]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/if_utun_crypto.h
projects / apple / xnu.git / blob
? search:


14e92594dd23204909568071f68f3d275de667cc
[apple/xnu.git] / bsd / net / if_utun_crypto.h
1 /*
2 * Copyright (c) 2011 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #ifndef _NET_IF_UTUN_CRYPTO_H_
30 #define _NET_IF_UTUN_CRYPTO_H_
31
32 // constants used in configuring the crypto context
33 typedef enum utun_crypto_ver {
34 UTUN_CRYPTO_VER_1 = 1,
35 UTUN_CRYPTO_VER_MAX,
36 } utun_crypto_ver_t;
37
38 #define UTUN_CRYPTO_KEYS_IPSEC_VER_1 UTUN_CRYPTO_VER_1
39 #define UTUN_CRYPTO_IPSEC_VER_1 UTUN_CRYPTO_VER_1
40 #define UTUN_CRYPTO_DTLS_VER_1 UTUN_CRYPTO_VER_1
41
42 #define UTUN_CRYPTO_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX
43 #define UTUN_CRYPTO_KEYS_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX
44 #define UTUN_CRYPTO_FRAMER_ARGS_VER_MAX UTUN_CRYPTO_VER_MAX
45
46 typedef enum utun_crypto_dir {
47 UTUN_CRYPTO_DIR_IN = 1,
48 UTUN_CRYPTO_DIR_OUT,
49 UTUN_CRYPTO_DIR_MAX,
50 } utun_crypto_dir_t;
51
52 #define UTUN_CRYPTO_CTX_NUM_DIRS 2
53
54 #define BITSTOBYTES(n) (n >> 3)
55 #define BYTESTOBITS(n) (n << 3)
56
57 #define MAX_KEY_AUTH_LEN_BITS 512 // corresponds to SHA512
58 #define MAX_KEY_AUTH_LEN_BYTES (BITSTOBYTES(MAX_KEY_AUTH_LEN_BITS))
59 #define MAX_KEY_ENC_LEN_BITS 256 // corresponds to AES256
60 #define MAX_KEY_ENC_LEN_BYTES (BITSTOBYTES(MAX_KEY_ENC_LEN_BITS))
61
62 typedef enum utun_crypto_type {
63 UTUN_CRYPTO_TYPE_IPSEC = 1,
64 UTUN_CRYPTO_TYPE_DTLS,
65 UTUN_CRYPTO_TYPE_MAX,
66 } utun_crypto_type_t;
67
68 typedef enum if_utun_crypto_ipsec_mode {
69 IF_UTUN_CRYPTO_IPSEC_MODE_NONE = 0,
70 IF_UTUN_CRYPTO_IPSEC_MODE_TRANSPORT,
71 IF_UTUN_CRYPTO_IPSEC_MODE_TUNNEL,
72 IF_UTUN_CRYPTO_IPSEC_MODE_MAX,
73 } if_utun_crypto_ipsec_mode_t;
74
75 typedef enum if_utun_crypto_ipsec_proto {
76 IF_UTUN_CRYPTO_IPSEC_PROTO_NONE = 0,
77 IF_UTUN_CRYPTO_IPSEC_PROTO_ESP,
78 IF_UTUN_CRYPTO_IPSEC_PROTO_AH,
79 IF_UTUN_CRYPTO_IPSEC_PROTO_MAX,
80 } if_utun_crypto_ipsec_proto_t;
81
82 typedef enum if_utun_crypto_ipsec_auth {
83 IF_UTUN_CRYPTO_IPSEC_AUTH_NONE = 0,
84 IF_UTUN_CRYPTO_IPSEC_AUTH_MD5,
85 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA1,
86 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA256,
87 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA384,
88 IF_UTUN_CRYPTO_IPSEC_AUTH_SHA512,
89 IF_UTUN_CRYPTO_IPSEC_AUTH_MAX,
90 } if_utun_crypto_ipsec_auth_t;
91
92 typedef enum if_utun_crypto_ipsec_enc {
93 IF_UTUN_CRYPTO_IPSEC_ENC_NONE = 0,
94 IF_UTUN_CRYPTO_IPSEC_ENC_DES,
95 IF_UTUN_CRYPTO_IPSEC_ENC_3DES,
96 IF_UTUN_CRYPTO_IPSEC_ENC_AES128,
97 IF_UTUN_CRYPTO_IPSEC_ENC_AES256,
98 IF_UTUN_CRYPTO_IPSEC_ENC_MAX,
99 } if_utun_crypto_ipsec_enc_t;
100
101 typedef enum if_utun_crypto_ipsec_keepalive {
102 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NONE = 0,
103 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_NATT,
104 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_ESP,
105 IF_UTUN_CRYPTO_IPSEC_KEEPALIVE_MAX,
106 } if_utun_crypto_ipsec_keepalive_t;
107
108 typedef enum if_utun_crypto_ipsec_natd {
109 IF_UTUN_CRYPTO_IPSEC_NATD_NONE = 0,
110 IF_UTUN_CRYPTO_IPSEC_NATD_MINE,
111 IF_UTUN_CRYPTO_IPSEC_NATD_PEER,
112 IF_UTUN_CRYPTO_IPSEC_NATD_BOTH,
113 IF_UTUN_CRYPTO_IPSEC_NATD_MAX,
114 } if_utun_crypto_ipsec_natd_t;
115
116 // structures used for storing the App's keying index arguments
117 typedef struct utun_crypto_keys_idx_ipsec_args_v1 {
118 struct sockaddr_storage src_addr; // v4 or v6 socket address (ignore port numbers)
119 struct sockaddr_storage dst_addr; // v4 or v6 socket address (ignore port numbers)
120 if_utun_crypto_ipsec_proto_t proto;
121 if_utun_crypto_ipsec_mode_t mode;
122 u_int32_t reqid; // policy's reqid, default to 0 for now since we are avoiding policies.
123 u_int32_t spi; // 0 when requesting the index, otherwise it contains the resulting index
124 u_int32_t spirange_min; // default to 0
125 u_int32_t spirange_max; // default to 0xffffffff
126 } __attribute__((packed)) utun_crypto_keys_idx_ipsec_args_v1_t;
127
128 typedef struct utun_crypto_keys_idx_dtls_args_v1 {
129 // stub for DTLS keying index arguments
130 u_int32_t unused; // place holder
131 } __attribute__((packed)) utun_crypto_keys_idx_dtls_args_v1_t;
132
133 // App's parent structure for sending/storing keying index arguments
134 typedef struct utun_crypto_keys_idx_args {
135 utun_crypto_ver_t ver;
136 utun_crypto_type_t type;
137 utun_crypto_dir_t dir;
138 u_int32_t args_ulen;
139 u_int32_t varargs_buflen;
140 union {
141 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_CTX_IDX_ARGS_HDR_SIZE breaks backwards compatibility
142 utun_crypto_keys_idx_ipsec_args_v1_t ipsec_v1;
143 utun_crypto_keys_idx_dtls_args_v1_t dtls_v1;
144 // future (additional) versions of the arguments may be placed here
145 } u;
146 u_int8_t varargs_buf[0];
147 } __attribute__((aligned(4), packed)) utun_crypto_keys_idx_args_t;
148
149 // structures used for storing the App's keying material arguments
150 typedef struct utun_crypto_keys_ipsec_args_v1 {
151 struct sockaddr_storage src_addr; // v4 or v6 socket address (ignore port numbers)
152 struct sockaddr_storage dst_addr; // v4 or v6 socket address (ignore port numbers)
153 if_utun_crypto_ipsec_proto_t proto;
154 if_utun_crypto_ipsec_mode_t mode;
155 if_utun_crypto_ipsec_auth_t alg_auth;
156 if_utun_crypto_ipsec_enc_t alg_enc;
157 if_utun_crypto_ipsec_keepalive_t keepalive;
158 if_utun_crypto_ipsec_natd_t natd;
159 u_int8_t replay; // window size default to 4
160 u_int8_t punt_rx_keepalive;
161 u_int16_t interval_tx_keepalive;
162 u_int16_t key_auth_len; // 128 or 160 or 192 or 256 or 384 or 512
163 u_int16_t key_enc_len; // 64 or 128 or 192 or 256
164 u_int16_t natt_port; // if non-zero flags will be set to include SADB_X_EXT_NATT
165 u_int16_t unused;
166 u_int32_t seq; // default to 0
167 u_int32_t spi;
168 u_int32_t pid; // vpnagent's process id
169 u_int32_t reqid; // policy's reqid, default to 0 for now since we are avoiding policies.
170 u_int64_t lifetime_hard; // value in seconds
171 u_int64_t lifetime_soft; // value in seconds
172 // key_auth and key_enc will actually be stored in utun_crypto_KEYS_args_t.varargs_buf
173 } __attribute__((packed)) utun_crypto_keys_ipsec_args_v1_t;
174
175 typedef struct utun_crypto_keys_dtls_args_v1 {
176 // stub for DTLS keying material arguments
177 u_int32_t unused; // place holder
178 } __attribute__((packed)) utun_crypto_keys_dtls_args_v1_t;
179
180 // App's parent structure for sending/storing keying material arguments
181 typedef struct utun_crypto_keys_args {
182 utun_crypto_ver_t ver;
183 utun_crypto_type_t type;
184 utun_crypto_dir_t dir;
185 u_int32_t args_ulen;
186 u_int32_t varargs_buflen;
187 union {
188 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
189 utun_crypto_keys_ipsec_args_v1_t ipsec_v1;
190 utun_crypto_keys_dtls_args_v1_t dtls_v1;
191 // future (additional) versions of the arguments may be placed here
192 } u;
193 u_int8_t varargs_buf[0];
194 } __attribute__((aligned(4), packed)) utun_crypto_keys_args_t;
195
196 // structures used for storing the App's crypto arguments
197 typedef struct utun_crypto_ipsec_args_v1 {
198 // stub for IPSec crypto context arguments
199 u_int32_t unused; // place holder
200 } __attribute__((packed)) utun_crypto_ipsec_args_v1_t;
201
202 typedef struct utun_crypto_dtls_args_v1 {
203 // stub for DTLS crypto context arguments
204 int kpi_handle;
205 } __attribute__((packed)) utun_crypto_dtls_args_v1_t;
206
207 // App's parent structure for starting/stopping crypto
208 typedef struct utun_crypto_args {
209 utun_crypto_ver_t ver;
210 utun_crypto_type_t type;
211 u_int32_t stop_data_traffic;
212 u_int32_t args_ulen;
213 u_int32_t varargs_buflen;
214 union {
215 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_ARGS_HDR_SIZE breaks backwards compatibility
216 utun_crypto_ipsec_args_v1_t ipsec_v1;
217 utun_crypto_dtls_args_v1_t dtls_v1;
218 // future (additional) versions of the arguments may be placed here
219 } u;
220 u_int8_t varargs_buf[0]; // must be at the end of this struct
221 } __attribute__((aligned(4), packed)) utun_crypto_args_t;
222
223 typedef enum {
224 UTUN_CRYPTO_INNER_TYPE_IPv4 = 1,
225 UTUN_CRYPTO_INNER_TYPE_IPv6,
226 UTUN_CRYPTO_INNER_TYPE_MAX,
227 } utun_crypto_framer_inner_type_t;
228
229 typedef struct utun_crypto_framer_ipsec_args_v1 {
230 // stub for IPSec framer arguments
231 u_int32_t unused; // place holder
232 } __attribute__((packed)) utun_crypto_framer_ipsec_args_v1_t;
233
234 typedef struct utun_crypto_framer_dtls_in_args_v1 {
235 int in_pattern_len;
236 int in_pattern_mask_len;
237 int in_data_offset;
238 // in_pattern, in_pattern_mask will actually be stored in utun_crypto_framer_args_t.varargs_buf
239 } __attribute__((packed)) utun_crypto_framer_dtls_in_args_v1_t;
240
241 typedef struct utun_crypto_framer_dtls_out_args_v1 {
242 int out_pattern_len;
243 u_int32_t len_field_mask; // 0 means unconfigured
244 int len_field_offset;
245 int len_field_extra;
246 u_int32_t sequence_field;
247 u_int32_t sequence_field_mask; // 0 means unconfigured
248 int sequence_field_offset;
249 // out_pattern will actually be stored in utun_crypto_framer_args_t.varargs_buf
250 } __attribute__((packed)) utun_crypto_framer_dtls_out_args_v1_t;
251
252 typedef struct utun_crypto_framer_dtls_args_v1 {
253 // the following depend on utun_crypto_framer_args_t.dir
254 union {
255 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
256 utun_crypto_framer_dtls_in_args_v1_t in;
257 utun_crypto_framer_dtls_out_args_v1_t out;
258 // future (additional) versions of the arguments may be placed here
259 } u;
260 } __attribute__((packed)) utun_crypto_framer_dtls_args_v1_t;
261
262 // App's parent structure for sending/storing framer arguments
263 typedef struct utun_crypto_framer_args {
264 utun_crypto_ver_t ver;
265 utun_crypto_type_t type;
266 utun_crypto_dir_t dir;
267 utun_crypto_framer_inner_type_t inner_type;
268 u_int32_t args_ulen;
269 u_int32_t varargs_buflen;
270 union {
271 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
272 utun_crypto_framer_ipsec_args_v1_t ipsec_v1;
273 utun_crypto_framer_dtls_args_v1_t dtls_v1;
274 // future (additional) versions of the arguments may be placed here
275 } u;
276 u_int8_t varargs_buf[0];
277 } __attribute__((aligned(4), packed)) utun_crypto_framer_args_t;
278
279 #define utun_crypto_framer_args_dtls_in(framer) framer->u.dtls_v1.u.in
280 #define utun_crypto_framer_args_dtls_out(framer) framer->u.dtls_v1.u.out
281
282 #ifdef KERNEL_PRIVATE
283
284 #include <sys/kern_control.h>
285 #include <net/kpi_protocol.h>
286 #include <net/kpi_interface.h>
287 #include <net/pfkeyv2.h>
288 #include <netkey/key.h>
289 #include <netkey/keydb.h>
290 #include <net/bpf.h>
291
292 struct utun_pcb;
293
294 // structures used for storing kernel's keying material runtime state
295 typedef struct utun_crypto_keys_ipsec_state {
296 // kernel's ipsec keying material state
297 u_int32_t spi;
298 struct secashead *sah;
299 struct secasvar *sav;
300 u_int8_t proto;
301 u_int8_t ifamily;
302 u_int8_t mode;
303 u_int8_t unused;
304 } __attribute__((packed)) utun_crypto_keys_ipsec_state_t;
305
306 typedef struct utun_crypto_keys_dtls_state {
307 // stub for kernel's DTLS keying material state
308 u_int32_t unused; // place holder
309 } __attribute__((packed)) utun_crypto_keys_dtls_state_t;
310
311 // kernel's parent structure for keying material state
312 typedef struct utun_crypto_keys_state {
313 union {
314 utun_crypto_keys_ipsec_state_t ipsec;
315 utun_crypto_keys_dtls_state_t dtls;
316 } u;
317 } __attribute__((aligned(4), packed)) utun_crypto_keys_state_t;
318
319 // kernel's parent structure for keying material
320 typedef struct utun_crypto_keys {
321 int valid; // is valid?
322 utun_crypto_type_t type;
323 u_int16_t unused;
324 utun_crypto_keys_state_t state; // runtime state
325 LIST_ENTRY(utun_crypto_keys) chain;
326 } __attribute__((aligned(4), packed)) utun_crypto_keys_t;
327
328 // structures used for storing kernel's framer runtime state
329 typedef struct utun_crypto_framer_ipsec_state {
330 // stub for kernel's IPSec framer state
331 u_int32_t unused; // place holder
332 } __attribute__((packed)) utun_crypto_framer_ipsec_state_t;
333
334 typedef struct utun_crypto_framer_dtls_in_state {
335 u_int8_t *in_pattern;
336 int in_pattern_len;
337 u_int8_t *in_pattern_mask;
338 u_int8_t *in_pattern_masked;
339 int in_data_offset;
340 struct bpf_program in_pattern_filter;
341 } __attribute__((packed)) utun_crypto_framer_dtls_in_state_t;
342
343 typedef struct utun_crypto_framer_dtls_out_state {
344 u_int8_t *out_pattern;
345 int out_pattern_len;
346 u_int32_t len_field_mask; // 0 means unconfigured
347 int len_field_offset;
348 int len_field_extra;
349 u_int32_t sequence_field;
350 u_int32_t sequence_field_initval;
351 u_int32_t sequence_field_mask; // 0 means unconfigured
352 int sequence_field_offset;
353 } __attribute__((packed)) utun_crypto_framer_dtls_out_state_t;
354
355 typedef struct utun_crypto_framer_dtls_state {
356 union {
357 // don't change the order, number, or size of elements above this line (in this struct). otherwise UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE breaks backwards compatibility
358 utun_crypto_framer_dtls_in_state_t in;
359 utun_crypto_framer_dtls_out_state_t out;
360 // future (additional) versions of the arguments may be placed here
361 } u;
362 } __attribute__((packed)) utun_crypto_framer_dtls_state_t;
363
364 // kernel's parent structure for framer state
365 typedef struct utun_crypto_framer_state {
366 union {
367 utun_crypto_framer_ipsec_state_t ipsec;
368 utun_crypto_framer_dtls_state_t dtls;
369 } u;
370 } __attribute__((aligned(4), packed)) utun_crypto_framer_state_t;
371
372 // kernel's parent structure for the framer
373 typedef struct utun_crypto_framer {
374 int valid; // is valid?
375 utun_crypto_type_t type;
376 utun_crypto_dir_t dir;
377 utun_crypto_framer_inner_type_t inner_type;
378 protocol_family_t inner_protocol_family;
379 utun_crypto_framer_state_t state; // runtime state
380 LIST_ENTRY(utun_crypto_framer) framer_chain;
381 } __attribute__((aligned(4), packed)) utun_crypto_framer_t;
382
383 #define UTUN_CRYPTO_INNER_TYPE_TO_IDX(type) (type - 1)
384 #define UTUN_CRYPTO_IDX_TO_INNER_TYPE(idx) (idx + 1)
385 #define UTUN_CRYPTO_INNER_TYPE_IDX_MAX UTUN_CRYPTO_INNER_TYPE_TO_IDX(UTUN_CRYPTO_INNER_TYPE_MAX)
386
387 #define UTUN_CRYPTO_DIR_TO_IDX(dir) (dir - 1)
388 #define UTUN_CRYPTO_IDX_TO_DIR(idx) (idx + 1)
389 #define UTUN_CRYPTO_DIR_IDX_MAX UTUN_CRYPTO_DIR_TO_IDX(UTUN_CRYPTO_DIR_MAX)
390
391 #define utun_crypto_framer_state_dtls_in(framer) framer->state.u.dtls.u.in
392 #define utun_crypto_framer_state_dtls_out(framer) framer->state.u.dtls.u.out
393
394 // kernel's parent structure for all crypto stuff
395 typedef struct utun_crypto_ctx {
396 int valid;
397 utun_crypto_type_t type;
398 u_int16_t unused;
399 LIST_HEAD(chain, utun_crypto_keys) keys_listhead;
400 LIST_HEAD(framer_chain, utun_crypto_framer) framer_listheads[UTUN_CRYPTO_INNER_TYPE_IDX_MAX];
401 int num_framers;
402 int kpi_handle;
403 caddr_t kpi_ref;
404 int kpi_refcnt;
405 } __attribute__((aligned(4), packed)) utun_crypto_ctx_t;
406
407 #define UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_keys_idx_args_t *)0)->u))
408 #define UTUN_CRYPTO_KEYS_IDX_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen)
409 #define UTUN_CRYPTO_KEYS_IDX_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_KEYS_IDX_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
410
411 #define UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_keys_args_t *)0)->u))
412 #define UTUN_CRYPTO_KEYS_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen)
413 #define UTUN_CRYPTO_KEYS_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_KEYS_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
414
415 #define UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_framer_args_t *)0)->u))
416 #define UTUN_CRYPTO_FRAMER_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen)
417 #define UTUN_CRYPTO_FRAMER_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_FRAMER_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
418
419 #define UTUN_CRYPTO_ARGS_HDR_SIZE ((size_t)(&((utun_crypto_args_t *)0)->u))
420 #define UTUN_CRYPTO_ARGS_VARARGS_BUF(args) ((u_int8_t *)args + UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen)
421 #define UTUN_CRYPTO_ARGS_TOTAL_SIZE(args) ((size_t)(UTUN_CRYPTO_ARGS_HDR_SIZE + args->args_ulen + args->varargs_buflen))
422
423 typedef caddr_t (*utun_crypto_kpi_connect_func)(int kpi_handle, struct utun_pcb *utun_ref);
424
425 typedef errno_t (*utun_crypto_kpi_send_func)(caddr_t ref, mbuf_t *pkt);
426
427 typedef struct utun_crypto_kpi_reg {
428 /* Dispatch functions */
429 utun_crypto_type_t crypto_kpi_type;
430 u_int32_t crypto_kpi_flags;
431 utun_crypto_kpi_connect_func crypto_kpi_connect;
432 utun_crypto_kpi_send_func crypto_kpi_send;
433 } utun_crypto_kpi_reg_t;
434
435 typedef struct utun_crypto_kpi_reg_list {
436 utun_crypto_kpi_reg_t reg;
437 struct utun_crypto_kpi_reg_list *next;
438 } utun_crypto_kpi_reg_list_t;
439
440 void
441 utun_ctl_init_crypto(void);
442
443 /*
444 * Summary: registers the crypto KPI's Kext routines with UTUN... so that UTUN can make calls into it (e.g. DTLS)
445 */
446 errno_t
447 utun_crypto_kpi_register(utun_crypto_kpi_reg_t *reg);
448
449 void
450 utun_cleanup_crypto(struct utun_pcb *pcb);
451
452 errno_t
453 utun_ctl_enable_crypto(__unused kern_ctl_ref kctlref,
454 __unused u_int32_t unit,
455 __unused void *unitinfo,
456 __unused int opt,
457 void *data,
458 size_t len);
459
460 errno_t
461 utun_ctl_disable_crypto(__unused kern_ctl_ref kctlref,
462 __unused u_int32_t unit,
463 __unused void *unitinfo,
464 __unused int opt,
465 void *data,
466 size_t len);
467
468 errno_t
469 utun_ctl_config_crypto_keys(__unused kern_ctl_ref kctlref,
470 __unused u_int32_t unit,
471 __unused void *unitinfo,
472 __unused int opt,
473 void *data,
474 size_t len);
475
476 errno_t
477 utun_ctl_unconfig_crypto_keys(__unused kern_ctl_ref kctlref,
478 __unused u_int32_t unit,
479 __unused void *unitinfo,
480 __unused int opt,
481 void *data,
482 size_t len);
483
484 errno_t
485 utun_ctl_config_crypto_framer(__unused kern_ctl_ref kctlref,
486 __unused u_int32_t unit,
487 __unused void *unitinfo,
488 __unused int opt,
489 void *data,
490 size_t len);
491
492 errno_t
493 utun_ctl_unconfig_crypto_framer(__unused kern_ctl_ref kctlref,
494 __unused u_int32_t unit,
495 __unused void *unitinfo,
496 __unused int opt,
497 void *data,
498 size_t len);
499
500 errno_t
501 utun_ctl_generate_crypto_keys_idx(__unused kern_ctl_ref kctlref,
502 __unused u_int32_t unit,
503 __unused void *unitinfo,
504 __unused int opt,
505 void *data,
506 size_t *len);
507
508 errno_t
509 utun_ctl_stop_crypto_data_traffic(__unused kern_ctl_ref kctlref,
510 __unused u_int32_t unit,
511 __unused void *unitinfo,
512 __unused int opt,
513 void *data,
514 size_t len);
515
516 errno_t
517 utun_ctl_start_crypto_data_traffic(__unused kern_ctl_ref kctlref,
518 __unused u_int32_t unit,
519 __unused void *unitinfo,
520 __unused int opt,
521 void *data,
522 size_t len);
523
524 int
525 utun_pkt_crypto_output(struct utun_pcb *pcb, mbuf_t *m);
526
527 #endif // KERNEL_PRIVATE
528
529 #endif // _NET_IF_UTUN_CRYPTO_H_
mirror of XNU