FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.h
1 /*----------------------------------------------------------------------
2 * key.h : Declarations and Definitions for Key Engine for BSD.
3 *
4 * Copyright 1995 by Bao Phan, Randall Atkinson, & Dan McDonald,
5 * All Rights Reserved. All rights have been assigned to the US
6 * Naval Research Laboratory (NRL). The NRL Copyright Notice and
7 * License Agreement governs distribution and use of this software.
8 *
9 * Patents are pending on this technology. NRL grants a license
10 * to use this technology at no cost under the terms below with
11 * the additional requirement that software, hardware, and
12 * documentation relating to use of this technology must include
13 * the note that:
14 * This product includes technology developed at and
15 * licensed from the Information Technology Division,
16 * US Naval Research Laboratory.
17 *
18 ----------------------------------------------------------------------*/
19 /*----------------------------------------------------------------------
20 # @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
21
22 COPYRIGHT NOTICE
23
24 All of the documentation and software included in this software
25 distribution from the US Naval Research Laboratory (NRL) are
26 copyrighted by their respective developers.
27
28 This software and documentation were developed at NRL by various
29 people. Those developers have each copyrighted the portions that they
30 developed at NRL and have assigned All Rights for those portions to
31 NRL. Outside the USA, NRL also has copyright on the software
32 developed at NRL. The affected files all contain specific copyright
33 notices and those notices must be retained in any derived work.
34
35 NRL LICENSE
36
37 NRL grants permission for redistribution and use in source and binary
38 forms, with or without modification, of the software and documentation
39 created at NRL provided that the following conditions are met:
40
41 1. Redistributions of source code must retain the above copyright
42 notice, this list of conditions and the following disclaimer.
43 2. Redistributions in binary form must reproduce the above copyright
44 notice, this list of conditions and the following disclaimer in the
45 documentation and/or other materials provided with the distribution.
46 3. All advertising materials mentioning features or use of this software
47 must display the following acknowledgement:
48
49 This product includes software developed at the Information
50 Technology Division, US Naval Research Laboratory.
51
52 4. Neither the name of the NRL nor the names of its contributors
53 may be used to endorse or promote products derived from this software
54 without specific prior written permission.
55
56 THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
57 IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
58 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
59 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
60 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
61 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
62 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
63 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
64 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
65 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
66 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
67
68 The views and conclusions contained in the software and documentation
69 are those of the authors and should not be interpreted as representing
70 official policies, either expressed or implied, of the US Naval
71 Research Laboratory (NRL).
72
73 ----------------------------------------------------------------------*/
74
75 #ifndef _netkey_key_h
76 #define _netkey_key_h 1
77
78 /*
79 * PF_KEY messages
80 */
81
82 #define KEY_ADD 1
83 #define KEY_DELETE 2
84 #define KEY_UPDATE 3
85 #define KEY_GET 4
86 #define KEY_ACQUIRE 5
87 #define KEY_GETSPI 6
88 #define KEY_REGISTER 7
89 #define KEY_EXPIRE 8
90 #define KEY_DUMP 9
91 #define KEY_FLUSH 10
92
93 #define KEY_VERSION 1
94 #define POLICY_VERSION 1
95
96 #define SECURITY_TYPE_NONE 0
97
98 #define KEY_TYPE_AH 1
99 #define KEY_TYPE_ESP 2
100 #define KEY_TYPE_RSVP 3
101 #define KEY_TYPE_OSPF 4
102 #define KEY_TYPE_RIPV2 5
103 #define KEY_TYPE_MIPV4 6
104 #define KEY_TYPE_MIPV6 7
105 #define KEY_TYPE_MAX 7
106
107 /*
108 * Security association state
109 */
110
111 #define K_USED 0x1 /* Key used/not used */
112 #define K_UNIQUE 0x2 /* Key unique/reusable */
113 #define K_LARVAL 0x4 /* SPI assigned, but sa incomplete */
114 #define K_ZOMBIE 0x8 /* sa expired but still useable */
115 #define K_DEAD 0x10 /* sa marked for deletion, ready for reaping */
116 #define K_INBOUND 0x20 /* sa for inbound packets, ie. dst=myhost */
117 #define K_OUTBOUND 0x40 /* sa for outbound packets, ie. src=myhost */
118
119
120 #ifndef MAX_SOCKADDR_SZ
121 #ifdef INET6
122 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in6))
123 #else /* INET6 */
124 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in))
125 #endif /* INET6 */
126 #endif /* MAX_SOCKADDR_SZ */
127
128 #ifndef MAX_KEY_SZ
129 #define MAX_KEY_SZ 16
130 #endif /* MAX_KEY_SZ */
131
132 #ifndef MAX_IV_SZ
133 #define MAX_IV_SZ 16
134 #endif /* MAX_IV_SZ */
135
136 /* Security association data for IP Security */
137 struct key_secassoc {
138 u_int8_t len; /* Length of the data (for radix) */
139 u_int8_t type; /* Type of association */
140 u_int8_t state; /* State of the association */
141 u_int8_t label; /* Sensitivity label (unused) */
142 u_int32_t spi; /* SPI */
143 u_int8_t keylen; /* Key length */
144 u_int8_t ivlen; /* Initialization vector length */
145 u_int8_t algorithm; /* Algorithm switch index */
146 u_int8_t lifetype; /* Type of lifetime */
147 caddr_t iv; /* Initialization vector */
148 caddr_t key; /* Key */
149 u_int32_t lifetime1; /* Lifetime value 1 */
150 u_int32_t lifetime2; /* Lifetime value 2 */
151 struct sockaddr *src; /* Source host address */
152 struct sockaddr *dst; /* Destination host address */
153 struct sockaddr *from; /* Originator of association */
154 };
155
156 /*
157 * Structure for key message header. PF_KEY message consists of key_msghdr
158 * followed by src struct sockaddr, dest struct sockaddr, from struct
159 * sockaddr, key, and iv. Assumes size of key message header less than MHLEN.
160 */
161
162 struct key_msghdr {
163 u_short key_msglen; /* length of message including
164 * src/dst/from/key/iv */
165 u_char key_msgvers; /* key version number */
166 u_char key_msgtype; /* key message type, eg. KEY_ADD */
167 pid_t key_pid;/* process id of message sender */
168 int key_seq;/* message sequence number */
169 int key_errno; /* error code */
170 u_int8_t type; /* type of security association */
171 u_int8_t state; /* state of security association */
172 u_int8_t label; /* sensitivity level */
173 u_int8_t pad; /* padding for allignment */
174 u_int32_t spi; /* spi value */
175 u_int8_t keylen; /* key length */
176 u_int8_t ivlen; /* iv length */
177 u_int8_t algorithm; /* algorithm identifier */
178 u_int8_t lifetype; /* type of lifetime */
179 u_int32_t lifetime1; /* lifetime value 1 */
180 u_int32_t lifetime2; /* lifetime value 2 */
181 };
182
183 struct key_msgdata {
184 struct sockaddr *src; /* source host address */
185 struct sockaddr *dst; /* destination host address */
186 struct sockaddr *from; /* originator of security association */
187 caddr_t iv; /* initialization vector */
188 caddr_t key; /* key */
189 int ivlen; /* key length */
190 int keylen; /* iv length */
191 };
192
193 struct policy_msghdr {
194 u_short policy_msglen; /* message length */
195 u_char policy_msgvers; /* message version */
196 u_char policy_msgtype; /* message type */
197 int policy_seq; /* message sequence number */
198 int policy_errno; /* error code */
199 };
200
201 /*
202 * Key engine table structures
203 */
204
205 struct socketlist {
206 struct socket *socket; /* pointer to socket */
207 struct socketlist *next;/* next */
208 };
209
210 struct key_tblnode {
211 int alloc_count; /* number of sockets allocated to
212 * secassoc */
213 int ref_count; /* number of sockets referencing
214 * secassoc */
215 struct socketlist *solist; /* list of sockets allocated to
216 * secassoc */
217 struct key_secassoc *secassoc; /* security association */
218 struct key_tblnode *next; /* next node */
219 };
220
221 struct key_allocnode {
222 struct key_tblnode *keynode;
223 struct key_allocnode *next;
224 };
225
226 struct key_so2spinode {
227 struct socket *socket; /* socket pointer */
228 struct key_tblnode *keynode; /* pointer to tblnode containing
229 * secassoc */
230 /* info for socket */
231 struct key_so2spinode *next;
232 };
233
234 struct key_registry {
235 u_int8_t type; /* secassoc type that key mgnt. daemon can
236 * acquire */
237 struct socket *socket; /* key management daemon socket pointer */
238 struct key_registry *next;
239 };
240
241 struct key_acquirelist {
242 u_int8_t type; /* secassoc type to acquire */
243 struct sockaddr *target;/* destination address of secassoc */
244 u_int32_t count; /* number of acquire messages sent */
245 u_long expiretime; /* expiration time for acquire
246 * message */
247 struct key_acquirelist *next;
248 };
249
250 struct keyso_cb {
251 int ip4_count; /* IPv4 */
252 #ifdef INET6
253 int ip6_count; /* IPv6 */
254 #endif /* INET6 */
255 int any_count; /* Sum of above counters */
256 };
257
258 #ifdef KERNEL
259 int key_inittables __P((void));
260 int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *,
261 struct key_msgdata *));
262 int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *,
263 struct key_msgdata *));
264 int key_add __P((struct key_secassoc *));
265 int key_delete __P((struct key_secassoc *));
266 int key_get __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
267 struct key_secassoc **));
268 void key_flush __P((void));
269 int key_dump __P((struct socket *));
270 int key_getspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
271 u_int32_t, u_int32_t *));
272 int key_update __P((struct key_secassoc *));
273 int key_register __P((struct socket *, u_int));
274 void key_unregister __P((struct socket *, u_int, int));
275 int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *));
276 int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
277 struct key_tblnode **));
278 int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *,
279 struct socket *, u_int, struct key_tblnode **));
280 void key_free __P((struct key_tblnode *));
281 int key_parse __P((struct key_msghdr ** km, struct socket * so, int *));
282 #endif /* KERNEL */
283
284 #endif /* _netkey_key_h */
Cache object: 3d8b676ff5e647edf7caec539c3f3a85
|