1*aca3beaaSApple OSS Distributions /* $KAME: keydb.h,v 1.9 2000/02/22 14:06:41 itojun Exp $ */ 2*aca3beaaSApple OSS Distributions 3*aca3beaaSApple OSS Distributions /* 4*aca3beaaSApple OSS Distributions * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5*aca3beaaSApple OSS Distributions * All rights reserved. 6*aca3beaaSApple OSS Distributions * 7*aca3beaaSApple OSS Distributions * Redistribution and use in source and binary forms, with or without 8*aca3beaaSApple OSS Distributions * modification, are permitted provided that the following conditions 9*aca3beaaSApple OSS Distributions * are met: 10*aca3beaaSApple OSS Distributions * 1. Redistributions of source code must retain the above copyright 11*aca3beaaSApple OSS Distributions * notice, this list of conditions and the following disclaimer. 12*aca3beaaSApple OSS Distributions * 2. Redistributions in binary form must reproduce the above copyright 13*aca3beaaSApple OSS Distributions * notice, this list of conditions and the following disclaimer in the 14*aca3beaaSApple OSS Distributions * documentation and/or other materials provided with the distribution. 15*aca3beaaSApple OSS Distributions * 3. Neither the name of the project nor the names of its contributors 16*aca3beaaSApple OSS Distributions * may be used to endorse or promote products derived from this software 17*aca3beaaSApple OSS Distributions * without specific prior written permission. 18*aca3beaaSApple OSS Distributions * 19*aca3beaaSApple OSS Distributions * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20*aca3beaaSApple OSS Distributions * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21*aca3beaaSApple OSS Distributions * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22*aca3beaaSApple OSS Distributions * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23*aca3beaaSApple OSS Distributions * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24*aca3beaaSApple OSS Distributions * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25*aca3beaaSApple OSS Distributions * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26*aca3beaaSApple OSS Distributions * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27*aca3beaaSApple OSS Distributions * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28*aca3beaaSApple OSS Distributions * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29*aca3beaaSApple OSS Distributions * SUCH DAMAGE. 30*aca3beaaSApple OSS Distributions */ 31*aca3beaaSApple OSS Distributions 32*aca3beaaSApple OSS Distributions #ifndef _NETKEY_KEYDB_H_ 33*aca3beaaSApple OSS Distributions #define _NETKEY_KEYDB_H_ 34*aca3beaaSApple OSS Distributions #include <sys/appleapiopts.h> 35*aca3beaaSApple OSS Distributions 36*aca3beaaSApple OSS Distributions #ifdef BSD_KERNEL_PRIVATE 37*aca3beaaSApple OSS Distributions 38*aca3beaaSApple OSS Distributions #include <netkey/key_var.h> 39*aca3beaaSApple OSS Distributions 40*aca3beaaSApple OSS Distributions /* Security Association Index */ 41*aca3beaaSApple OSS Distributions /* NOTE: Ensure to be same address family */ 42*aca3beaaSApple OSS Distributions struct secasindex { 43*aca3beaaSApple OSS Distributions struct sockaddr_storage src; /* srouce address for SA */ 44*aca3beaaSApple OSS Distributions struct sockaddr_storage dst; /* destination address for SA */ 45*aca3beaaSApple OSS Distributions u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ 46*aca3beaaSApple OSS Distributions u_int8_t mode; /* mode of protocol, see ipsec.h */ 47*aca3beaaSApple OSS Distributions u_int32_t reqid; /* reqid id who owned this SA */ 48*aca3beaaSApple OSS Distributions /* see IPSEC_MANUAL_REQID_MAX. */ 49*aca3beaaSApple OSS Distributions u_int ipsec_ifindex; 50*aca3beaaSApple OSS Distributions }; 51*aca3beaaSApple OSS Distributions 52*aca3beaaSApple OSS Distributions #define SECURITY_ASSOCIATION_ANY 0x0000 53*aca3beaaSApple OSS Distributions #define SECURITY_ASSOCIATION_PFKEY 0x0001 54*aca3beaaSApple OSS Distributions #define SECURITY_ASSOCIATION_CUSTOM_IPSEC 0x0010 55*aca3beaaSApple OSS Distributions 56*aca3beaaSApple OSS Distributions /* Security Association Data Base */ 57*aca3beaaSApple OSS Distributions struct secashead { 58*aca3beaaSApple OSS Distributions LIST_ENTRY(secashead) chain; 59*aca3beaaSApple OSS Distributions 60*aca3beaaSApple OSS Distributions struct secasindex saidx; 61*aca3beaaSApple OSS Distributions 62*aca3beaaSApple OSS Distributions ifnet_t ipsec_if; 63*aca3beaaSApple OSS Distributions u_int outgoing_if; 64*aca3beaaSApple OSS Distributions u_int8_t dir; /* IPSEC_DIR_INBOUND or IPSEC_DIR_OUTBOUND */ 65*aca3beaaSApple OSS Distributions u_int8_t state; /* MATURE or DEAD. */ 66*aca3beaaSApple OSS Distributions LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX + 1]; 67*aca3beaaSApple OSS Distributions /* SA chain */ 68*aca3beaaSApple OSS Distributions /* The first of this list is newer SA */ 69*aca3beaaSApple OSS Distributions 70*aca3beaaSApple OSS Distributions struct route_in6 sa_route; /* route cache */ 71*aca3beaaSApple OSS Distributions 72*aca3beaaSApple OSS Distributions uint16_t flags; 73*aca3beaaSApple OSS Distributions u_int32_t use_count; 74*aca3beaaSApple OSS Distributions }; 75*aca3beaaSApple OSS Distributions 76*aca3beaaSApple OSS Distributions #define MAX_REPLAY_WINDOWS 4 77*aca3beaaSApple OSS Distributions 78*aca3beaaSApple OSS Distributions /* Security Association */ 79*aca3beaaSApple OSS Distributions struct secasvar { 80*aca3beaaSApple OSS Distributions LIST_ENTRY(secasvar) chain; 81*aca3beaaSApple OSS Distributions LIST_ENTRY(secasvar) spihash; 82*aca3beaaSApple OSS Distributions int refcnt; /* reference count */ 83*aca3beaaSApple OSS Distributions u_int8_t state; /* Status of this Association */ 84*aca3beaaSApple OSS Distributions 85*aca3beaaSApple OSS Distributions u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ 86*aca3beaaSApple OSS Distributions u_int8_t alg_enc; /* Cipher Algorithm Identifier */ 87*aca3beaaSApple OSS Distributions u_int32_t spi; /* SPI Value, network byte order */ 88*aca3beaaSApple OSS Distributions u_int32_t flags; /* holder for SADB_KEY_FLAGS */ 89*aca3beaaSApple OSS Distributions u_int16_t flags2; /* holder for SADB_SA2_KEY_FLAGS */ 90*aca3beaaSApple OSS Distributions 91*aca3beaaSApple OSS Distributions struct sadb_key *key_auth; /* Key for Authentication */ 92*aca3beaaSApple OSS Distributions struct sadb_key *key_enc; /* Key for Encryption */ 93*aca3beaaSApple OSS Distributions caddr_t iv; /* Initilization Vector */ 94*aca3beaaSApple OSS Distributions u_int ivlen; /* length of IV */ 95*aca3beaaSApple OSS Distributions void *sched; /* intermediate encryption key */ 96*aca3beaaSApple OSS Distributions size_t schedlen; 97*aca3beaaSApple OSS Distributions 98*aca3beaaSApple OSS Distributions struct secreplay *replay[MAX_REPLAY_WINDOWS]; /* replay prevention */ 99*aca3beaaSApple OSS Distributions 100*aca3beaaSApple OSS Distributions u_int64_t created; /* for lifetime */ 101*aca3beaaSApple OSS Distributions 102*aca3beaaSApple OSS Distributions struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ 103*aca3beaaSApple OSS Distributions struct sadb_lifetime *lft_h; /* HARD lifetime */ 104*aca3beaaSApple OSS Distributions struct sadb_lifetime *lft_s; /* SOFT lifetime */ 105*aca3beaaSApple OSS Distributions 106*aca3beaaSApple OSS Distributions struct socket *so; /* Associated socket */ 107*aca3beaaSApple OSS Distributions 108*aca3beaaSApple OSS Distributions u_int32_t seq; /* sequence number */ 109*aca3beaaSApple OSS Distributions pid_t pid; /* message's pid */ 110*aca3beaaSApple OSS Distributions 111*aca3beaaSApple OSS Distributions struct secashead *sah; /* back pointer to the secashead */ 112*aca3beaaSApple OSS Distributions 113*aca3beaaSApple OSS Distributions /* Nat Traversal related bits */ 114*aca3beaaSApple OSS Distributions u_int64_t natt_last_activity; 115*aca3beaaSApple OSS Distributions u_int16_t remote_ike_port; 116*aca3beaaSApple OSS Distributions u_int16_t natt_encapsulated_src_port; /* network byte order */ 117*aca3beaaSApple OSS Distributions u_int16_t natt_interval; /* Interval in seconds */ 118*aca3beaaSApple OSS Distributions u_int16_t natt_offload_interval; /* Hardware Offload Interval in seconds */ 119*aca3beaaSApple OSS Distributions /* 120*aca3beaaSApple OSS Distributions * Globally unique flow identifier for the SA. 121*aca3beaaSApple OSS Distributions * Added on outgoing packets by the IPSec driver. 122*aca3beaaSApple OSS Distributions */ 123*aca3beaaSApple OSS Distributions uint32_t flowid; 124*aca3beaaSApple OSS Distributions 125*aca3beaaSApple OSS Distributions u_int8_t always_expire; /* Send expire/delete messages even if unused */ 126*aca3beaaSApple OSS Distributions }; 127*aca3beaaSApple OSS Distributions 128*aca3beaaSApple OSS Distributions /* replay prevention */ 129*aca3beaaSApple OSS Distributions struct secreplay { 130*aca3beaaSApple OSS Distributions u_int8_t wsize; /* window size */ 131*aca3beaaSApple OSS Distributions u_int32_t count; /* used by sender/receiver */ 132*aca3beaaSApple OSS Distributions u_int32_t seq; /* used by sender */ 133*aca3beaaSApple OSS Distributions u_int32_t lastseq; /* used by sender/receiver */ 134*aca3beaaSApple OSS Distributions caddr_t bitmap; /* used by receiver */ 135*aca3beaaSApple OSS Distributions int overflow; /* overflow flag */ 136*aca3beaaSApple OSS Distributions }; 137*aca3beaaSApple OSS Distributions 138*aca3beaaSApple OSS Distributions /* socket table due to send PF_KEY messages. */ 139*aca3beaaSApple OSS Distributions struct secreg { 140*aca3beaaSApple OSS Distributions LIST_ENTRY(secreg) chain; 141*aca3beaaSApple OSS Distributions 142*aca3beaaSApple OSS Distributions struct socket *so; 143*aca3beaaSApple OSS Distributions }; 144*aca3beaaSApple OSS Distributions 145*aca3beaaSApple OSS Distributions #ifndef IPSEC_NONBLOCK_ACQUIRE 146*aca3beaaSApple OSS Distributions /* acquiring list table. */ 147*aca3beaaSApple OSS Distributions struct secacq { 148*aca3beaaSApple OSS Distributions LIST_ENTRY(secacq) chain; 149*aca3beaaSApple OSS Distributions 150*aca3beaaSApple OSS Distributions struct secasindex saidx; 151*aca3beaaSApple OSS Distributions 152*aca3beaaSApple OSS Distributions u_int32_t seq; /* sequence number */ 153*aca3beaaSApple OSS Distributions u_int64_t created; /* for lifetime */ 154*aca3beaaSApple OSS Distributions int count; /* for lifetime */ 155*aca3beaaSApple OSS Distributions }; 156*aca3beaaSApple OSS Distributions #endif 157*aca3beaaSApple OSS Distributions 158*aca3beaaSApple OSS Distributions /* Sensitivity Level Specification */ 159*aca3beaaSApple OSS Distributions /* nothing */ 160*aca3beaaSApple OSS Distributions 161*aca3beaaSApple OSS Distributions #define SADB_KILL_INTERVAL 600 /* six seconds */ 162*aca3beaaSApple OSS Distributions 163*aca3beaaSApple OSS Distributions struct key_cb { 164*aca3beaaSApple OSS Distributions int key_count; 165*aca3beaaSApple OSS Distributions int any_count; 166*aca3beaaSApple OSS Distributions }; 167*aca3beaaSApple OSS Distributions 168*aca3beaaSApple OSS Distributions /* secpolicy */ 169*aca3beaaSApple OSS Distributions extern struct secpolicy *keydb_newsecpolicy(void); 170*aca3beaaSApple OSS Distributions extern void keydb_delsecpolicy(struct secpolicy *); 171*aca3beaaSApple OSS Distributions /* secashead */ 172*aca3beaaSApple OSS Distributions extern struct secashead *keydb_newsecashead(void); 173*aca3beaaSApple OSS Distributions // extern void keydb_delsecashead(struct secashead *); // not used 174*aca3beaaSApple OSS Distributions /* secasvar */ 175*aca3beaaSApple OSS Distributions // extern struct secasvar *keydb_newsecasvar(void); // not used 176*aca3beaaSApple OSS Distributions // extern void keydb_refsecasvar(struct secasvar *); // not used 177*aca3beaaSApple OSS Distributions // extern void keydb_freesecasvar(struct secasvar *); // not used 178*aca3beaaSApple OSS Distributions /* secreplay */ 179*aca3beaaSApple OSS Distributions extern struct secreplay *keydb_newsecreplay(u_int8_t); 180*aca3beaaSApple OSS Distributions extern void keydb_delsecreplay(struct secreplay *); 181*aca3beaaSApple OSS Distributions /* secreg */ 182*aca3beaaSApple OSS Distributions // extern struct secreg *keydb_newsecreg(void); // not used 183*aca3beaaSApple OSS Distributions // extern void keydb_delsecreg(struct secreg *); // not used 184*aca3beaaSApple OSS Distributions 185*aca3beaaSApple OSS Distributions #endif /* BSD_KERNEL_PRIVATE */ 186*aca3beaaSApple OSS Distributions 187*aca3beaaSApple OSS Distributions #endif /* _NETKEY_KEYDB_H_ */ 188