]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/netkey/keydb.h
xnu-1228.15.4.tar.gz
[apple/xnu.git] / bsd / netkey / keydb.h
... / ...
CommitLineData
1/* $KAME: keydb.h,v 1.9 2000/02/22 14:06:41 itojun Exp $ */
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#ifndef _NETKEY_KEYDB_H_
33#define _NETKEY_KEYDB_H_
34#include <sys/appleapiopts.h>
35
36#ifdef KERNEL
37#ifdef KERNEL_PRIVATE
38
39#include <netkey/key_var.h>
40
41/* Security Assocciation Index */
42/* NOTE: Ensure to be same address family */
43struct secasindex {
44 struct sockaddr_storage src; /* srouce address for SA */
45 struct sockaddr_storage dst; /* destination address for SA */
46 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
47 u_int8_t mode; /* mode of protocol, see ipsec.h */
48 u_int32_t reqid; /* reqid id who owned this SA */
49 /* see IPSEC_MANUAL_REQID_MAX. */
50};
51
52/* Security Association Data Base */
53struct secashead {
54 LIST_ENTRY(secashead) chain;
55
56 struct secasindex saidx;
57
58 struct sadb_ident *idents; /* source identity */
59 struct sadb_ident *identd; /* destination identity */
60 /* XXX I don't know how to use them. */
61
62 u_int8_t state; /* MATURE or DEAD. */
63 LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
64 /* SA chain */
65 /* The first of this list is newer SA */
66
67 struct route sa_route; /* route cache */
68};
69
70/* Security Association */
71struct secasvar {
72 LIST_ENTRY(secasvar) chain;
73 LIST_ENTRY(secasvar) spihash;
74 int refcnt; /* reference count */
75 u_int8_t state; /* Status of this Association */
76
77 u_int8_t alg_auth; /* Authentication Algorithm Identifier*/
78 u_int8_t alg_enc; /* Cipher Algorithm Identifier */
79 u_int32_t spi; /* SPI Value, network byte order */
80 u_int32_t flags; /* holder for SADB_KEY_FLAGS */
81
82 struct sadb_key *key_auth; /* Key for Authentication */
83 struct sadb_key *key_enc; /* Key for Encryption */
84 caddr_t iv; /* Initilization Vector */
85 u_int ivlen; /* length of IV */
86 void *sched; /* intermediate encryption key */
87 size_t schedlen;
88
89 struct secreplay *replay; /* replay prevention */
90 long created; /* for lifetime */
91
92 struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */
93 struct sadb_lifetime *lft_h; /* HARD lifetime */
94 struct sadb_lifetime *lft_s; /* SOFT lifetime */
95
96 u_int32_t seq; /* sequence number */
97 pid_t pid; /* message's pid */
98
99 struct secashead *sah; /* back pointer to the secashead */
100
101 /* Nat Traversal related bits */
102 u_int32_t natt_last_activity;
103 u_int16_t remote_ike_port;
104 u_int16_t natt_encapsulated_src_port; /* network byte order */
105};
106
107/* replay prevention */
108struct secreplay {
109 u_int32_t count;
110 u_int wsize; /* window size, i.g. 4 bytes */
111 u_int32_t seq; /* used by sender */
112 u_int32_t lastseq; /* used by receiver */
113 caddr_t bitmap; /* used by receiver */
114 int overflow; /* overflow flag */
115};
116
117/* socket table due to send PF_KEY messages. */
118struct secreg {
119 LIST_ENTRY(secreg) chain;
120
121 struct socket *so;
122};
123
124#ifndef IPSEC_NONBLOCK_ACQUIRE
125/* acquiring list table. */
126struct secacq {
127 LIST_ENTRY(secacq) chain;
128
129 struct secasindex saidx;
130
131 u_int32_t seq; /* sequence number */
132 long created; /* for lifetime */
133 int count; /* for lifetime */
134};
135#endif
136
137/* Sensitivity Level Specification */
138/* nothing */
139
140#define SADB_KILL_INTERVAL 600 /* six seconds */
141
142struct key_cb {
143 int key_count;
144 int any_count;
145};
146
147/* secpolicy */
148extern struct secpolicy *keydb_newsecpolicy(void);
149extern void keydb_delsecpolicy(struct secpolicy *);
150/* secashead */
151extern struct secashead *keydb_newsecashead(void);
152// extern void keydb_delsecashead(struct secashead *); // not used
153/* secasvar */
154// extern struct secasvar *keydb_newsecasvar(void); // not used
155// extern void keydb_refsecasvar(struct secasvar *); // not used
156// extern void keydb_freesecasvar(struct secasvar *); // not used
157/* secreplay */
158extern struct secreplay *keydb_newsecreplay(size_t);
159extern void keydb_delsecreplay(struct secreplay *);
160/* secreg */
161// extern struct secreg *keydb_newsecreg(void); // not used
162// extern void keydb_delsecreg(struct secreg *); // not used
163
164#endif /* KERNEL_PRIVATE */
165#endif /* KERNEL */
166
167#endif /* _NETKEY_KEYDB_H_ */