1 | /* $KAME: keydb.h,v 1.9 2000/02/22 14:06:41 itojun Exp $ */ |
2 | |
3 | /* |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
5 | * All rights reserved. |
6 | * |
7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions |
9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. |
15 | * 3. Neither the name of the project nor the names of its contributors |
16 | * may be used to endorse or promote products derived from this software |
17 | * without specific prior written permission. |
18 | * |
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
29 | * SUCH DAMAGE. |
30 | */ |
31 | |
32 | #ifndef _NETKEY_KEYDB_H_ |
33 | #define _NETKEY_KEYDB_H_ |
34 | #include <sys/appleapiopts.h> |
35 | |
36 | #ifdef BSD_KERNEL_PRIVATE |
37 | |
38 | #include <netkey/key_var.h> |
39 | |
40 | /* Security Association Index */ |
41 | /* NOTE: Ensure to be same address family */ |
42 | struct secasindex { |
43 | struct sockaddr_storage src; /* srouce address for SA */ |
44 | struct sockaddr_storage dst; /* destination address for SA */ |
45 | u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ |
46 | u_int8_t mode; /* mode of protocol, see ipsec.h */ |
47 | u_int32_t reqid; /* reqid id who owned this SA */ |
48 | /* see IPSEC_MANUAL_REQID_MAX. */ |
49 | u_int ipsec_ifindex; |
50 | }; |
51 | |
52 | /* Security Association Data Base */ |
53 | struct secashead { |
54 | LIST_ENTRY(secashead) chain; |
55 | |
56 | struct secasindex saidx; |
57 | |
58 | struct sadb_ident *idents; /* source identity */ |
59 | struct sadb_ident *identd; /* destination identity */ |
60 | /* XXX I don't know how to use them. */ |
61 | |
62 | ifnet_t ipsec_if; |
63 | u_int outgoing_if; |
64 | u_int8_t dir; /* IPSEC_DIR_INBOUND or IPSEC_DIR_OUTBOUND */ |
65 | u_int8_t state; /* MATURE or DEAD. */ |
66 | LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; |
67 | /* SA chain */ |
68 | /* The first of this list is newer SA */ |
69 | |
70 | struct route_in6 sa_route; /* route cache */ |
71 | }; |
72 | |
73 | /* Security Association */ |
74 | struct secasvar { |
75 | LIST_ENTRY(secasvar) chain; |
76 | LIST_ENTRY(secasvar) spihash; |
77 | int refcnt; /* reference count */ |
78 | u_int8_t state; /* Status of this Association */ |
79 | |
80 | u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ |
81 | u_int8_t alg_enc; /* Cipher Algorithm Identifier */ |
82 | u_int32_t spi; /* SPI Value, network byte order */ |
83 | u_int32_t flags; /* holder for SADB_KEY_FLAGS */ |
84 | u_int16_t flags2; /* holder for SADB_SA2_KEY_FLAGS */ |
85 | |
86 | struct sadb_key *key_auth; /* Key for Authentication */ |
87 | struct sadb_key *key_enc; /* Key for Encryption */ |
88 | caddr_t iv; /* Initilization Vector */ |
89 | u_int ivlen; /* length of IV */ |
90 | void *sched; /* intermediate encryption key */ |
91 | size_t schedlen; |
92 | |
93 | struct secreplay *replay; /* replay prevention */ |
94 | long created; /* for lifetime */ |
95 | |
96 | struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ |
97 | struct sadb_lifetime *lft_h; /* HARD lifetime */ |
98 | struct sadb_lifetime *lft_s; /* SOFT lifetime */ |
99 | |
100 | struct socket *so; /* Associated socket */ |
101 | |
102 | u_int32_t seq; /* sequence number */ |
103 | pid_t pid; /* message's pid */ |
104 | |
105 | struct secashead *sah; /* back pointer to the secashead */ |
106 | |
107 | /* Nat Traversal related bits */ |
108 | u_int64_t natt_last_activity; |
109 | u_int16_t remote_ike_port; |
110 | u_int16_t natt_encapsulated_src_port; /* network byte order */ |
111 | u_int16_t natt_interval; /* Interval in seconds */ |
112 | u_int16_t natt_offload_interval; /* Hardware Offload Interval in seconds */ |
113 | |
114 | u_int8_t always_expire; /* Send expire/delete messages even if unused */ |
115 | }; |
116 | |
117 | /* replay prevention */ |
118 | struct secreplay { |
119 | u_int32_t count; |
120 | u_int wsize; /* window size, i.g. 4 bytes */ |
121 | u_int32_t seq; /* used by sender */ |
122 | u_int32_t lastseq; /* used by receiver */ |
123 | caddr_t bitmap; /* used by receiver */ |
124 | int overflow; /* overflow flag */ |
125 | }; |
126 | |
127 | /* socket table due to send PF_KEY messages. */ |
128 | struct secreg { |
129 | LIST_ENTRY(secreg) chain; |
130 | |
131 | struct socket *so; |
132 | }; |
133 | |
134 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
135 | /* acquiring list table. */ |
136 | struct secacq { |
137 | LIST_ENTRY(secacq) chain; |
138 | |
139 | struct secasindex saidx; |
140 | |
141 | u_int32_t seq; /* sequence number */ |
142 | long created; /* for lifetime */ |
143 | int count; /* for lifetime */ |
144 | }; |
145 | #endif |
146 | |
147 | /* Sensitivity Level Specification */ |
148 | /* nothing */ |
149 | |
150 | #define SADB_KILL_INTERVAL 600 /* six seconds */ |
151 | |
152 | struct key_cb { |
153 | int key_count; |
154 | int any_count; |
155 | }; |
156 | |
157 | /* secpolicy */ |
158 | extern struct secpolicy *keydb_newsecpolicy(void); |
159 | extern void keydb_delsecpolicy(struct secpolicy *); |
160 | /* secashead */ |
161 | extern struct secashead *keydb_newsecashead(void); |
162 | // extern void keydb_delsecashead(struct secashead *); // not used |
163 | /* secasvar */ |
164 | // extern struct secasvar *keydb_newsecasvar(void); // not used |
165 | // extern void keydb_refsecasvar(struct secasvar *); // not used |
166 | // extern void keydb_freesecasvar(struct secasvar *); // not used |
167 | /* secreplay */ |
168 | extern struct secreplay *keydb_newsecreplay(size_t); |
169 | extern void keydb_delsecreplay(struct secreplay *); |
170 | /* secreg */ |
171 | // extern struct secreg *keydb_newsecreg(void); // not used |
172 | // extern void keydb_delsecreg(struct secreg *); // not used |
173 | |
174 | #endif /* BSD_KERNEL_PRIVATE */ |
175 | |
176 | #endif /* _NETKEY_KEYDB_H_ */ |
177 | |