188768458SSam Leffler /* $FreeBSD$ */ 288768458SSam Leffler /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ 3c398230bSWarner Losh /*- 488768458SSam Leffler * The authors of this code are John Ioannidis (ji@tla.org), 588768458SSam Leffler * Angelos D. Keromytis (kermit@csd.uch.gr), 688768458SSam Leffler * Niels Provos (provos@physnet.uni-hamburg.de) and 788768458SSam Leffler * Niklas Hallqvist (niklas@appli.se). 888768458SSam Leffler * 988768458SSam Leffler * The original version of this code was written by John Ioannidis 1088768458SSam Leffler * for BSD/OS in Athens, Greece, in November 1995. 1188768458SSam Leffler * 1288768458SSam Leffler * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 1388768458SSam Leffler * by Angelos D. Keromytis. 1488768458SSam Leffler * 1588768458SSam Leffler * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 1688768458SSam Leffler * and Niels Provos. 1788768458SSam Leffler * 1888768458SSam Leffler * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. 1988768458SSam Leffler * 2088768458SSam Leffler * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 2188768458SSam Leffler * Angelos D. Keromytis and Niels Provos. 2288768458SSam Leffler * Copyright (c) 1999 Niklas Hallqvist. 2388768458SSam Leffler * Copyright (c) 2001, Angelos D. Keromytis. 2488768458SSam Leffler * 2588768458SSam Leffler * Permission to use, copy, and modify this software with or without fee 2688768458SSam Leffler * is hereby granted, provided that this entire notice is included in 2788768458SSam Leffler * all copies of any software which is or includes a copy or 2888768458SSam Leffler * modification of this software. 2988768458SSam Leffler * You may use this code under the GNU public license if you so wish. Please 3088768458SSam Leffler * contribute changes back to the authors under this freer than GPL license 3188768458SSam Leffler * so that we may further the use of strong encryption without limitations to 3288768458SSam Leffler * all. 3388768458SSam Leffler * 3488768458SSam Leffler * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 3588768458SSam Leffler * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 3688768458SSam Leffler * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 3788768458SSam Leffler * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 3888768458SSam Leffler * PURPOSE. 3988768458SSam Leffler */ 4088768458SSam Leffler 4188768458SSam Leffler #ifndef _NETIPSEC_XFORM_H_ 4288768458SSam Leffler #define _NETIPSEC_XFORM_H_ 4388768458SSam Leffler 4488768458SSam Leffler #include <sys/types.h> 45fcf59617SAndrey V. Elsukov #include <sys/queue.h> 4688768458SSam Leffler #include <netinet/in.h> 4788768458SSam Leffler #include <opencrypto/xform.h> 4888768458SSam Leffler 4988768458SSam Leffler #define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ 50442da28aSVANHULLEBUS Yvan #define AH_HMAC_MAXHASHLEN (SHA2_512_HASH_LEN/2) /* Keep this updated */ 5188768458SSam Leffler #define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ 5288768458SSam Leffler 53fcf59617SAndrey V. Elsukov #ifdef _KERNEL 54fcf59617SAndrey V. Elsukov struct secpolicy; 55fcf59617SAndrey V. Elsukov struct secasvar; 56fcf59617SAndrey V. Elsukov 5788768458SSam Leffler /* 5888768458SSam Leffler * Packet tag assigned on completion of IPsec processing; used 59fcf59617SAndrey V. Elsukov * to speedup security policy checking for INBOUND packets. 6088768458SSam Leffler */ 61fcf59617SAndrey V. Elsukov struct xform_history { 62fcf59617SAndrey V. Elsukov union sockaddr_union dst; /* destination address */ 63fcf59617SAndrey V. Elsukov uint32_t spi; /* Security Parameters Index */ 64fcf59617SAndrey V. Elsukov uint8_t proto; /* IPPROTO_ESP or IPPROTO_AH */ 65fcf59617SAndrey V. Elsukov uint8_t mode; /* transport or tunnel */ 6688768458SSam Leffler }; 6788768458SSam Leffler 6888768458SSam Leffler /* 6988768458SSam Leffler * Opaque data structure hung off a crypto operation descriptor. 7088768458SSam Leffler */ 71fcf59617SAndrey V. Elsukov struct xform_data { 72fcf59617SAndrey V. Elsukov struct secpolicy *sp; /* security policy */ 73fcf59617SAndrey V. Elsukov struct secasvar *sav; /* related SA */ 742e08e39fSConrad Meyer crypto_session_t cryptoid; /* used crypto session */ 75fcf59617SAndrey V. Elsukov u_int idx; /* IPsec request index */ 76fcf59617SAndrey V. Elsukov int protoff; /* current protocol offset */ 77fcf59617SAndrey V. Elsukov int skip; /* data offset */ 78fcf59617SAndrey V. Elsukov uint8_t nxt; /* next protocol, e.g. IPV4 */ 79fd40ecf3SJohn Baldwin struct vnet *vnet; 8088768458SSam Leffler }; 8188768458SSam Leffler 8261f37615SAndrey V. Elsukov #define XF_IP4 1 /* unused */ 8388768458SSam Leffler #define XF_AH 2 /* AH */ 8488768458SSam Leffler #define XF_ESP 3 /* ESP */ 8588768458SSam Leffler #define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ 8688768458SSam Leffler #define XF_IPCOMP 6 /* IPCOMP */ 87fcf59617SAndrey V. Elsukov 88fcf59617SAndrey V. Elsukov struct xformsw { 89fcf59617SAndrey V. Elsukov u_short xf_type; /* xform ID */ 900ddfd867SAndrey V. Elsukov const char *xf_name; /* human-readable name */ 9188768458SSam Leffler int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ 92*dae61c9dSJohn Baldwin void (*xf_cleanup)(struct secasvar*); /* cleanup */ 9388768458SSam Leffler int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ 9488768458SSam Leffler int, int); 9588768458SSam Leffler int (*xf_output)(struct mbuf*, /* output */ 96fcf59617SAndrey V. Elsukov struct secpolicy *, struct secasvar *, u_int, int, int); 970ddfd867SAndrey V. Elsukov 980ddfd867SAndrey V. Elsukov volatile u_int xf_cntr; 99fcf59617SAndrey V. Elsukov LIST_ENTRY(xformsw) chain; 10088768458SSam Leffler }; 10188768458SSam Leffler 102fcf59617SAndrey V. Elsukov const struct enc_xform * enc_algorithm_lookup(int); 103fcf59617SAndrey V. Elsukov const struct auth_hash * auth_algorithm_lookup(int); 104fcf59617SAndrey V. Elsukov const struct comp_algo * comp_algorithm_lookup(int); 105fcf59617SAndrey V. Elsukov 106fcf59617SAndrey V. Elsukov void xform_attach(void *); 107fcf59617SAndrey V. Elsukov void xform_detach(void *); 1080ddfd867SAndrey V. Elsukov int xform_init(struct secasvar *, u_short); 10988768458SSam Leffler 110c0341432SJohn Baldwin struct crypto_session_params; 11188768458SSam Leffler /* XF_AH */ 112fcf59617SAndrey V. Elsukov int xform_ah_authsize(const struct auth_hash *); 113c0341432SJohn Baldwin int ah_init0(struct secasvar *, struct xformsw *, 114c0341432SJohn Baldwin struct crypto_session_params *); 11588768458SSam Leffler extern size_t ah_hdrsiz(struct secasvar *); 11688768458SSam Leffler 11788768458SSam Leffler /* XF_ESP */ 11888768458SSam Leffler extern size_t esp_hdrsiz(struct secasvar *sav); 11988768458SSam Leffler 12088768458SSam Leffler #endif /* _KERNEL */ 12188768458SSam Leffler #endif /* _NETIPSEC_XFORM_H_ */ 122