Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*---------------------------------------------------------------------- 2 * key.h : Declarations and Definitions for Key Engine for BSD. 3 * 4 * Copyright 1995 by Bao Phan, Randall Atkinson, & Dan McDonald, 5 * All Rights Reserved. All rights have been assigned to the US 6 * Naval Research Laboratory (NRL). The NRL Copyright Notice and 7 * License Agreement governs distribution and use of this software. 8 * 9 * Patents are pending on this technology. NRL grants a license 10 * to use this technology at no cost under the terms below with 11 * the additional requirement that software, hardware, and 12 * documentation relating to use of this technology must include 13 * the note that: 14 * This product includes technology developed at and 15 * licensed from the Information Technology Division, 16 * US Naval Research Laboratory. 17 * 18 ----------------------------------------------------------------------*/ 19 /*---------------------------------------------------------------------- 20 # @(#)COPYRIGHT 1.1a (NRL) 17 August 1995 21 22 COPYRIGHT NOTICE 23 24 All of the documentation and software included in this software 25 distribution from the US Naval Research Laboratory (NRL) are 26 copyrighted by their respective developers. 27 28 This software and documentation were developed at NRL by various 29 people. Those developers have each copyrighted the portions that they 30 developed at NRL and have assigned All Rights for those portions to 31 NRL. Outside the USA, NRL also has copyright on the software 32 developed at NRL. The affected files all contain specific copyright 33 notices and those notices must be retained in any derived work. 34 35 NRL LICENSE 36 37 NRL grants permission for redistribution and use in source and binary 38 forms, with or without modification, of the software and documentation 39 created at NRL provided that the following conditions are met: 40 41 1. Redistributions of source code must retain the above copyright 42 notice, this list of conditions and the following disclaimer. 43 2. Redistributions in binary form must reproduce the above copyright 44 notice, this list of conditions and the following disclaimer in the 45 documentation and/or other materials provided with the distribution. 46 3. All advertising materials mentioning features or use of this software 47 must display the following acknowledgement: 48 49 This product includes software developed at the Information 50 Technology Division, US Naval Research Laboratory. 51 52 4. Neither the name of the NRL nor the names of its contributors 53 may be used to endorse or promote products derived from this software 54 without specific prior written permission. 55 56 THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 57 IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 58 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 59 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 60 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 61 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 62 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 63 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 64 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 65 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 66 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 67 68 The views and conclusions contained in the software and documentation 69 are those of the authors and should not be interpreted as representing 70 official policies, either expressed or implied, of the US Naval 71 Research Laboratory (NRL). 72 73 ----------------------------------------------------------------------*/ 74 75 #ifndef _netkey_key_h 76 #define _netkey_key_h 1 77 78 /* 79 * PF_KEY messages 80 */ 81 82 #define KEY_ADD 1 83 #define KEY_DELETE 2 84 #define KEY_UPDATE 3 85 #define KEY_GET 4 86 #define KEY_ACQUIRE 5 87 #define KEY_GETSPI 6 88 #define KEY_REGISTER 7 89 #define KEY_EXPIRE 8 90 #define KEY_DUMP 9 91 #define KEY_FLUSH 10 92 93 #define KEY_VERSION 1 94 #define POLICY_VERSION 1 95 96 #define SECURITY_TYPE_NONE 0 97 98 #define KEY_TYPE_AH 1 99 #define KEY_TYPE_ESP 2 100 #define KEY_TYPE_RSVP 3 101 #define KEY_TYPE_OSPF 4 102 #define KEY_TYPE_RIPV2 5 103 #define KEY_TYPE_MIPV4 6 104 #define KEY_TYPE_MIPV6 7 105 #define KEY_TYPE_MAX 7 106 107 /* 108 * Security association state 109 */ 110 111 #define K_USED 0x1 /* Key used/not used */ 112 #define K_UNIQUE 0x2 /* Key unique/reusable */ 113 #define K_LARVAL 0x4 /* SPI assigned, but sa incomplete */ 114 #define K_ZOMBIE 0x8 /* sa expired but still useable */ 115 #define K_DEAD 0x10 /* sa marked for deletion, ready for reaping */ 116 #define K_INBOUND 0x20 /* sa for inbound packets, ie. dst=myhost */ 117 #define K_OUTBOUND 0x40 /* sa for outbound packets, ie. src=myhost */ 118 119 120 #ifndef MAX_SOCKADDR_SZ 121 #ifdef INET6 122 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in6)) 123 #else /* INET6 */ 124 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in)) 125 #endif /* INET6 */ 126 #endif /* MAX_SOCKADDR_SZ */ 127 128 #ifndef MAX_KEY_SZ 129 #define MAX_KEY_SZ 16 130 #endif /* MAX_KEY_SZ */ 131 132 #ifndef MAX_IV_SZ 133 #define MAX_IV_SZ 16 134 #endif /* MAX_IV_SZ */ 135 136 /* Security association data for IP Security */ 137 struct key_secassoc { 138 u_int8_t len; /* Length of the data (for radix) */ 139 u_int8_t type; /* Type of association */ 140 u_int8_t state; /* State of the association */ 141 u_int8_t label; /* Sensitivity label (unused) */ 142 u_int32_t spi; /* SPI */ 143 u_int8_t keylen; /* Key length */ 144 u_int8_t ivlen; /* Initialization vector length */ 145 u_int8_t algorithm; /* Algorithm switch index */ 146 u_int8_t lifetype; /* Type of lifetime */ 147 caddr_t iv; /* Initialization vector */ 148 caddr_t key; /* Key */ 149 u_int32_t lifetime1; /* Lifetime value 1 */ 150 u_int32_t lifetime2; /* Lifetime value 2 */ 151 struct sockaddr *src; /* Source host address */ 152 struct sockaddr *dst; /* Destination host address */ 153 struct sockaddr *from; /* Originator of association */ 154 }; 155 156 /* 157 * Structure for key message header. PF_KEY message consists of key_msghdr 158 * followed by src struct sockaddr, dest struct sockaddr, from struct 159 * sockaddr, key, and iv. Assumes size of key message header less than MHLEN. 160 */ 161 162 struct key_msghdr { 163 u_short key_msglen; /* length of message including 164 * src/dst/from/key/iv */ 165 u_char key_msgvers; /* key version number */ 166 u_char key_msgtype; /* key message type, eg. KEY_ADD */ 167 pid_t key_pid;/* process id of message sender */ 168 int key_seq;/* message sequence number */ 169 int key_errno; /* error code */ 170 u_int8_t type; /* type of security association */ 171 u_int8_t state; /* state of security association */ 172 u_int8_t label; /* sensitivity level */ 173 u_int8_t pad; /* padding for allignment */ 174 u_int32_t spi; /* spi value */ 175 u_int8_t keylen; /* key length */ 176 u_int8_t ivlen; /* iv length */ 177 u_int8_t algorithm; /* algorithm identifier */ 178 u_int8_t lifetype; /* type of lifetime */ 179 u_int32_t lifetime1; /* lifetime value 1 */ 180 u_int32_t lifetime2; /* lifetime value 2 */ 181 }; 182 183 struct key_msgdata { 184 struct sockaddr *src; /* source host address */ 185 struct sockaddr *dst; /* destination host address */ 186 struct sockaddr *from; /* originator of security association */ 187 caddr_t iv; /* initialization vector */ 188 caddr_t key; /* key */ 189 int ivlen; /* key length */ 190 int keylen; /* iv length */ 191 }; 192 193 struct policy_msghdr { 194 u_short policy_msglen; /* message length */ 195 u_char policy_msgvers; /* message version */ 196 u_char policy_msgtype; /* message type */ 197 int policy_seq; /* message sequence number */ 198 int policy_errno; /* error code */ 199 }; 200 201 /* 202 * Key engine table structures 203 */ 204 205 struct socketlist { 206 struct socket *socket; /* pointer to socket */ 207 struct socketlist *next;/* next */ 208 }; 209 210 struct key_tblnode { 211 int alloc_count; /* number of sockets allocated to 212 * secassoc */ 213 int ref_count; /* number of sockets referencing 214 * secassoc */ 215 struct socketlist *solist; /* list of sockets allocated to 216 * secassoc */ 217 struct key_secassoc *secassoc; /* security association */ 218 struct key_tblnode *next; /* next node */ 219 }; 220 221 struct key_allocnode { 222 struct key_tblnode *keynode; 223 struct key_allocnode *next; 224 }; 225 226 struct key_so2spinode { 227 struct socket *socket; /* socket pointer */ 228 struct key_tblnode *keynode; /* pointer to tblnode containing 229 * secassoc */ 230 /* info for socket */ 231 struct key_so2spinode *next; 232 }; 233 234 struct key_registry { 235 u_int8_t type; /* secassoc type that key mgnt. daemon can 236 * acquire */ 237 struct socket *socket; /* key management daemon socket pointer */ 238 struct key_registry *next; 239 }; 240 241 struct key_acquirelist { 242 u_int8_t type; /* secassoc type to acquire */ 243 struct sockaddr *target;/* destination address of secassoc */ 244 u_int32_t count; /* number of acquire messages sent */ 245 u_long expiretime; /* expiration time for acquire 246 * message */ 247 struct key_acquirelist *next; 248 }; 249 250 struct keyso_cb { 251 int ip4_count; /* IPv4 */ 252 #ifdef INET6 253 int ip6_count; /* IPv6 */ 254 #endif /* INET6 */ 255 int any_count; /* Sum of above counters */ 256 }; 257 258 #ifdef KERNEL 259 int key_inittables __P((void)); 260 int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *, 261 struct key_msgdata *)); 262 int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *, 263 struct key_msgdata *)); 264 int key_add __P((struct key_secassoc *)); 265 int key_delete __P((struct key_secassoc *)); 266 int key_get __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, 267 struct key_secassoc **)); 268 void key_flush __P((void)); 269 int key_dump __P((struct socket *)); 270 int key_getspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, 271 u_int32_t, u_int32_t *)); 272 int key_update __P((struct key_secassoc *)); 273 int key_register __P((struct socket *, u_int)); 274 void key_unregister __P((struct socket *, u_int, int)); 275 int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *)); 276 int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, 277 struct key_tblnode **)); 278 int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *, 279 struct socket *, u_int, struct key_tblnode **)); 280 void key_free __P((struct key_tblnode *)); 281 int key_parse __P((struct key_msghdr ** km, struct socket * so, int *)); 282 #endif /* KERNEL */ 283 284 #endif /* _netkey_key_h */
Cache object: 3d8b676ff5e647edf7caec539c3f3a85
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]