keydb.h revision 1.5
1239310Sdim/* $NetBSD: keydb.h,v 1.5 2007/06/27 20:38:33 degroote Exp $ */ 2239310Sdim/* $FreeBSD: src/sys/netipsec/keydb.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ 3239310Sdim/* $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $ */ 4239310Sdim 5239310Sdim/* 6239310Sdim * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7239310Sdim * All rights reserved. 8239310Sdim * 9239310Sdim * Redistribution and use in source and binary forms, with or without 10239310Sdim * modification, are permitted provided that the following conditions 11239310Sdim * are met: 12239310Sdim * 1. Redistributions of source code must retain the above copyright 13239310Sdim * notice, this list of conditions and the following disclaimer. 14239310Sdim * 2. Redistributions in binary form must reproduce the above copyright 15239310Sdim * notice, this list of conditions and the following disclaimer in the 16249423Sdim * documentation and/or other materials provided with the distribution. 17239310Sdim * 3. Neither the name of the project nor the names of its contributors 18239310Sdim * may be used to endorse or promote products derived from this software 19249423Sdim * without specific prior written permission. 20249423Sdim * 21249423Sdim * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22249423Sdim * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23239310Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24239310Sdim * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25239310Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26239310Sdim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27239310Sdim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28243830Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29239310Sdim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30239310Sdim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31239310Sdim * SUCH DAMAGE. 32239310Sdim */ 33239310Sdim 34239310Sdim#ifndef _NETIPSEC_KEYDB_H_ 35239310Sdim#define _NETIPSEC_KEYDB_H_ 36239310Sdim 37239310Sdim#ifdef _KERNEL 38239310Sdim 39239310Sdim#include "opt_ipsec.h" 40239310Sdim 41239310Sdim#include <netipsec/key_var.h> 42239310Sdim#include <net/route.h> 43239310Sdim#include <netinet/in.h> 44249423Sdim 45239310Sdim/* 46239310Sdim * The union of all possible address formats we handle. 47239310Sdim */ 48239310Sdimunion sockaddr_union { 49239310Sdim struct sockaddr sa; 50239310Sdim struct sockaddr_in sin; 51243830Sdim struct sockaddr_in6 sin6; 52243830Sdim}; 53239310Sdim 54239310Sdim/* Security Assocciation Index */ 55239310Sdim/* NOTE: Ensure to be same address family */ 56243830Sdimstruct secasindex { 57243830Sdim union sockaddr_union src; /* srouce address for SA */ 58239310Sdim union sockaddr_union dst; /* destination address for SA */ 59239310Sdim u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ 60239310Sdim u_int8_t mode; /* mode of protocol, see ipsec.h */ 61239310Sdim u_int32_t reqid; /* reqid id who owned this SA */ 62239310Sdim /* see IPSEC_MANUAL_REQID_MAX. */ 63239310Sdim}; 64239310Sdim 65239310Sdim/* Security Association Data Base */ 66239310Sdimstruct secashead { 67239310Sdim LIST_ENTRY(secashead) chain; 68239310Sdim 69239310Sdim struct secasindex saidx; 70239310Sdim 71239310Sdim struct sadb_ident *idents; /* source identity */ 72239310Sdim struct sadb_ident *identd; /* destination identity */ 73239310Sdim /* XXX I don't know how to use them. */ 74239310Sdim 75239310Sdim u_int8_t state; /* MATURE or DEAD. */ 76239310Sdim LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; 77239310Sdim /* SA chain */ 78239310Sdim /* The first of this list is newer SA */ 79239310Sdim 80239310Sdim struct route sa_route; /* route cache */ 81239310Sdim}; 82239310Sdim 83263508Sdimstruct xformsw; 84239310Sdimstruct enc_xform; 85239310Sdimstruct auth_hash; 86239310Sdimstruct comp_algo; 87239310Sdim 88239310Sdim/* Security Association */ 89239310Sdimstruct secasvar { 90239310Sdim LIST_ENTRY(secasvar) chain; 91239310Sdim 92239310Sdim u_int refcnt; /* reference count */ 93239310Sdim u_int8_t state; /* Status of this Association */ 94239310Sdim 95239310Sdim u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ 96239310Sdim u_int8_t alg_enc; /* Cipher Algorithm Identifier */ 97239310Sdim u_int8_t alg_comp; /* Compression Algorithm Identifier */ 98239310Sdim u_int32_t spi; /* SPI Value, network byte order */ 99239310Sdim u_int32_t flags; /* holder for SADB_KEY_FLAGS */ 100239310Sdim 101239310Sdim struct sadb_key *key_auth; /* Key for Authentication */ 102239310Sdim struct sadb_key *key_enc; /* Key for Encryption */ 103239310Sdim void *iv; /* Initilization Vector */ 104239310Sdim u_int ivlen; /* length of IV */ 105239310Sdim void *sched; /* intermediate encryption key */ 106239310Sdim size_t schedlen; 107239310Sdim 108239310Sdim struct secreplay *replay; /* replay prevention */ 109239310Sdim long created; /* for lifetime */ 110249423Sdim 111239310Sdim struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ 112239310Sdim struct sadb_lifetime *lft_h; /* HARD lifetime */ 113239310Sdim struct sadb_lifetime *lft_s; /* SOFT lifetime */ 114239310Sdim 115239310Sdim u_int32_t seq; /* sequence number */ 116239310Sdim pid_t pid; /* message's pid */ 117239310Sdim 118239310Sdim struct secashead *sah; /* back pointer to the secashead */ 119239310Sdim 120239310Sdim /* 121239310Sdim * NB: Fields with a tdb_ prefix are part of the "glue" used 122239310Sdim * to interface to the OpenBSD crypto support. This was done 123239310Sdim * to distinguish this code from the mainline KAME code. 124239310Sdim */ 125239310Sdim struct xformsw *tdb_xform; /* transform */ 126239310Sdim struct enc_xform *tdb_encalgxform; /* encoding algorithm */ 127239310Sdim struct auth_hash *tdb_authalgxform; /* authentication algorithm */ 128239310Sdim struct comp_algo *tdb_compalgxform; /* compression algorithm */ 129239310Sdim u_int64_t tdb_cryptoid; /* crypto session id */ 130239310Sdim 131239310Sdim#ifdef IPSEC_NAT_T 132239310Sdim u_int16_t natt_type; 133239310Sdim u_int16_t esp_frag; 134239310Sdim#endif 135239310Sdim}; 136239310Sdim 137239310Sdim/* replay prevention */ 138239310Sdimstruct secreplay { 139239310Sdim u_int32_t count; 140239310Sdim u_int wsize; /* window size, i.g. 4 bytes */ 141239310Sdim u_int32_t seq; /* used by sender */ 142239310Sdim u_int32_t lastseq; /* used by receiver */ 143239310Sdim char *bitmap; /* used by receiver */ 144239310Sdim int overflow; /* overflow flag */ 145243830Sdim}; 146239310Sdim 147239310Sdim/* socket table due to send PF_KEY messages. */ 148239310Sdimstruct secreg { 149239310Sdim LIST_ENTRY(secreg) chain; 150239310Sdim 151239310Sdim struct socket *so; 152239310Sdim}; 153239310Sdim 154239310Sdim#ifndef IPSEC_NONBLOCK_ACQUIRE 155239310Sdim/* acquiring list table. */ 156239310Sdimstruct secacq { 157239310Sdim LIST_ENTRY(secacq) chain; 158239310Sdim 159239310Sdim struct secasindex saidx; 160239310Sdim 161239310Sdim u_int32_t seq; /* sequence number */ 162239310Sdim long created; /* for lifetime */ 163239310Sdim int count; /* for lifetime */ 164239310Sdim}; 165239310Sdim#endif 166239310Sdim 167239310Sdim/* Sensitivity Level Specification */ 168239310Sdim/* nothing */ 169243830Sdim 170243830Sdim#define SADB_KILL_INTERVAL 600 /* six seconds */ 171239310Sdim 172239310Sdim/* secpolicy */ 173239310Sdimextern struct secpolicy *keydb_newsecpolicy __P((void)); 174239310Sdimextern void keydb_delsecpolicy __P((struct secpolicy *)); 175263508Sdim/* secashead */ 176263508Sdimextern struct secashead *keydb_newsecashead __P((void)); 177239310Sdimextern void keydb_delsecashead __P((struct secashead *)); 178239310Sdim/* secasvar */ 179239310Sdimextern struct secasvar *keydb_newsecasvar __P((void)); 180239310Sdimextern void keydb_refsecasvar __P((struct secasvar *)); 181239310Sdimextern void keydb_freesecasvar __P((struct secasvar *)); 182239310Sdim/* secreplay */ 183239310Sdimextern struct secreplay *keydb_newsecreplay __P((size_t)); 184239310Sdimextern void keydb_delsecreplay __P((struct secreplay *)); 185239310Sdim/* secreg */ 186239310Sdimextern struct secreg *keydb_newsecreg __P((void)); 187239310Sdimextern void keydb_delsecreg __P((struct secreg *)); 188239310Sdim 189239310Sdim#endif /* _KERNEL */ 190239310Sdim 191239310Sdim#endif /* !_NETIPSEC_KEYDB_H_ */ 192239310Sdim