FreeBSD/Linux Kernel Cross Reference
sys/netipsec/xform.h
1 /* $NetBSD: xform.h,v 1.22 2022/05/22 11:39:08 riastradh Exp $ */
2 /* $FreeBSD: xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
3 /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */
4 /*
5 * The authors of this code are John Ioannidis (ji@tla.org),
6 * Angelos D. Keromytis (kermit@csd.uch.gr),
7 * Niels Provos (provos@physnet.uni-hamburg.de) and
8 * Niklas Hallqvist (niklas@appli.se).
9 *
10 * The original version of this code was written by John Ioannidis
11 * for BSD/OS in Athens, Greece, in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
20 *
21 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22 * Angelos D. Keromytis and Niels Provos.
23 * Copyright (c) 1999 Niklas Hallqvist.
24 * Copyright (c) 2001, Angelos D. Keromytis.
25 *
26 * Permission to use, copy, and modify this software with or without fee
27 * is hereby granted, provided that this entire notice is included in
28 * all copies of any software which is or includes a copy or
29 * modification of this software.
30 * You may use this code under the GNU public license if you so wish. Please
31 * contribute changes back to the authors under this freer than GPL license
32 * so that we may further the use of strong encryption without limitations to
33 * all.
34 *
35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39 * PURPOSE.
40 */
41
42 #ifndef _NETIPSEC_XFORM_H_
43 #define _NETIPSEC_XFORM_H_
44
45 #include <sys/types.h>
46 #include <netinet/in.h>
47 #include <opencrypto/xform.h>
48
49 /*
50 * Opaque data structure hung off a crypto operation descriptor.
51 */
52 struct secasvar;
53 struct tdb_crypto {
54 const struct ipsecrequest *tc_isr; /* ipsec request state */
55 u_int32_t tc_spi; /* associated SPI */
56 union sockaddr_union tc_dst; /* dst addr of packet */
57 u_int8_t tc_proto; /* current protocol, e.g. AH */
58 u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */
59 int tc_protoff; /* current protocol offset */
60 int tc_skip; /* data offset */
61 int tc_flags; /* outer protocol flags, e.g. IPV6_MINMTU */
62 struct secasvar *tc_sav; /* ipsec SA */
63 };
64
65 struct ipescrequest;
66
67 struct xformsw {
68 u_short xf_type;
69 #define XF_IP4 1 /* IP inside IP */
70 #define XF_AH 2 /* AH */
71 #define XF_ESP 3 /* ESP */
72 #define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */
73 #define XF_IPCOMP 6 /* IPCOMP */
74 u_short xf_flags;
75 #define XFT_AUTH 0x0001
76 #define XFT_CONF 0x0100
77 #define XFT_COMP 0x1000
78 const char *xf_name;
79 int (*xf_init)(struct secasvar *, const struct xformsw *);
80 void (*xf_zeroize)(struct secasvar *);
81 int (*xf_input)(struct mbuf *, struct secasvar *, int, int);
82 int (*xf_output)(struct mbuf *, const struct ipsecrequest *,
83 struct secasvar *, int, int, int);
84 struct xformsw *xf_next; /* list of registered xforms */
85 };
86
87 #ifdef _KERNEL
88 void xform_register(struct xformsw *);
89 int xform_init(struct secasvar *sav, int);
90
91 struct cryptoini;
92
93 /* XF_IP4 */
94 int ipip_output(struct mbuf *, struct secasvar *, struct mbuf **);
95
96 /* XF_AH */
97 int ah_init0(struct secasvar *, const struct xformsw *, struct cryptoini *);
98 void ah_zeroize(struct secasvar *);
99 const struct auth_hash *ah_algorithm_lookup(int);
100 size_t ah_authsiz(const struct secasvar *);
101 size_t ah_hdrsiz(const struct secasvar *);
102
103 /* XF_ESP */
104 const struct enc_xform *esp_algorithm_lookup(int);
105 size_t esp_hdrsiz(const struct secasvar *);
106
107 /* XF_COMP */
108 const struct comp_algo *ipcomp_algorithm_lookup(int);
109
110 #endif /* _KERNEL */
111 #endif /* !_NETIPSEC_XFORM_H_ */
Cache object: b8e63e7a87e585c7e96df243989147d3
|