]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/netkey/keydb.h
xnu-1699.32.7.tar.gz
[apple/xnu.git] / bsd / netkey / keydb.h
... / ...
CommitLineData
1/* $KAME: keydb.h,v 1.9 2000/02/22 14:06:41 itojun Exp $ */
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#ifndef _NETKEY_KEYDB_H_
33#define _NETKEY_KEYDB_H_
34#include <sys/appleapiopts.h>
35
36#ifdef KERNEL
37#ifdef KERNEL_PRIVATE
38
39#include <netkey/key_var.h>
40
41/* Security Assocciation Index */
42/* NOTE: Ensure to be same address family */
43struct secasindex {
44 struct sockaddr_storage src; /* srouce address for SA */
45 struct sockaddr_storage dst; /* destination address for SA */
46 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
47 u_int8_t mode; /* mode of protocol, see ipsec.h */
48 u_int32_t reqid; /* reqid id who owned this SA */
49 /* see IPSEC_MANUAL_REQID_MAX. */
50};
51
52/* Security Association Data Base */
53struct secashead {
54 LIST_ENTRY(secashead) chain;
55
56 struct secasindex saidx;
57
58 struct sadb_ident *idents; /* source identity */
59 struct sadb_ident *identd; /* destination identity */
60 /* XXX I don't know how to use them. */
61
62 u_int8_t dir; /* IPSEC_DIR_INBOUND or IPSEC_DIR_OUTBOUND */
63 u_int8_t state; /* MATURE or DEAD. */
64 LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
65 /* SA chain */
66 /* The first of this list is newer SA */
67
68 struct route sa_route; /* route cache */
69};
70
71/* Security Association */
72struct secasvar {
73 LIST_ENTRY(secasvar) chain;
74 LIST_ENTRY(secasvar) spihash;
75 int refcnt; /* reference count */
76 u_int8_t state; /* Status of this Association */
77
78 u_int8_t alg_auth; /* Authentication Algorithm Identifier*/
79 u_int8_t alg_enc; /* Cipher Algorithm Identifier */
80 u_int32_t spi; /* SPI Value, network byte order */
81 u_int32_t flags; /* holder for SADB_KEY_FLAGS */
82
83 struct sadb_key *key_auth; /* Key for Authentication */
84 struct sadb_key *key_enc; /* Key for Encryption */
85 caddr_t iv; /* Initilization Vector */
86 u_int ivlen; /* length of IV */
87 void *sched; /* intermediate encryption key */
88 size_t schedlen;
89
90 struct secreplay *replay; /* replay prevention */
91 long created; /* for lifetime */
92
93 struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */
94 struct sadb_lifetime *lft_h; /* HARD lifetime */
95 struct sadb_lifetime *lft_s; /* SOFT lifetime */
96
97 u_int32_t seq; /* sequence number */
98 pid_t pid; /* message's pid */
99
100 struct secashead *sah; /* back pointer to the secashead */
101
102 /* Nat Traversal related bits */
103 u_int32_t natt_last_activity;
104 u_int16_t remote_ike_port;
105 u_int16_t natt_encapsulated_src_port; /* network byte order */
106};
107
108/* replay prevention */
109struct secreplay {
110 u_int32_t count;
111 u_int wsize; /* window size, i.g. 4 bytes */
112 u_int32_t seq; /* used by sender */
113 u_int32_t lastseq; /* used by receiver */
114 caddr_t bitmap; /* used by receiver */
115 int overflow; /* overflow flag */
116};
117
118/* socket table due to send PF_KEY messages. */
119struct secreg {
120 LIST_ENTRY(secreg) chain;
121
122 struct socket *so;
123};
124
125#ifndef IPSEC_NONBLOCK_ACQUIRE
126/* acquiring list table. */
127struct secacq {
128 LIST_ENTRY(secacq) chain;
129
130 struct secasindex saidx;
131
132 u_int32_t seq; /* sequence number */
133 long created; /* for lifetime */
134 int count; /* for lifetime */
135};
136#endif
137
138/* Sensitivity Level Specification */
139/* nothing */
140
141#define SADB_KILL_INTERVAL 600 /* six seconds */
142
143struct key_cb {
144 int key_count;
145 int any_count;
146};
147
148/* secpolicy */
149extern struct secpolicy *keydb_newsecpolicy(void);
150extern void keydb_delsecpolicy(struct secpolicy *);
151/* secashead */
152extern struct secashead *keydb_newsecashead(void);
153// extern void keydb_delsecashead(struct secashead *); // not used
154/* secasvar */
155// extern struct secasvar *keydb_newsecasvar(void); // not used
156// extern void keydb_refsecasvar(struct secasvar *); // not used
157// extern void keydb_freesecasvar(struct secasvar *); // not used
158/* secreplay */
159extern struct secreplay *keydb_newsecreplay(size_t);
160extern void keydb_delsecreplay(struct secreplay *);
161/* secreg */
162// extern struct secreg *keydb_newsecreg(void); // not used
163// extern void keydb_delsecreg(struct secreg *); // not used
164
165#endif /* KERNEL_PRIVATE */
166#endif /* KERNEL */
167
168#endif /* _NETKEY_KEYDB_H_ */