key_enc_len;  // 64 or 128 or 192 or 256
164	u_int16_t                                     natt_port; // if non-zero flags will be set to include SADB_X_EXT_NATT
165	u_int16_t                                     unused;
166	u_int32_t                                     seq;	  // default to 0
167	u_int32_t                                     spi;
168	u_int32_t                                     pid;      // vpnagent's process id
169	u_int32_t                                     reqid; // policy's reqid, default to 0 for now since we are avoiding policies.
170	u_int64_t                                     lifetime_hard; // value in seconds
171	u_int64_t                                     lifetime_soft; // value in seconds
172	// key_auth and key_enc will actually be stored in utun_crypto_KEYS_args_t.varargs_buf
173} __attribute__((packed)) utun_crypto_keys_ipsec_args_v1_t;
174
175typedef struct utun_crypto_keys_dtls_args_v1 {
176	// stub for DTLS keying material arguments
177	u_int32_t                                     unused; // place holder
178} __attribute__((packed)) utun_crypto_keys_dtls_args_v1_t;
179
180// App's parent structure for sending/storing keying material arguments
181typedef struct utun_crypto_keys_args {
182	utun_crypto_ver_t                             ver;
183	utun_crypto_type_t                            type;
184	utun_crypto_dir_t                             dir;
185	u_int32_t                                     args_ulen;
186	u_int32_t                                     varargs_buflen;
187	union {
188		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
189		utun_crypto_keys_ipsec_args_v1_t      ipsec_v1;
190		utun_crypto_keys_dtls_args_v1_t       dtls_v1;
191		// future (additional) versions of the arguments may be placed here
192	} u;
193	u_int8_t                                      varargs_buf[0];
194} __attribute__((aligned(4), packed)) utun_crypto_keys_args_t;
195
196// structures used for storing the App's crypto arguments
197typedef struct utun_crypto_ipsec_args_v1 {
198	// stub for IPSec crypto context arguments
199	u_int32_t                                     unused; // place holder
200} __attribute__((packed)) utun_crypto_ipsec_args_v1_t;
201
202typedef struct utun_crypto_dtls_args_v1 {
203	// stub for DTLS crypto context arguments
204	int                                           kpi_handle;
205} __attribute__((packed)) utun_crypto_dtls_args_v1_t;
206
207// App's parent structure for starting/stopping crypto
208typedef struct utun_crypto_args {
209	utun_crypto_ver_t                             ver;
210	utun_crypto_type_t                            type;
211	u_int32_t                                     stop_data_traffic;
212	u_int32_t                                     args_ulen;
213	u_int32_t                                     varargs_buflen;
214	union {
215		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_ARGS_HDR_SIZE breaks backwards compatibility
216		utun_crypto_ipsec_args_v1_t           ipsec_v1;
217		utun_crypto_dtls_args_v1_t            dtls_v1;
218		// future (additional) versions of the arguments may be placed here
219	} u;
220	u_int8_t                                      varargs_buf[0]; // must be at the end of this struct
221} __attribute__((aligned(4), packed)) utun_crypto_args_t;
222
223typedef enum {
224  UTUN_CRYPTO_INNER_TYPE_IPv4 = 1,
225  UTUN_CRYPTO_INNER_TYPE_IPv6,
226  UTUN_CRYPTO_INNER_TYPE_MAX,
227} utun_crypto_framer_inner_type_t;
228
229typedef struct utun_crypto_framer_ipsec_args_v1 {
230	// stub for IPSec framer arguments
231	u_int32_t                                     unused; // place holder
232} __attribute__((packed)) utun_crypto_framer_ipsec_args_v1_t;
233
234typedef struct utun_crypto_framer_dtls_in_args_v1 {
235	int                                           in_pattern_len;
236	int                                           in_pattern_mask_len;
237	int                                           in_data_offset;
238	// in_pattern, in_pattern_mask will actually be stored in utun_crypto_framer_args_t.varargs_buf
239} __attribute__((packed)) utun_crypto_framer_dtls_in_args_v1_t;
240
241typedef struct utun_crypto_framer_dtls_out_args_v1 {
242	int                                           out_pattern_len;
243	u_int32_t                                     len_field_mask; // 0 means unconfigured
244	int                                           len_field_offset;
245	int                                           len_field_extra;
246	u_int32_t                                     sequence_field;
247	u_int32_t                                     sequence_field_mask; // 0 means unconfigured
248	int                                           sequence_field_offset;
249	// out_pattern will actually be stored in utun_crypto_framer_args_t.varargs_buf
250} __attribute__((packed)) utun_crypto_framer_dtls_out_args_v1_t;
251
252typedef struct utun_crypto_framer_dtls_args_v1 {
253	// the following depend on utun_crypto_framer_args_t.dir
254	union {
255		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
256		utun_crypto_framer_dtls_in_args_v1_t  in;
257		utun_crypto_framer_dtls_out_args_v1_t out;
258		// future (additional) versions of the arguments may be placed here
259	} u;
260} __attribute__((packed)) utun_crypto_framer_dtls_args_v1_t;
261
262// App's parent structure for sending/storing framer arguments
263typedef struct utun_crypto_framer_args {
264	utun_crypto_ver_t                             ver;
265	utun_crypto_type_t                            type;
266	utun_crypto_dir_t                             dir;
267	utun_crypto_framer_inner_type_t               inner_type;
268	u_int32_t                                     args_ulen;
269	u_int32_t                                     varargs_buflen;
270	union {
271		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
272		utun_crypto_framer_ipsec_args_v1_t    ipsec_v1;
273		utun_crypto_framer_dtls_args_v1_t     dtls_v1;
274		// future (additional) versions of the arguments may be placed here
275	} u;
276	u_int8_t                                      varargs_buf[0];
277} __attribute__((aligned(4), packed)) utun_crypto_framer_args_t;
278
279#define utun_crypto_framer_args_dtls_in(framer)   framer->u.dtls_v1.u.in
280#define utun_crypto_framer_args_dtls_out(framer)  framer->u.dtls_v1.u.out
281
282#ifdef KERNEL_PRIVATE
283
284#include <sys/kern_control.h>
285#include <net/kpi_protocol.h>
286#include <net/kpi_interface.h>
287#include <net/pfkeyv2.h>
288#include <netkey/key.h>
289#include <netkey/keydb.h>
290#include <net/bpf.h>
291
292struct utun_pcb;
293
294// structures used for storing kernel's keying material runtime state
295typedef struct utun_crypto_keys_ipsec_state {
296	// kernel's ipsec keying material state
297	u_int32_t                                     spi;
298	struct secashead                             *sah;
299	struct secasvar                              *sav;
300	u_int8_t                                      proto;
301	u_int8_t                                      ifamily;
302	u_int8_t                                      mode;
303	u_int8_t                                      unused;
304} __attribute__((packed)) utun_crypto_keys_ipsec_state_t;
305
306typedef struct utun_crypto_keys_dtls_state {
307	// stub for kernel's DTLS keying material state
308	u_int32_t                                     unused; // place holder
309} __attribute__((packed)) utun_crypto_keys_dtls_state_t;
310
311// kernel's parent structure for keying material state
312typedef struct utun_crypto_keys_state {
313	union {
314		utun_crypto_keys_ipsec_state_t        ipsec;
315		utun_crypto_keys_dtls_state_t         dtls;
316	} u;
317} __attribute__((aligned(4), packed)) utun_crypto_keys_state_t;
318
319// kernel's parent structure for keying material
320typedef struct utun_crypto_keys {
321	int                                           valid; // is valid?
322	utun_crypto_type_t                            type;
323	u_int16_t                                     unused;
324	utun_crypto_keys_state_t                      state; // runtime state
325	LIST_ENTRY(utun_crypto_keys)                  chain;
326} __attribute__((aligned(4), packed)) utun_crypto_keys_t;
327
328// structures used for storing kernel's framer runtime state
329typedef struct utun_crypto_framer_ipsec_state {
330	// stub for kernel's IPSec framer state
331	u_int32_t                                     unused; // place holder
332} __attribute__((packed)) utun_crypto_framer_ipsec_state_t;
333
334typedef struct utun_crypto_framer_dtls_in_state {
335	u_int8_t                                     *in_pattern;
336	int                                           in_pattern_len;
337	u_int8_t                                     *in_pattern_mask;
338	u_int8_t                                     *in_pattern_masked;
339	int                                           in_data_offset;
340	struct bpf_program                            in_pattern_filter;
341} __attribute__((packed)) utun_crypto_framer_dtls_in_state_t;
342
343typedef struct utun_crypto_framer_dtls_out_state {
344	u_int8_t                                     *out_pattern;
345	int                                           out_pattern_len;
346	u_int32_t                                     len_field_mask; // 0 means unconfigured
347	int                                           len_field_offset;
348	int                                           len_field_extra;
349	u_int32_t                                     sequence_field;
350	u_int32_t                                     sequence_field_initval;
351	u_int32_t                                     sequence_field_mask; // 0 means unconfigured
352	int                                           sequence_field_offset;
353} __attribute__((packed)) utun_crypto_framer_dtls_out_state_t;
354
355typedef struct utun_crypto_framer_dtls_state {
356	union {
357		// don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
358		utun_crypto_framer_dtls_in_state_t  in;
359		utun_crypto_framer_dtls_out_state_t out;
360		// future (additional) versions of the arguments may be placed here
361	} u;
362} __attribute__((packed)) utun_crypto_framer_dtls_state_t;
363
364// kernel's parent structure for framer state
365typedef struct utun_crypto_framer_state {
366	union {
367		utun_crypto_framer_ipsec_state_t ipsec;
368		utun_crypto_framer_dtls_state_t  dtls;
369	} u;
370} __attribute__((aligned(4), packed)) utun_crypto_framer_state_t;
371
372// kernel's parent structure for the framer
373typedef struct utun_crypto_framer {
374	int                                           valid; // is valid?
375	utun_crypto_type_t                            type;
376	utun_crypto_dir_t                             dir;
377	utun_crypto_framer_inner_type_t               inner_type;
378	protocol_family_t                             inner_protocol_family;
379	utun_crypto_framer_state_t                    state; // runtime state
380	LIST_ENTRY(utun_crypto_framer)                framer_chain;
381} __attribute__((aligned(4), packed)) utun_crypto_framer_t;
382
383#define UTUN_CRYPTO_INNER_TYPE_TO_IDX(type)           (type - 1)
384#define UTUN_CRYPTO_IDX_TO_INNER_TYPE(idx)            (idx + 1)
385#define UTUN_CRYPTO_INNER_TYPE_IDX_MAX                UTUN_CRYPTO_INNER_TYPE_TO_IDX(UTUN_CRYPTO_INNER_TYPE_MAX)
386
387#define UTUN_CRYPTO_DIR_TO_IDX(dir)                   (dir - 1)
388#define UTUN_CRYPTO_IDX_TO_DIR(idx)                   (idx + 1)
389#define UTUN_CRYPTO_DIR_IDX_MAX                       UTUN_CRYPTO_DIR_TO_IDX(UTUN_CRYPTO_DIR_MAX)
390
391#define utun_crypto_framer_state_dtls_in(framer)      framer->state.u.dtls.u.in
392#define utun_crypto_framer_state_dtls_out(framer)     framer->state.u.dtls.u.out
393
394// kernel's parent structure for all crypto stuff
395typedef struct utun_crypto_ctx {
396	int                                           valid;
397	utun_crypto_type_t                            type;
398	u_int16_t                                     unused;
399	LIST_HEAD(chain, utun_crypto_keys)            keys_listhead;
400	LIST_HEAD(framer_chain, utun_crypto_framer)   framer_listheads[UTUN_CRYPTO_INNER_TYPE_IDX_MAX];
401	int                                           num_framers;
402	int                                           kpi_handle;
403	caddr_t                                       kpi_ref;
404	int                                           kpi_refcnt;
405} __attribute__((aligned(4), packed)) utun_crypto_ctx_t;
406
407#define UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE            ((size_t)(&((utun_crypto_keys_idx_args_t *)0)->u))
408#define UTUN_CRYPTO_KEYS_IDX_ARGS_VARARGS_BUF(args)   ((u_int8_t *)args + UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen)
409#define UTUN_CRYPTO_KEYS_IDX_ARGS_TOTAL_SIZE(args)    ((size_t)(UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
410
411#define UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE                ((size_t)(&((utun_crypto_keys_args_t *)0)->u))
412#define UTUN_CRYPTO_KEYS_ARGS_VARARGS_BUF(args)       ((u_int8_t *)args + UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen)
413#define UTUN_CRYPTO_KEYS_ARGS_TOTAL_SIZE(args)        ((size_t)(UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
414
415#define UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE                ((size_t)(&((utun_crypto_framer_args_t *)0)->u))
416#define UTUN_CRYPTO_FRAMER_ARGS_VARARGS_BUF(args)       ((u_int8_t *)args + UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen)
417#define UTUN_CRYPTO_FRAMER_ARGS_TOTAL_SIZE(args)        ((size_t)(UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
418
419#define UTUN_CRYPTO_ARGS_HDR_SIZE                     ((size_t)(&((utun_crypto_args_t *)0)->u))
420#define UTUN_CRYPTO_ARGS_VARARGS_BUF(args)            ((u_int8_t *)args + UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen)
421#define UTUN_CRYPTO_ARGS_TOTAL_SIZE(args)             ((size_t)(UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
422
423typedef caddr_t (*utun_crypto_kpi_connect_func)(int kpi_handle, struct utun_pcb *utun_ref);
424
425typedef errno_t (*utun_crypto_kpi_send_func)(caddr_t ref, mbuf_t *pkt);
426
427typedef struct utun_crypto_kpi_reg {
428  /* Dispatch functions */
429  utun_crypto_type_t           crypto_kpi_type;
430  u_int32_t                    crypto_kpi_flags;
431  utun_crypto_kpi_connect_func crypto_kpi_connect;
432  utun_crypto_kpi_send_func    crypto_kpi_send;
433} utun_crypto_kpi_reg_t;
434
435typedef struct utun_crypto_kpi_reg_list {
436  utun_crypto_kpi_reg_t            reg;
437  struct utun_crypto_kpi_reg_list *next;
438} utun_crypto_kpi_reg_list_t;
439
440void
441utun_ctl_init_crypto(void);
442
443/*
444 * Summary: registers the crypto KPI's Kext routines with UTUN... so that UTUN can make calls into it (e.g. DTLS)
445 */
446errno_t
447utun_crypto_kpi_register(utun_crypto_kpi_reg_t *reg);
448
449void
450utun_cleanup_crypto(struct utun_pcb *pcb);
451
452errno_t
453utun_ctl_enable_crypto(__unused kern_ctl_ref  kctlref,
454		       __unused u_int32_t     unit,
455		       __unused void         *unitinfo,
456		       __unused int           opt,
457		       void                  *data,
458		       size_t                 len);
459
460errno_t
461utun_ctl_disable_crypto(__unused kern_ctl_ref  kctlref,
462			__unused u_int32_t     unit,
463			__unused void         *unitinfo,
464			__unused int           opt,
465			void                  *data,
466			size_t                 len);
467
468errno_t
469utun_ctl_config_crypto_keys(__unused kern_ctl_ref  kctlref,
470			    __unused u_int32_t	   unit,
471			    __unused void         *unitinfo,
472			    __unused int           opt,
473			    void                  *data,
474			    size_t                 len);
475
476errno_t
477utun_ctl_unconfig_crypto_keys(__unused kern_ctl_ref  kctlref,
478			      __unused u_int32_t     unit,
479			      __unused void         *unitinfo,
480			      __unused int           opt,
481			      void                  *data,
482			      size_t                 len);
483
484errno_t
485utun_ctl_config_crypto_framer(__unused kern_ctl_ref  kctlref,
486			      __unused u_int32_t	   unit,
487			      __unused void         *unitinfo,
488			      __unused int           opt,
489			      void                  *data,
490			      size_t                 len);
491
492errno_t
493utun_ctl_unconfig_crypto_framer(__unused kern_ctl_ref  kctlref,
494				__unused u_int32_t     unit,
495				__unused void         *unitinfo,
496				__unused int           opt,
497				void                  *data,
498				size_t                 len);
499
500errno_t
501utun_ctl_generate_crypto_keys_idx(__unused kern_ctl_ref  kctlref,
502				  __unused u_int32_t     unit,
503				  __unused void         *unitinfo,
504				  __unused int           opt,
505				  void                  *data,
506				  size_t                *len);
507
508errno_t
509utun_ctl_stop_crypto_data_traffic(__unused kern_ctl_ref  kctlref,
510				  __unused u_int32_t     unit,
511				  __unused void         *unitinfo,
512				  __unused int           opt,
513				  void                  *data,
514				  size_t                 len);
515
516errno_t
517utun_ctl_start_crypto_data_traffic(__unused kern_ctl_ref  kctlref,
518				   __unused u_int32_t     unit,
519				   __unused void         *unitinfo,
520				   __unused int           opt,
521				   void                  *data,
522				   size_t                 len);
523
524int
525utun_pkt_crypto_output(struct utun_pcb *pcb, mbuf_t *m);
526
527#endif // KERNEL_PRIVATE
528
529#endif // _NET_IF_UTUN_CRYPTO_H_
530