The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/xform.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD$       */
    2 /*      $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $   */
    3 /*-
    4  * The authors of this code are John Ioannidis (ji@tla.org),
    5  * Angelos D. Keromytis (kermit@csd.uch.gr),
    6  * Niels Provos (provos@physnet.uni-hamburg.de) and
    7  * Niklas Hallqvist (niklas@appli.se).
    8  *
    9  * The original version of this code was written by John Ioannidis
   10  * for BSD/OS in Athens, Greece, in November 1995.
   11  *
   12  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
   13  * by Angelos D. Keromytis.
   14  *
   15  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
   16  * and Niels Provos.
   17  *
   18  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
   19  *
   20  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
   21  * Angelos D. Keromytis and Niels Provos.
   22  * Copyright (c) 1999 Niklas Hallqvist.
   23  * Copyright (c) 2001, Angelos D. Keromytis.
   24  *
   25  * Permission to use, copy, and modify this software with or without fee
   26  * is hereby granted, provided that this entire notice is included in
   27  * all copies of any software which is or includes a copy or
   28  * modification of this software.
   29  * You may use this code under the GNU public license if you so wish. Please
   30  * contribute changes back to the authors under this freer than GPL license
   31  * so that we may further the use of strong encryption without limitations to
   32  * all.
   33  *
   34  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   35  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   36  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   37  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   38  * PURPOSE.
   39  */
   40 
   41 #ifndef _NETIPSEC_XFORM_H_
   42 #define _NETIPSEC_XFORM_H_
   43 
   44 #include <sys/types.h>
   45 #include <sys/queue.h>
   46 #include <netinet/in.h>
   47 #include <opencrypto/xform.h>
   48 
   49 #define AH_HMAC_HASHLEN         12      /* 96 bits of authenticator */
   50 #define AH_HMAC_MAXHASHLEN      (SHA2_512_HASH_LEN/2)   /* Keep this updated */
   51 #define AH_HMAC_INITIAL_RPL     1       /* replay counter initial value */
   52 
   53 #ifdef _KERNEL
   54 struct secpolicy;
   55 struct secasvar;
   56 
   57 /*
   58  * Packet tag assigned on completion of IPsec processing; used
   59  * to speedup security policy checking for INBOUND packets.
   60  */
   61 struct xform_history {
   62         union sockaddr_union    dst;            /* destination address */
   63         uint32_t                spi;            /* Security Parameters Index */
   64         uint8_t                 proto;          /* IPPROTO_ESP or IPPROTO_AH */
   65         uint8_t                 mode;           /* transport or tunnel */
   66 };
   67 
   68 /*
   69  * Opaque data structure hung off a crypto operation descriptor.
   70  */
   71 struct xform_data {
   72         struct secpolicy        *sp;            /* security policy */
   73         struct secasvar         *sav;           /* related SA */
   74         uint64_t                cryptoid;       /* used crypto session id */
   75         u_int                   idx;            /* IPsec request index */
   76         int                     protoff;        /* current protocol offset */
   77         int                     skip;           /* data offset */
   78         uint8_t                 nxt;            /* next protocol, e.g. IPV4 */
   79         struct vnet             *vnet;
   80 };
   81 
   82 #define XF_IP4          1       /* unused */
   83 #define XF_AH           2       /* AH */
   84 #define XF_ESP          3       /* ESP */
   85 #define XF_TCPSIGNATURE 5       /* TCP MD5 Signature option, RFC 2358 */
   86 #define XF_IPCOMP       6       /* IPCOMP */
   87 
   88 struct xformsw {
   89         u_short xf_type;                /* xform ID */
   90         char    *xf_name;               /* human-readable name */
   91         int     (*xf_init)(struct secasvar*, struct xformsw*);  /* setup */
   92         int     (*xf_zeroize)(struct secasvar*);                /* cleanup */
   93         int     (*xf_input)(struct mbuf*, struct secasvar*,     /* input */
   94                         int, int);
   95         int     (*xf_output)(struct mbuf*,                      /* output */
   96             struct secpolicy *, struct secasvar *, u_int, int, int);
   97         LIST_ENTRY(xformsw)     chain;
   98 };
   99 
  100 const struct enc_xform * enc_algorithm_lookup(int);
  101 const struct auth_hash * auth_algorithm_lookup(int);
  102 const struct comp_algo * comp_algorithm_lookup(int);
  103 
  104 void xform_attach(void *);
  105 void xform_detach(void *);
  106 
  107 struct cryptoini;
  108 /* XF_AH */
  109 int xform_ah_authsize(const struct auth_hash *);
  110 extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
  111 extern int ah_zeroize(struct secasvar *sav);
  112 extern size_t ah_hdrsiz(struct secasvar *);
  113 
  114 /* XF_ESP */
  115 extern size_t esp_hdrsiz(struct secasvar *sav);
  116 
  117 #endif /* _KERNEL */
  118 #endif /* _NETIPSEC_XFORM_H_ */

Cache object: ea6dbf7d9542131fd79995373edc0498


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.