xref: /freebsd/sys/netipsec/xform.h (revision 71625ec9ad2a9bc8c09784fbd23b759830e0ee5f) 
188768458SSam Leffler /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
2c398230bSWarner Losh /*-
388768458SSam Leffler  * The authors of this code are John Ioannidis (ji@tla.org),
488768458SSam Leffler  * Angelos D. Keromytis (kermit@csd.uch.gr),
588768458SSam Leffler  * Niels Provos (provos@physnet.uni-hamburg.de) and
688768458SSam Leffler  * Niklas Hallqvist (niklas@appli.se).
788768458SSam Leffler  *
888768458SSam Leffler  * The original version of this code was written by John Ioannidis
988768458SSam Leffler  * for BSD/OS in Athens, Greece, in November 1995.
1088768458SSam Leffler  *
1188768458SSam Leffler  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
1288768458SSam Leffler  * by Angelos D. Keromytis.
1388768458SSam Leffler  *
1488768458SSam Leffler  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
1588768458SSam Leffler  * and Niels Provos.
1688768458SSam Leffler  *
1788768458SSam Leffler  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
1888768458SSam Leffler  *
1988768458SSam Leffler  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
2088768458SSam Leffler  * Angelos D. Keromytis and Niels Provos.
2188768458SSam Leffler  * Copyright (c) 1999 Niklas Hallqvist.
2288768458SSam Leffler  * Copyright (c) 2001, Angelos D. Keromytis.
2388768458SSam Leffler  *
2488768458SSam Leffler  * Permission to use, copy, and modify this software with or without fee
2588768458SSam Leffler  * is hereby granted, provided that this entire notice is included in
2688768458SSam Leffler  * all copies of any software which is or includes a copy or
2788768458SSam Leffler  * modification of this software.
2888768458SSam Leffler  * You may use this code under the GNU public license if you so wish. Please
2988768458SSam Leffler  * contribute changes back to the authors under this freer than GPL license
3088768458SSam Leffler  * so that we may further the use of strong encryption without limitations to
3188768458SSam Leffler  * all.
3288768458SSam Leffler  *
3388768458SSam Leffler  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
3488768458SSam Leffler  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
3588768458SSam Leffler  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
3688768458SSam Leffler  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
3788768458SSam Leffler  * PURPOSE.
3888768458SSam Leffler  */
3988768458SSam Leffler 
4088768458SSam Leffler #ifndef _NETIPSEC_XFORM_H_
4188768458SSam Leffler #define _NETIPSEC_XFORM_H_
4288768458SSam Leffler 
4388768458SSam Leffler #include <sys/types.h>
44fcf59617SAndrey V. Elsukov #include <sys/queue.h>
4588768458SSam Leffler #include <netinet/in.h>
4688768458SSam Leffler #include <opencrypto/xform.h>
4788768458SSam Leffler 
4888768458SSam Leffler #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
49442da28aSVANHULLEBUS Yvan #define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
5088768458SSam Leffler #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
5188768458SSam Leffler 
52fcf59617SAndrey V. Elsukov #ifdef _KERNEL
53fcf59617SAndrey V. Elsukov struct secpolicy;
54fcf59617SAndrey V. Elsukov struct secasvar;
55fcf59617SAndrey V. Elsukov 
5688768458SSam Leffler /*
5788768458SSam Leffler  * Packet tag assigned on completion of IPsec processing; used
58fcf59617SAndrey V. Elsukov  * to speedup security policy checking for INBOUND packets.
5988768458SSam Leffler  */
60fcf59617SAndrey V. Elsukov struct xform_history {
61fcf59617SAndrey V. Elsukov 	union sockaddr_union	dst;		/* destination address */
62fcf59617SAndrey V. Elsukov 	uint32_t		spi;		/* Security Parameters Index */
63fcf59617SAndrey V. Elsukov 	uint8_t			proto;		/* IPPROTO_ESP or IPPROTO_AH */
64fcf59617SAndrey V. Elsukov 	uint8_t			mode;		/* transport or tunnel */
6588768458SSam Leffler };
6688768458SSam Leffler 
6788768458SSam Leffler /*
6888768458SSam Leffler  * Opaque data structure hung off a crypto operation descriptor.
6988768458SSam Leffler  */
70fcf59617SAndrey V. Elsukov struct xform_data {
71fcf59617SAndrey V. Elsukov 	struct secpolicy	*sp;		/* security policy */
72fcf59617SAndrey V. Elsukov 	struct secasvar		*sav;		/* related SA */
732e08e39fSConrad Meyer 	crypto_session_t	cryptoid;	/* used crypto session */
74fcf59617SAndrey V. Elsukov 	u_int			idx;		/* IPsec request index */
75fcf59617SAndrey V. Elsukov 	int			protoff;	/* current protocol offset */
76fcf59617SAndrey V. Elsukov 	int			skip;		/* data offset */
77fcf59617SAndrey V. Elsukov 	uint8_t			nxt;		/* next protocol, e.g. IPV4 */
78fd40ecf3SJohn Baldwin 	struct vnet		*vnet;
7988768458SSam Leffler };
8088768458SSam Leffler 
8161f37615SAndrey V. Elsukov #define	XF_IP4		1	/* unused */
8288768458SSam Leffler #define	XF_AH		2	/* AH */
8388768458SSam Leffler #define	XF_ESP		3	/* ESP */
8488768458SSam Leffler #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
8588768458SSam Leffler #define	XF_IPCOMP	6	/* IPCOMP */
86fcf59617SAndrey V. Elsukov 
87fcf59617SAndrey V. Elsukov struct xformsw {
88fcf59617SAndrey V. Elsukov 	u_short			xf_type;	/* xform ID */
890ddfd867SAndrey V. Elsukov 	const char		*xf_name;	/* human-readable name */
9088768458SSam Leffler 	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
91*dae61c9dSJohn Baldwin 	void	(*xf_cleanup)(struct secasvar*);		/* cleanup */
9288768458SSam Leffler 	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
9388768458SSam Leffler 			int, int);
9488768458SSam Leffler 	int	(*xf_output)(struct mbuf*,			/* output */
95fcf59617SAndrey V. Elsukov 	    struct secpolicy *, struct secasvar *, u_int, int, int);
960ddfd867SAndrey V. Elsukov 
970ddfd867SAndrey V. Elsukov 	volatile u_int		xf_cntr;
98fcf59617SAndrey V. Elsukov 	LIST_ENTRY(xformsw)	chain;
9988768458SSam Leffler };
10088768458SSam Leffler 
101fcf59617SAndrey V. Elsukov const struct enc_xform * enc_algorithm_lookup(int);
102fcf59617SAndrey V. Elsukov const struct auth_hash * auth_algorithm_lookup(int);
103fcf59617SAndrey V. Elsukov const struct comp_algo * comp_algorithm_lookup(int);
104fcf59617SAndrey V. Elsukov 
105fcf59617SAndrey V. Elsukov void xform_attach(void *);
106fcf59617SAndrey V. Elsukov void xform_detach(void *);
1070ddfd867SAndrey V. Elsukov int xform_init(struct secasvar *, u_short);
10888768458SSam Leffler 
109c0341432SJohn Baldwin struct crypto_session_params;
11088768458SSam Leffler /* XF_AH */
111fcf59617SAndrey V. Elsukov int xform_ah_authsize(const struct auth_hash *);
112c0341432SJohn Baldwin int ah_init0(struct secasvar *, struct xformsw *,
113c0341432SJohn Baldwin     struct crypto_session_params *);
11488768458SSam Leffler extern size_t ah_hdrsiz(struct secasvar *);
11588768458SSam Leffler 
11688768458SSam Leffler /* XF_ESP */
11788768458SSam Leffler extern size_t esp_hdrsiz(struct secasvar *sav);
11888768458SSam Leffler 
11988768458SSam Leffler #endif /* _KERNEL */
12088768458SSam Leffler #endif /* _NETIPSEC_XFORM_H_ */
121