]> git.saurik.com Git - apple/xnu.git/blob - bsd/netkey/keydb.h
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-201.42.3.tar.gz
[apple/xnu.git] / bsd / netkey / keydb.h
1 /* $KAME: keydb.h,v 1.9 2000/02/22 14:06:41 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #ifndef _NETKEY_KEYDB_H_
33 #define _NETKEY_KEYDB_H_
34
35 #ifdef KERNEL
36
37 #include <netkey/key_var.h>
38
39 /* Security Assocciation Index */
40 /* NOTE: Ensure to be same address family */
41 struct secasindex {
42 struct sockaddr_storage src; /* srouce address for SA */
43 struct sockaddr_storage dst; /* destination address for SA */
44 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
45 u_int8_t mode; /* mode of protocol, see ipsec.h */
46 u_int32_t reqid; /* reqid id who owned this SA */
47 /* see IPSEC_MANUAL_REQID_MAX. */
48 };
49
50 /* Security Association Data Base */
51 struct secashead {
52 LIST_ENTRY(secashead) chain;
53
54 struct secasindex saidx;
55
56 struct sadb_ident *idents; /* source identity */
57 struct sadb_ident *identd; /* destination identity */
58 /* XXX I don't know how to use them. */
59
60 u_int8_t state; /* MATURE or DEAD. */
61 LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
62 /* SA chain */
63 /* The first of this list is newer SA */
64
65 struct route sa_route; /* route cache */
66 };
67
68 /* Security Association */
69 struct secasvar {
70 LIST_ENTRY(secasvar) chain;
71
72 int refcnt; /* reference count */
73 u_int8_t state; /* Status of this Association */
74
75 u_int8_t alg_auth; /* Authentication Algorithm Identifier*/
76 u_int8_t alg_enc; /* Cipher Algorithm Identifier */
77 u_int32_t spi; /* SPI Value, network byte order */
78 u_int32_t flags; /* holder for SADB_KEY_FLAGS */
79
80 struct sadb_key *key_auth; /* Key for Authentication */
81 /* length has been shifted up to 3. */
82 struct sadb_key *key_enc; /* Key for Encryption */
83 /* length has been shifted up to 3. */
84 caddr_t iv; /* Initilization Vector */
85 u_int ivlen; /* length of IV */
86 #if 0
87 caddr_t misc1;
88 caddr_t misc2;
89 caddr_t misc3;
90 #endif
91
92 struct secreplay *replay; /* replay prevention */
93 u_int32_t tick; /* for lifetime */
94
95 struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */
96 struct sadb_lifetime *lft_h; /* HARD lifetime */
97 struct sadb_lifetime *lft_s; /* SOFT lifetime */
98
99 u_int32_t seq; /* sequence number */
100 pid_t pid; /* message's pid */
101
102 struct secashead *sah; /* back pointer to the secashead */
103 };
104
105 /* replay prevention */
106 struct secreplay {
107 u_int32_t count;
108 u_int wsize; /* window size, i.g. 4 bytes */
109 u_int32_t seq; /* used by sender */
110 u_int32_t lastseq; /* used by receiver */
111 caddr_t bitmap; /* used by receiver */
112 int overflow; /* overflow flag */
113 };
114
115 /* socket table due to send PF_KEY messages. */
116 struct secreg {
117 LIST_ENTRY(secreg) chain;
118
119 struct socket *so;
120 };
121
122 #ifndef IPSEC_NONBLOCK_ACQUIRE
123 /* acquiring list table. */
124 struct secacq {
125 LIST_ENTRY(secacq) chain;
126
127 struct secasindex saidx;
128
129 u_int32_t seq; /* sequence number */
130 u_int32_t tick; /* for lifetime */
131 int count; /* for lifetime */
132 };
133 #endif
134
135 /* Sensitivity Level Specification */
136 /* nothing */
137
138 #define SADB_KILL_INTERVAL 600 /* six seconds */
139
140 struct key_cb {
141 int key_count;
142 int any_count;
143 };
144
145 /* secpolicy */
146 extern struct secpolicy *keydb_newsecpolicy __P((void));
147 extern void keydb_delsecpolicy __P((struct secpolicy *));
148 /* secashead */
149 extern struct secashead *keydb_newsecashead __P((void));
150 extern void keydb_delsecashead __P((struct secashead *));
151 /* secasvar */
152 extern struct secasvar *keydb_newsecasvar __P((void));
153 extern void keydb_refsecasvar __P((struct secasvar *));
154 extern void keydb_freesecasvar __P((struct secasvar *));
155 /* secreplay */
156 extern struct secreplay *keydb_newsecreplay __P((size_t));
157 extern void keydb_delsecreplay __P((struct secreplay *));
158 /* secreg */
159 extern struct secreg *keydb_newsecreg __P((void));
160 extern void keydb_delsecreg __P((struct secreg *));
161
162 #endif /* KERNEL */
163
164 #endif /* _NETKEY_KEYDB_H_ */
mirror of XNU