| | 1 | /* |
| | 2 | * Copyright (c) 2011 Apple Inc. All rights reserved. |
| | 3 | * |
| | 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| | 5 | * |
| | 6 | * This file contains Original Code and/or Modifications of Original Code |
| | 7 | * as defined in and that are subject to the Apple Public Source License |
| | 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| | 9 | * compliance with the License. The rights granted to you under the License |
| | 10 | * may not be used to create, or enable the creation or redistribution of, |
| | 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| | 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| | 13 | * terms of an Apple operating system software license agreement. |
| | 14 | * |
| | 15 | * Please obtain a copy of the License at |
| | 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| | 17 | * |
| | 18 | * The Original Code and all software distributed under the License are |
| | 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| | 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| | 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| | 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| | 23 | * Please see the License for the specific language governing rights and |
| | 24 | * limitations under the License. |
| | 25 | * |
| | 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| | 27 | */ |
| | 28 | |
| | 29 | #ifndef _NET_IF_UTUN_CRYPTO_IPSEC_H_ |
| | 30 | #define _NET_IF_UTUN_CRYPTO_IPSEC_H_ |
| | 31 | |
| | 32 | #ifdef KERNEL_PRIVATE |
| | 33 | |
| | 34 | struct utun_pcb; |
| | 35 | |
| | 36 | #define UTUN_CRYPTO_DIR_TO_IPSEC_DIR(dir) (dir == UTUN_CRYPTO_DIR_IN)? IPSEC_DIR_INBOUND : IPSEC_DIR_OUTBOUND |
| | 37 | #define IF_UTUN_GET_TX_CRYPTO_KEYS(pcb) LIST_FIRST(&pcb->utun_crypto_ctx[UTUN_CRYPTO_DIR_TO_IDX(UTUN_CRYPTO_DIR_OUT)].keys_listhead) |
| | 38 | #define IF_UTUN_GET_CRYPTO_KEYS_IPSEC_SAH(keys) keys->state.u.ipsec.sah |
| | 39 | #define IF_UTUN_GET_CRYPTO_KEYS_IPSEC_SAV(keys) keys->state.u.ipsec.sav |
| | 40 | |
| | 41 | /* |
| | 42 | * Summary: cleans up all crypto info for the specified utun. |
| | 43 | */ |
| | 44 | void |
| | 45 | utun_cleanup_all_crypto_ipsec(struct utun_pcb *pcb); |
| | 46 | |
| | 47 | /* |
| | 48 | * Summary: enables ipsec crypto info for the specified utun. |
| | 49 | */ |
| | 50 | void |
| | 51 | utun_ctl_enable_crypto_ipsec(struct utun_pcb *pcb, utun_crypto_args_t *args); |
| | 52 | |
| | 53 | /* |
| | 54 | * Summary: disables ipsec crypto info for the specified utun. |
| | 55 | */ |
| | 56 | void |
| | 57 | utun_ctl_disable_crypto_ipsec(struct utun_pcb *pcb); |
| | 58 | |
| | 59 | /* |
| | 60 | * Summary: configures an ipsec crypto context for the specified utun, with keying material |
| | 61 | * (needed for traffic encrypt/decrypt). |
| | 62 | * Args: |
| | 63 | * pcb - the specified utun state info |
| | 64 | * args - the ipsec crypto context keying arguments as passed down from userland. |
| | 65 | * crypto_ctx_mat - the ipsec crypto context's keying material to be filled. |
| | 66 | * Returns: 0 if successful, otherwise returns an appropriate errno. |
| | 67 | */ |
| | 68 | errno_t |
| | 69 | utun_ctl_config_crypto_keys_ipsec(struct utun_pcb *pcb, |
| | 70 | utun_crypto_keys_args_t *args, |
| | 71 | utun_crypto_keys_t *crypto_ctx_mat); |
| | 72 | |
| | 73 | /* |
| | 74 | * Summary: unconfigures the keying material in an ipsec crypto context for the specified utun. |
| | 75 | * Args: |
| | 76 | * args - the ipsec crypto context keying arguments as passed down from userland. |
| | 77 | * crypto_ctx_mat - the ipsec crypto context's keying material to be filled. |
| | 78 | * Returns: 0 if successful, otherwise returns an appropriate errno. |
| | 79 | */ |
| | 80 | errno_t |
| | 81 | utun_ctl_unconfig_crypto_keys_ipsec(utun_crypto_keys_args_t *args, |
| | 82 | utun_crypto_keys_t *crypto_ctx_mat); |
| | 83 | |
| | 84 | /* |
| | 85 | * Summary: generates an SPI/index to be using by keying material in an ipsec crypto context |
| | 86 | * for the specified utun. |
| | 87 | * Args: |
| | 88 | * args - the ipsec crypto context key index arguments as passed down from userland. |
| | 89 | * Returns: 0 if successful, otherwise returns an appropriate errno. |
| | 90 | */ |
| | 91 | errno_t |
| | 92 | utun_ctl_generate_crypto_keys_idx_ipsec(utun_crypto_keys_idx_args_t *args); |
| | 93 | |
| | 94 | int |
| | 95 | utun_pkt_ipsec_output(struct utun_pcb *pcb, mbuf_t *pkt); |
| | 96 | |
| | 97 | int |
| | 98 | utun_pkt_is_ipsec_keepalive(struct utun_pcb *pcb, mbuf_t *pkt, u_int16_t nxt, u_int32_t flags, size_t off); |
| | 99 | |
| | 100 | int |
| | 101 | utun_pkt_ipsec_input(struct utun_pcb *pcb, mbuf_t *pkt, protocol_family_t family); |
| | 102 | |
| | 103 | #endif // KERNEL_PRIVATE |
| | 104 | |
| | 105 | #endif // _NET_IF_UTUN_CRYPTO_IPSEC_H_ |
projects / apple / xnu.git / blame_incremental