xref: /freebsd/sys/netipsec/xform.h (revision c398230b64aea809cb7c5cea8db580af7097920c) 
188768458SSam Leffler /*	$FreeBSD$	*/
288768458SSam Leffler /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
3c398230bSWarner Losh /*-
488768458SSam Leffler  * The authors of this code are John Ioannidis (ji@tla.org),
588768458SSam Leffler  * Angelos D. Keromytis (kermit@csd.uch.gr),
688768458SSam Leffler  * Niels Provos (provos@physnet.uni-hamburg.de) and
788768458SSam Leffler  * Niklas Hallqvist (niklas@appli.se).
888768458SSam Leffler  *
988768458SSam Leffler  * The original version of this code was written by John Ioannidis
1088768458SSam Leffler  * for BSD/OS in Athens, Greece, in November 1995.
1188768458SSam Leffler  *
1288768458SSam Leffler  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
1388768458SSam Leffler  * by Angelos D. Keromytis.
1488768458SSam Leffler  *
1588768458SSam Leffler  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
1688768458SSam Leffler  * and Niels Provos.
1788768458SSam Leffler  *
1888768458SSam Leffler  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
1988768458SSam Leffler  *
2088768458SSam Leffler  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
2188768458SSam Leffler  * Angelos D. Keromytis and Niels Provos.
2288768458SSam Leffler  * Copyright (c) 1999 Niklas Hallqvist.
2388768458SSam Leffler  * Copyright (c) 2001, Angelos D. Keromytis.
2488768458SSam Leffler  *
2588768458SSam Leffler  * Permission to use, copy, and modify this software with or without fee
2688768458SSam Leffler  * is hereby granted, provided that this entire notice is included in
2788768458SSam Leffler  * all copies of any software which is or includes a copy or
2888768458SSam Leffler  * modification of this software.
2988768458SSam Leffler  * You may use this code under the GNU public license if you so wish. Please
3088768458SSam Leffler  * contribute changes back to the authors under this freer than GPL license
3188768458SSam Leffler  * so that we may further the use of strong encryption without limitations to
3288768458SSam Leffler  * all.
3388768458SSam Leffler  *
3488768458SSam Leffler  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
3588768458SSam Leffler  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
3688768458SSam Leffler  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
3788768458SSam Leffler  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
3888768458SSam Leffler  * PURPOSE.
3988768458SSam Leffler  */
4088768458SSam Leffler 
4188768458SSam Leffler #ifndef _NETIPSEC_XFORM_H_
4288768458SSam Leffler #define _NETIPSEC_XFORM_H_
4388768458SSam Leffler 
4488768458SSam Leffler #include <sys/types.h>
4588768458SSam Leffler #include <netinet/in.h>
4688768458SSam Leffler #include <opencrypto/xform.h>
4788768458SSam Leffler 
4888768458SSam Leffler #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
4988768458SSam Leffler #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
5088768458SSam Leffler 
5188768458SSam Leffler /*
5288768458SSam Leffler  * Packet tag assigned on completion of IPsec processing; used
5388768458SSam Leffler  * to speedup processing when/if the packet comes back for more
5488768458SSam Leffler  * processing.
5588768458SSam Leffler  */
5688768458SSam Leffler struct tdb_ident {
5788768458SSam Leffler 	u_int32_t spi;
5888768458SSam Leffler 	union sockaddr_union dst;
5988768458SSam Leffler 	u_int8_t proto;
6088768458SSam Leffler };
6188768458SSam Leffler 
6288768458SSam Leffler /*
6388768458SSam Leffler  * Opaque data structure hung off a crypto operation descriptor.
6488768458SSam Leffler  */
6588768458SSam Leffler struct tdb_crypto {
6688768458SSam Leffler 	struct ipsecrequest	*tc_isr;	/* ipsec request state */
6788768458SSam Leffler 	u_int32_t		tc_spi;		/* associated SPI */
6888768458SSam Leffler 	union sockaddr_union	tc_dst;		/* dst addr of packet */
6988768458SSam Leffler 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
7088768458SSam Leffler 	u_int8_t		tc_nxt;		/* next protocol, e.g. IPV4 */
7188768458SSam Leffler 	int			tc_protoff;	/* current protocol offset */
7288768458SSam Leffler 	int			tc_skip;	/* data offset */
7388768458SSam Leffler 	caddr_t			tc_ptr;		/* associated crypto data */
7488768458SSam Leffler };
7588768458SSam Leffler 
7688768458SSam Leffler struct secasvar;
7788768458SSam Leffler struct ipescrequest;
7888768458SSam Leffler 
7988768458SSam Leffler struct xformsw {
8088768458SSam Leffler 	u_short	xf_type;		/* xform ID */
8188768458SSam Leffler #define	XF_IP4		1	/* IP inside IP */
8288768458SSam Leffler #define	XF_AH		2	/* AH */
8388768458SSam Leffler #define	XF_ESP		3	/* ESP */
8488768458SSam Leffler #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
8588768458SSam Leffler #define	XF_IPCOMP	6	/* IPCOMP */
8688768458SSam Leffler 	u_short	xf_flags;
8788768458SSam Leffler #define	XFT_AUTH	0x0001
8888768458SSam Leffler #define	XFT_CONF	0x0100
8988768458SSam Leffler #define	XFT_COMP	0x1000
9088768458SSam Leffler 	char	*xf_name;			/* human-readable name */
9188768458SSam Leffler 	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
9288768458SSam Leffler 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
9388768458SSam Leffler 	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
9488768458SSam Leffler 			int, int);
9588768458SSam Leffler 	int	(*xf_output)(struct mbuf*,	       		/* output */
9688768458SSam Leffler 			struct ipsecrequest *, struct mbuf **, int, int);
9788768458SSam Leffler 	struct xformsw *xf_next;		/* list of registered xforms */
9888768458SSam Leffler };
9988768458SSam Leffler 
10088768458SSam Leffler #ifdef _KERNEL
10188768458SSam Leffler extern void xform_register(struct xformsw*);
10288768458SSam Leffler extern int xform_init(struct secasvar *sav, int xftype);
10388768458SSam Leffler 
10488768458SSam Leffler struct cryptoini;
10588768458SSam Leffler 
10688768458SSam Leffler /* XF_IP4 */
10788768458SSam Leffler extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
10888768458SSam Leffler extern	void ip4_input(struct mbuf *m, ...);
10988768458SSam Leffler extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
11088768458SSam Leffler 			struct mbuf **, int, int);
11188768458SSam Leffler 
11288768458SSam Leffler /* XF_AH */
11388768458SSam Leffler extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
11488768458SSam Leffler extern int ah_zeroize(struct secasvar *sav);
11588768458SSam Leffler extern struct auth_hash *ah_algorithm_lookup(int alg);
11688768458SSam Leffler extern size_t ah_hdrsiz(struct secasvar *);
11788768458SSam Leffler 
11888768458SSam Leffler /* XF_ESP */
11988768458SSam Leffler extern struct enc_xform *esp_algorithm_lookup(int alg);
12088768458SSam Leffler extern size_t esp_hdrsiz(struct secasvar *sav);
12188768458SSam Leffler 
12288768458SSam Leffler /* XF_COMP */
12388768458SSam Leffler extern struct comp_algo *ipcomp_algorithm_lookup(int alg);
12488768458SSam Leffler 
12588768458SSam Leffler #endif /* _KERNEL */
12688768458SSam Leffler #endif /* _NETIPSEC_XFORM_H_ */
127