1/* 2 * Copyright (c) 2011 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29#ifndef _NET_IF_UTUN_CRYPTO_H_ 30#define _NET_IF_UTUN_CRYPTO_H_ 31 32// constants used in configuring the crypto context 33typedef enum utun_crypto_ver { 34 UTUN_CRYPTO_VER_1 = 1, 35 UTUN_CRYPTO_VER_MAX, 36} utun_crypto_ver_t; 37 38#define UTUN_CRYPTO_KEYS_IPSEC_VER_1 UTUN_CRYPTO_VER_1 39#define UTUN_CRYPTO_IPSEC_VER_1 UTUN_CRYPTO_VER_1 40#define UTUN_CRYPTO_DTLS_VER_1 UTUN_CRYPTO_VER_1 41 42#define UTUN_CRYPTO_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX 43#define UTUN_CRYPTO_KEYS_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX 44#define UTUN_CRYPTO_FRAMER_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX 45 46typedef enum utun_crypto_dir { 47 UTUN_CRYPTO_DIR_IN = 1, 48 UTUN_CRYPTO_DIR_OUT, 49 UTUN_CRYPTO_DIR_MAX, 50} utun_crypto_dir_t; 51 52#define UTUN_CRYPTO_CTX_NUM_DIRS 2 53 54#define BITSTOBYTES(n) (n >> 3) 55#define BYTESTOBITS(n) (n << 3) 56 57#define MAX_KEY_AUTH_LEN_BITS 512 // corresponds to SHA512 58#define MAX_KEY_AUTH_LEN_BYTES (BITSTOBYTES(MAX_KEY_AUTH_LEN_BITS)) 59#define MAX_KEY_ENC_LEN_BITS 256 // corresponds to AES256 60#define MAX_KEY_ENC_LEN_BYTES (BITSTOBYTES(MAX_KEY_ENC_LEN_BITS)) 61 62typedef enum utun_crypto_type { 63 UTUN_CRYPTO_TYPE_IPSEC = 1, 64 UTUN_CRYPTO_TYPE_DTLS, 65 UTUN_CRYPTO_TYPE_MAX, 66} utun_crypto_type_t; 67 68typedef enum if_utun_crypto_ipsec_mode { 69 IF_UTUN_CRYPTO_IPSEC_MODE_NONE = 0, 70 IF_UTUN_CRYPTO_IPSEC_MODE_TRANSPORT, 71 IF_UTUN_CRYPTO_IPSEC_MODE_TUNNEL, 72 IF_UTUN_CRYPTO_IPSEC_MODE_MAX, 73} if_utun_crypto_ipsec_mode_t; 74 75typedef enum if_utun_crypto_ipsec_proto { 76 IF_UTUN_CRYPTO_IPSEC_PROTO_NONE = 0, 77 IF_UTUN_CRYPTO_IPSEC_PROTO_ESP, 78 IF_UTUN_CRYPTO_IPSEC_PROTO_AH, 79 IF_UTUN_CRYPTO_IPSEC_PROTO_MAX, 80} if_utun_crypto_ipsec_proto_t; 81 82typedef enum if_utun_crypto_ipsec_auth { 83 IF_UTUN_CRYPTO_IPSEC_AUTH_NONE = 0, 84 IF_UTUN_CRYPTO_IPSEC_AUTH_MD5, 85 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA1, 86 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA256, 87 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA384, 88 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA512, 89 IF_UTUN_CRYPTO_IPSEC_AUTH_MAX, 90} if_utun_crypto_ipsec_auth_t; 91 92typedef enum if_utun_crypto_ipsec_enc { 93 IF_UTUN_CRYPTO_IPSEC_ENC_NONE = 0, 94 IF_UTUN_CRYPTO_IPSEC_ENC_DES, 95 IF_UTUN_CRYPTO_IPSEC_ENC_3DES, 96 IF_UTUN_CRYPTO_IPSEC_ENC_AES128, 97 IF_UTUN_CRYPTO_IPSEC_ENC_AES256, 98 IF_UTUN_CRYPTO_IPSEC_ENC_MAX, 99} if_utun_crypto_ipsec_enc_t; 100 101typedef enum if_utun_crypto_ipsec_keepalive { 102 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NONE = 0, 103 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NATT, 104 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_ESP, 105 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_MAX, 106} if_utun_crypto_ipsec_keepalive_t; 107 108typedef enum if_utun_crypto_ipsec_natd { 109 IF_UTUN_CRYPTO_IPSEC_NATD_NONE = 0, 110 IF_UTUN_CRYPTO_IPSEC_NATD_MINE, 111 IF_UTUN_CRYPTO_IPSEC_NATD_PEER, 112 IF_UTUN_CRYPTO_IPSEC_NATD_BOTH, 113 IF_UTUN_CRYPTO_IPSEC_NATD_MAX, 114} if_utun_crypto_ipsec_natd_t; 115 116// structures used for storing the App's keying index arguments 117typedef struct utun_crypto_keys_idx_ipsec_args_v1 { 118 struct sockaddr_storage src_addr; // v4 or v6 socket address (ignore port numbers) 119 struct sockaddr_storage dst_addr; // v4 or v6 socket address (ignore port numbers) 120 if_utun_crypto_ipsec_proto_t proto; 121 if_utun_crypto_ipsec_mode_t mode; 122 u_int32_t reqid; // policy's reqid, default to 0 for now since we are avoiding policies. 123 u_int32_t spi; // 0 when requesting the index, otherwise it contains the resulting index 124 u_int32_t spirange_min; // default to 0 125 u_int32_t spirange_max; // default to 0xffffffff 126} __attribute__((packed)) utun_crypto_keys_idx_ipsec_args_v1_t; 127 128typedef struct utun_crypto_keys_idx_dtls_args_v1 { 129 // stub for DTLS keying index arguments 130 u_int32_t unused; // place holder 131} __attribute__((packed)) utun_crypto_keys_idx_dtls_args_v1_t; 132 133// App's parent structure for sending/storing keying index arguments 134typedef struct utun_crypto_keys_idx_args { 135 utun_crypto_ver_t ver; 136 utun_crypto_type_t type; 137 utun_crypto_dir_t dir; 138 u_int32_t args_ulen; 139 u_int32_t varargs_buflen; 140 union { 141 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_CTX_IDX_ARGS_HDR_SIZE breaks backwards compatibility 142 utun_crypto_keys_idx_ipsec_args_v1_t ipsec_v1; 143 utun_crypto_keys_idx_dtls_args_v1_t dtls_v1; 144 // future (additional) versions of the arguments may be placed here 145 } u; 146 u_int8_t varargs_buf[0]; 147} __attribute__((aligned(4), packed)) utun_crypto_keys_idx_args_t; 148 149// structures used for storing the App's keying material arguments 150typedef struct utun_crypto_keys_ipsec_args_v1 { 151 struct sockaddr_storage src_addr; // v4 or v6 socket address (ignore port numbers) 152 struct sockaddr_storage dst_addr; // v4 or v6 socket address (ignore port numbers) 153 if_utun_crypto_ipsec_proto_t proto; 154 if_utun_crypto_ipsec_mode_t mode; 155 if_utun_crypto_ipsec_auth_t alg_auth; 156 if_utun_crypto_ipsec_enc_t alg_enc; 157 if_utun_crypto_ipsec_keepalive_t keepalive; 158 if_utun_crypto_ipsec_natd_t natd; 159 u_int8_t replay; // window size default to 4 160 u_int8_t punt_rx_keepalive; 161 u_int16_t interval_tx_keepalive; 162 u_int16_t key_auth_len; // 128 or 160 or 192 or 256 or 384 or 512 163 u_int16_t key_enc_len; // 64 or 128 or 192 or 256 164 u_int16_t natt_port; // if non-zero flags will be set to include SADB_X_EXT_NATT 165 u_int16_t unused; 166 u_int32_t seq; // default to 0 167 u_int32_t spi; 168 u_int32_t pid; // vpnagent's process id 169 u_int32_t reqid; // policy's reqid, default to 0 for now since we are avoiding policies. 170 u_int64_t lifetime_hard; // value in seconds 171 u_int64_t lifetime_soft; // value in seconds 172 // key_auth and key_enc will actually be stored in utun_crypto_KEYS_args_t.varargs_buf 173} __attribute__((packed)) utun_crypto_keys_ipsec_args_v1_t; 174 175typedef struct utun_crypto_keys_dtls_args_v1 { 176 // stub for DTLS keying material arguments 177 u_int32_t unused; // place holder 178} __attribute__((packed)) utun_crypto_keys_dtls_args_v1_t; 179 180// App's parent structure for sending/storing keying material arguments 181typedef struct utun_crypto_keys_args { 182 utun_crypto_ver_t ver; 183 utun_crypto_type_t type; 184 utun_crypto_dir_t dir; 185 u_int32_t args_ulen; 186 u_int32_t varargs_buflen; 187 union { 188 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility 189 utun_crypto_keys_ipsec_args_v1_t ipsec_v1; 190 utun_crypto_keys_dtls_args_v1_t dtls_v1; 191 // future (additional) versions of the arguments may be placed here 192 } u; 193 u_int8_t varargs_buf[0]; 194} __attribute__((aligned(4), packed)) utun_crypto_keys_args_t; 195 196// structures used for storing the App's crypto arguments 197typedef struct utun_crypto_ipsec_args_v1 { 198 // stub for IPSec crypto context arguments 199 u_int32_t unused; // place holder 200} __attribute__((packed)) utun_crypto_ipsec_args_v1_t; 201 202typedef struct utun_crypto_dtls_args_v1 { 203 // stub for DTLS crypto context arguments 204 int kpi_handle; 205} __attribute__((packed)) utun_crypto_dtls_args_v1_t; 206 207// App's parent structure for starting/stopping crypto 208typedef struct utun_crypto_args { 209 utun_crypto_ver_t ver; 210 utun_crypto_type_t type; 211 u_int32_t stop_data_traffic; 212 u_int32_t args_ulen; 213 u_int32_t varargs_buflen; 214 union { 215 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_ARGS_HDR_SIZE breaks backwards compatibility 216 utun_crypto_ipsec_args_v1_t ipsec_v1; 217 utun_crypto_dtls_args_v1_t dtls_v1; 218 // future (additional) versions of the arguments may be placed here 219 } u; 220 u_int8_t varargs_buf[0]; // must be at the end of this struct 221} __attribute__((aligned(4), packed)) utun_crypto_args_t; 222 223typedef enum { 224 UTUN_CRYPTO_INNER_TYPE_IPv4 = 1, 225 UTUN_CRYPTO_INNER_TYPE_IPv6, 226 UTUN_CRYPTO_INNER_TYPE_MAX, 227} utun_crypto_framer_inner_type_t; 228 229typedef struct utun_crypto_framer_ipsec_args_v1 { 230 // stub for IPSec framer arguments 231 u_int32_t unused; // place holder 232} __attribute__((packed)) utun_crypto_framer_ipsec_args_v1_t; 233 234typedef struct utun_crypto_framer_dtls_in_args_v1 { 235 int in_pattern_len; 236 int in_pattern_mask_len; 237 int in_data_offset; 238 // in_pattern, in_pattern_mask will actually be stored in utun_crypto_framer_args_t.varargs_buf 239} __attribute__((packed)) utun_crypto_framer_dtls_in_args_v1_t; 240 241typedef struct utun_crypto_framer_dtls_out_args_v1 { 242 int out_pattern_len; 243 u_int32_t len_field_mask; // 0 means unconfigured 244 int len_field_offset; 245 int len_field_extra; 246 u_int32_t sequence_field; 247 u_int32_t sequence_field_mask; // 0 means unconfigured 248 int sequence_field_offset; 249 // out_pattern will actually be stored in utun_crypto_framer_args_t.varargs_buf 250} __attribute__((packed)) utun_crypto_framer_dtls_out_args_v1_t; 251 252typedef struct utun_crypto_framer_dtls_args_v1 { 253 // the following depend on utun_crypto_framer_args_t.dir 254 union { 255 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility 256 utun_crypto_framer_dtls_in_args_v1_t in; 257 utun_crypto_framer_dtls_out_args_v1_t out; 258 // future (additional) versions of the arguments may be placed here 259 } u; 260} __attribute__((packed)) utun_crypto_framer_dtls_args_v1_t; 261 262// App's parent structure for sending/storing framer arguments 263typedef struct utun_crypto_framer_args { 264 utun_crypto_ver_t ver; 265 utun_crypto_type_t type; 266 utun_crypto_dir_t dir; 267 utun_crypto_framer_inner_type_t inner_type; 268 u_int32_t args_ulen; 269 u_int32_t varargs_buflen; 270 union { 271 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility 272 utun_crypto_framer_ipsec_args_v1_t ipsec_v1; 273 utun_crypto_framer_dtls_args_v1_t dtls_v1; 274 // future (additional) versions of the arguments may be placed here 275 } u; 276 u_int8_t varargs_buf[0]; 277} __attribute__((aligned(4), packed)) utun_crypto_framer_args_t; 278 279#define utun_crypto_framer_args_dtls_in(framer) framer->u.dtls_v1.u.in 280#define utun_crypto_framer_args_dtls_out(framer) framer->u.dtls_v1.u.out 281 282#ifdef KERNEL_PRIVATE 283 284#include <sys/kern_control.h> 285#include <net/kpi_protocol.h> 286#include <net/kpi_interface.h> 287#include <net/pfkeyv2.h> 288#include <netkey/key.h> 289#include <netkey/keydb.h> 290#include <net/bpf.h> 291 292struct utun_pcb; 293 294// structures used for storing kernel's keying material runtime state 295typedef struct utun_crypto_keys_ipsec_state { 296 // kernel's ipsec keying material state 297 u_int32_t spi; 298 struct secashead *sah; 299 struct secasvar *sav; 300 u_int8_t proto; 301 u_int8_t ifamily; 302 u_int8_t mode; 303 u_int8_t unused; 304} __attribute__((packed)) utun_crypto_keys_ipsec_state_t; 305 306typedef struct utun_crypto_keys_dtls_state { 307 // stub for kernel's DTLS keying material state 308 u_int32_t unused; // place holder 309} __attribute__((packed)) utun_crypto_keys_dtls_state_t; 310 311// kernel's parent structure for keying material state 312typedef struct utun_crypto_keys_state { 313 union { 314 utun_crypto_keys_ipsec_state_t ipsec; 315 utun_crypto_keys_dtls_state_t dtls; 316 } u; 317} __attribute__((aligned(4), packed)) utun_crypto_keys_state_t; 318 319// kernel's parent structure for keying material 320typedef struct utun_crypto_keys { 321 int valid; // is valid? 322 utun_crypto_type_t type; 323 u_int16_t unused; 324 utun_crypto_keys_state_t state; // runtime state 325 LIST_ENTRY(utun_crypto_keys) chain; 326} __attribute__((aligned(4), packed)) utun_crypto_keys_t; 327 328// structures used for storing kernel's framer runtime state 329typedef struct utun_crypto_framer_ipsec_state { 330 // stub for kernel's IPSec framer state 331 u_int32_t unused; // place holder 332} __attribute__((packed)) utun_crypto_framer_ipsec_state_t; 333 334typedef struct utun_crypto_framer_dtls_in_state { 335 u_int8_t *in_pattern; 336 int in_pattern_len; 337 u_int8_t *in_pattern_mask; 338 u_int8_t *in_pattern_masked; 339 int in_data_offset; 340 struct bpf_program in_pattern_filter; 341} __attribute__((packed)) utun_crypto_framer_dtls_in_state_t; 342 343typedef struct utun_crypto_framer_dtls_out_state { 344 u_int8_t *out_pattern; 345 int out_pattern_len; 346 u_int32_t len_field_mask; // 0 means unconfigured 347 int len_field_offset; 348 int len_field_extra; 349 u_int32_t sequence_field; 350 u_int32_t sequence_field_initval; 351 u_int32_t sequence_field_mask; // 0 means unconfigured 352 int sequence_field_offset; 353} __attribute__((packed)) utun_crypto_framer_dtls_out_state_t; 354 355typedef struct utun_crypto_framer_dtls_state { 356 union { 357 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility 358 utun_crypto_framer_dtls_in_state_t in; 359 utun_crypto_framer_dtls_out_state_t out; 360 // future (additional) versions of the arguments may be placed here 361 } u; 362} __attribute__((packed)) utun_crypto_framer_dtls_state_t; 363 364// kernel's parent structure for framer state 365typedef struct utun_crypto_framer_state { 366 union { 367 utun_crypto_framer_ipsec_state_t ipsec; 368 utun_crypto_framer_dtls_state_t dtls; 369 } u; 370} __attribute__((aligned(4), packed)) utun_crypto_framer_state_t; 371 372// kernel's parent structure for the framer 373typedef struct utun_crypto_framer { 374 int valid; // is valid? 375 utun_crypto_type_t type; 376 utun_crypto_dir_t dir; 377 utun_crypto_framer_inner_type_t inner_type; 378 protocol_family_t inner_protocol_family; 379 utun_crypto_framer_state_t state; // runtime state 380 LIST_ENTRY(utun_crypto_framer) framer_chain; 381} __attribute__((aligned(4), packed)) utun_crypto_framer_t; 382 383#define UTUN_CRYPTO_INNER_TYPE_TO_IDX(type) (type - 1) 384#define UTUN_CRYPTO_IDX_TO_INNER_TYPE(idx) (idx + 1) 385#define UTUN_CRYPTO_INNER_TYPE_IDX_MAX UTUN_CRYPTO_INNER_TYPE_TO_IDX(UTUN_CRYPTO_INNER_TYPE_MAX) 386 387#define UTUN_CRYPTO_DIR_TO_IDX(dir) (dir - 1) 388#define UTUN_CRYPTO_IDX_TO_DIR(idx) (idx + 1) 389#define UTUN_CRYPTO_DIR_IDX_MAX UTUN_CRYPTO_DIR_TO_IDX(UTUN_CRYPTO_DIR_MAX) 390 391#define utun_crypto_framer_state_dtls_in(framer) framer->state.u.dtls.u.in 392#define utun_crypto_framer_state_dtls_out(framer) framer->state.u.dtls.u.out 393 394// kernel's parent structure for all crypto stuff 395typedef struct utun_crypto_ctx { 396 int valid; 397 utun_crypto_type_t type; 398 u_int16_t unused; 399 LIST_HEAD(chain, utun_crypto_keys) keys_listhead; 400 LIST_HEAD(framer_chain, utun_crypto_framer) framer_listheads[UTUN_CRYPTO_INNER_TYPE_IDX_MAX]; 401 int num_framers; 402 int kpi_handle; 403 caddr_t kpi_ref; 404 int kpi_refcnt; 405} __attribute__((aligned(4), packed)) utun_crypto_ctx_t; 406 407#define UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_keys_idx_args_t *)0)->u)) 408#define UTUN_CRYPTO_KEYS_IDX_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen) 409#define UTUN_CRYPTO_KEYS_IDX_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen)) 410 411#define UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_keys_args_t *)0)->u)) 412#define UTUN_CRYPTO_KEYS_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen) 413#define UTUN_CRYPTO_KEYS_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen)) 414 415#define UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_framer_args_t *)0)->u)) 416#define UTUN_CRYPTO_FRAMER_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen) 417#define UTUN_CRYPTO_FRAMER_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen)) 418 419#define UTUN_CRYPTO_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_args_t *)0)->u)) 420#define UTUN_CRYPTO_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen) 421#define UTUN_CRYPTO_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen)) 422 423typedef caddr_t (*utun_crypto_kpi_connect_func)(int kpi_handle, struct utun_pcb *utun_ref); 424 425typedef errno_t (*utun_crypto_kpi_send_func)(caddr_t ref, mbuf_t *pkt); 426 427typedef struct utun_crypto_kpi_reg { 428 /* Dispatch functions */ 429 utun_crypto_type_t crypto_kpi_type; 430 u_int32_t crypto_kpi_flags; 431 utun_crypto_kpi_connect_func crypto_kpi_connect; 432 utun_crypto_kpi_send_func crypto_kpi_send; 433} utun_crypto_kpi_reg_t; 434 435typedef struct utun_crypto_kpi_reg_list { 436 utun_crypto_kpi_reg_t reg; 437 struct utun_crypto_kpi_reg_list *next; 438} utun_crypto_kpi_reg_list_t; 439 440void 441utun_ctl_init_crypto(void); 442 443/* 444 * Summary: registers the crypto KPI's Kext routines with UTUN... so that UTUN can make calls into it (e.g. DTLS) 445 */ 446errno_t 447utun_crypto_kpi_register(utun_crypto_kpi_reg_t *reg); 448 449void 450utun_cleanup_crypto(struct utun_pcb *pcb); 451 452errno_t 453utun_ctl_enable_crypto(__unused kern_ctl_ref kctlref, 454 __unused u_int32_t unit, 455 __unused void *unitinfo, 456 __unused int opt, 457 void *data, 458 size_t len); 459 460errno_t 461utun_ctl_disable_crypto(__unused kern_ctl_ref kctlref, 462 __unused u_int32_t unit, 463 __unused void *unitinfo, 464 __unused int opt, 465 void *data, 466 size_t len); 467 468errno_t 469utun_ctl_config_crypto_keys(__unused kern_ctl_ref kctlref, 470 __unused u_int32_t unit, 471 __unused void *unitinfo, 472 __unused int opt, 473 void *data, 474 size_t len); 475 476errno_t 477utun_ctl_unconfig_crypto_keys(__unused kern_ctl_ref kctlref, 478 __unused u_int32_t unit, 479 __unused void *unitinfo, 480 __unused int opt, 481 void *data, 482 size_t len); 483 484errno_t 485utun_ctl_config_crypto_framer(__unused kern_ctl_ref kctlref, 486 __unused u_int32_t unit, 487 __unused void *unitinfo, 488 __unused int opt, 489 void *data, 490 size_t len); 491 492errno_t 493utun_ctl_unconfig_crypto_framer(__unused kern_ctl_ref kctlref, 494 __unused u_int32_t unit, 495 __unused void *unitinfo, 496 __unused int opt, 497 void *data, 498 size_t len); 499 500errno_t 501utun_ctl_generate_crypto_keys_idx(__unused kern_ctl_ref kctlref, 502 __unused u_int32_t unit, 503 __unused void *unitinfo, 504 __unused int opt, 505 void *data, 506 size_t *len); 507 508errno_t 509utun_ctl_stop_crypto_data_traffic(__unused kern_ctl_ref kctlref, 510 __unused u_int32_t unit, 511 __unused void *unitinfo, 512 __unused int opt, 513 void *data, 514 size_t len); 515 516errno_t 517utun_ctl_start_crypto_data_traffic(__unused kern_ctl_ref kctlref, 518 __unused u_int32_t unit, 519 __unused void *unitinfo, 520 __unused int opt, 521 void *data, 522 size_t len); 523 524int 525utun_pkt_crypto_output(struct utun_pcb *pcb, mbuf_t *m); 526 527#endif // KERNEL_PRIVATE 528 529#endif // _NET_IF_UTUN_CRYPTO_H_ 530