1105197Ssam/* $FreeBSD$ */ 2105197Ssam/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ 3139823Simp/*- 4105197Ssam * The authors of this code are John Ioannidis (ji@tla.org), 5105197Ssam * Angelos D. Keromytis (kermit@csd.uch.gr), 6105197Ssam * Niels Provos (provos@physnet.uni-hamburg.de) and 7105197Ssam * Niklas Hallqvist (niklas@appli.se). 8105197Ssam * 9105197Ssam * The original version of this code was written by John Ioannidis 10105197Ssam * for BSD/OS in Athens, Greece, in November 1995. 11105197Ssam * 12105197Ssam * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 13105197Ssam * by Angelos D. Keromytis. 14105197Ssam * 15105197Ssam * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 16105197Ssam * and Niels Provos. 17105197Ssam * 18105197Ssam * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. 19105197Ssam * 20105197Ssam * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 21105197Ssam * Angelos D. Keromytis and Niels Provos. 22105197Ssam * Copyright (c) 1999 Niklas Hallqvist. 23105197Ssam * Copyright (c) 2001, Angelos D. Keromytis. 24105197Ssam * 25105197Ssam * Permission to use, copy, and modify this software with or without fee 26105197Ssam * is hereby granted, provided that this entire notice is included in 27105197Ssam * all copies of any software which is or includes a copy or 28105197Ssam * modification of this software. 29105197Ssam * You may use this code under the GNU public license if you so wish. Please 30105197Ssam * contribute changes back to the authors under this freer than GPL license 31105197Ssam * so that we may further the use of strong encryption without limitations to 32105197Ssam * all. 33105197Ssam * 34105197Ssam * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 35105197Ssam * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 36105197Ssam * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 37105197Ssam * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 38105197Ssam * PURPOSE. 39105197Ssam */ 40105197Ssam 41105197Ssam#ifndef _NETIPSEC_XFORM_H_ 42105197Ssam#define _NETIPSEC_XFORM_H_ 43105197Ssam 44105197Ssam#include <sys/types.h> 45105197Ssam#include <netinet/in.h> 46105197Ssam#include <opencrypto/xform.h> 47105197Ssam 48105197Ssam#define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ 49218794Svanhu#define AH_HMAC_MAXHASHLEN (SHA2_512_HASH_LEN/2) /* Keep this updated */ 50105197Ssam#define AH_HMAC_INITIAL_RPL 1 /* replay counter initial value */ 51105197Ssam 52105197Ssam/* 53105197Ssam * Packet tag assigned on completion of IPsec processing; used 54105197Ssam * to speedup processing when/if the packet comes back for more 55105197Ssam * processing. 56105197Ssam */ 57105197Ssamstruct tdb_ident { 58105197Ssam u_int32_t spi; 59105197Ssam union sockaddr_union dst; 60105197Ssam u_int8_t proto; 61174054Sbz /* Cache those two for enc(4) in xform_ipip. */ 62174054Sbz u_int8_t alg_auth; 63174054Sbz u_int8_t alg_enc; 64105197Ssam}; 65105197Ssam 66105197Ssam/* 67105197Ssam * Opaque data structure hung off a crypto operation descriptor. 68105197Ssam */ 69105197Ssamstruct tdb_crypto { 70105197Ssam struct ipsecrequest *tc_isr; /* ipsec request state */ 71105197Ssam u_int32_t tc_spi; /* associated SPI */ 72105197Ssam union sockaddr_union tc_dst; /* dst addr of packet */ 73105197Ssam u_int8_t tc_proto; /* current protocol, e.g. AH */ 74105197Ssam u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ 75105197Ssam int tc_protoff; /* current protocol offset */ 76105197Ssam int tc_skip; /* data offset */ 77105197Ssam caddr_t tc_ptr; /* associated crypto data */ 78220206Sfabient struct secasvar *tc_sav; /* related SA */ 79105197Ssam}; 80105197Ssam 81105197Ssamstruct secasvar; 82105197Ssamstruct ipescrequest; 83105197Ssam 84105197Ssamstruct xformsw { 85105197Ssam u_short xf_type; /* xform ID */ 86105197Ssam#define XF_IP4 1 /* IP inside IP */ 87105197Ssam#define XF_AH 2 /* AH */ 88105197Ssam#define XF_ESP 3 /* ESP */ 89105197Ssam#define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ 90105197Ssam#define XF_IPCOMP 6 /* IPCOMP */ 91105197Ssam u_short xf_flags; 92105197Ssam#define XFT_AUTH 0x0001 93105197Ssam#define XFT_CONF 0x0100 94105197Ssam#define XFT_COMP 0x1000 95105197Ssam char *xf_name; /* human-readable name */ 96105197Ssam int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ 97105197Ssam int (*xf_zeroize)(struct secasvar*); /* cleanup */ 98105197Ssam int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ 99105197Ssam int, int); 100105197Ssam int (*xf_output)(struct mbuf*, /* output */ 101105197Ssam struct ipsecrequest *, struct mbuf **, int, int); 102105197Ssam struct xformsw *xf_next; /* list of registered xforms */ 103105197Ssam}; 104105197Ssam 105105197Ssam#ifdef _KERNEL 106105197Ssamextern void xform_register(struct xformsw*); 107105197Ssamextern int xform_init(struct secasvar *sav, int xftype); 108105197Ssam 109105197Ssamstruct cryptoini; 110105197Ssam 111105197Ssam/* XF_IP4 */ 112105197Ssamextern int ip4_input6(struct mbuf **m, int *offp, int proto); 113157306Sbzextern void ip4_input(struct mbuf *m, int); 114105197Ssamextern int ipip_output(struct mbuf *, struct ipsecrequest *, 115105197Ssam struct mbuf **, int, int); 116105197Ssam 117105197Ssam/* XF_AH */ 118105197Ssamextern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); 119105197Ssamextern int ah_zeroize(struct secasvar *sav); 120105197Ssamextern struct auth_hash *ah_algorithm_lookup(int alg); 121105197Ssamextern size_t ah_hdrsiz(struct secasvar *); 122105197Ssam 123105197Ssam/* XF_ESP */ 124105197Ssamextern struct enc_xform *esp_algorithm_lookup(int alg); 125105197Ssamextern size_t esp_hdrsiz(struct secasvar *sav); 126105197Ssam 127105197Ssam/* XF_COMP */ 128105197Ssamextern struct comp_algo *ipcomp_algorithm_lookup(int alg); 129105197Ssam 130105197Ssam#endif /* _KERNEL */ 131105197Ssam#endif /* _NETIPSEC_XFORM_H_ */ 132