sys/netproto/key/keydb.h

   1 /*      $FreeBSD: src/sys/netkey/keydb.h,v 1.2.2.3 2003/01/11 19:10:59 ume Exp $        */
   2 /*      $DragonFly: src/sys/netproto/key/keydb.h,v 1.5 2006/05/20 02:42:13 dillon Exp $ */
   3 /*      $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $  */
   4
   5 /*
   6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  * 3. Neither the name of the project nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #ifndef _NETKEY_KEYDB_H_
  35 #define _NETKEY_KEYDB_H_
  36
  37 #ifdef _KERNEL
  38
  39 #ifndef _SYS_TYPES_H_
  40 #include <sys/types.h>
  41 #endif
  42 #ifndef _SYS_QUEUE_H_
  43 #include <sys/queue.h>
  44 #endif
  45 #ifndef _SYS_SOCKET_H_
  46 #include <sys/socket.h>
  47 #endif
  48 #ifndef _NET_ROUTE_H_
  49 #include <net/route.h>
  50 #endif
  51 #ifndef _NETINET_IN_H_
  52 #include <netinet/in.h>
  53 #endif
  54
  55 #include "key_var.h"
  56
  57 /* Security Assocciation Index */
  58 /* NOTE: Ensure to be same address family */
  59 struct secasindex {
  60         struct sockaddr_storage src;    /* srouce address for SA */
  61         struct sockaddr_storage dst;    /* destination address for SA */
  62         u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
  63         u_int8_t mode;                  /* mode of protocol, see ipsec.h */
  64         u_int32_t reqid;                /* reqid id who owned this SA */
  65                                         /* see IPSEC_MANUAL_REQID_MAX. */
  66 };
  67
  68 /* Security Association Data Base */
  69 struct secashead {
  70         LIST_ENTRY(secashead) chain;
  71
  72         struct secasindex saidx;
  73
  74         struct sadb_ident *idents;      /* source identity */
  75         struct sadb_ident *identd;      /* destination identity */
  76                                         /* XXX I don't know how to use them. */
  77
  78         u_int8_t state;                 /* MATURE or DEAD. */
  79         LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
  80                                         /* SA chain */
  81                                         /* The first of this list is newer SA */
  82
  83         union {
  84                 struct route sau_route;
  85                 struct route_in6 sau_route6;
  86         } sa_u;
  87 #define sa_route sa_u.sau_route
  88 };
  89
  90 /* Security Association */
  91 struct secasvar {
  92         LIST_ENTRY(secasvar) chain;
  93
  94         int refcnt;                     /* reference count */
  95         u_int8_t state;                 /* Status of this Association */
  96
  97         u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
  98         u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
  99         u_int32_t spi;                  /* SPI Value, network byte order */
 100         u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
 101
 102         struct sadb_key *key_auth;      /* Key for Authentication */
 103         struct sadb_key *key_enc;       /* Key for Encryption */
 104         caddr_t iv;                     /* Initilization Vector */
 105         u_int ivlen;                    /* length of IV */
 106         void *sched;                    /* intermediate encryption key */
 107         size_t schedlen;
 108
 109         struct secreplay *replay;       /* replay prevention */
 110         long created;                   /* for lifetime */
 111
 112         struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
 113         struct sadb_lifetime *lft_h;    /* HARD lifetime */
 114         struct sadb_lifetime *lft_s;    /* SOFT lifetime */
 115
 116         u_int32_t seq;                  /* sequence number */
 117         pid_t pid;                      /* message's pid */
 118
 119         struct secashead *sah;          /* back pointer to the secashead */
 120 };
 121
 122 /* replay prevention */
 123 struct secreplay {
 124         u_int32_t count;
 125         u_int wsize;            /* window size, i.g. 4 bytes */
 126         u_int32_t seq;          /* used by sender */
 127         u_int32_t lastseq;      /* used by receiver */
 128         caddr_t bitmap;         /* used by receiver */
 129         int overflow;           /* overflow flag */
 130 };
 131
 132 /* socket table due to send PF_KEY messages. */
 133 struct secreg {
 134         LIST_ENTRY(secreg) chain;
 135
 136         struct socket *so;
 137 };
 138
 139 #ifndef IPSEC_NONBLOCK_ACQUIRE
 140 /* acquiring list table. */
 141 struct secacq {
 142         LIST_ENTRY(secacq) chain;
 143
 144         struct secasindex saidx;
 145
 146         u_int32_t seq;          /* sequence number */
 147         long created;           /* for lifetime */
 148         int count;              /* for lifetime */
 149 };
 150 #endif
 151
 152 /* Sensitivity Level Specification */
 153 /* nothing */
 154
 155 #define SADB_KILL_INTERVAL      600     /* six seconds */
 156
 157 struct key_cb {
 158         int key_count;
 159         int any_count;
 160 };
 161
 162 /* secpolicy */
 163 extern struct secpolicy *keydb_newsecpolicy (void);
 164 extern void keydb_delsecpolicy (struct secpolicy *);
 165 /* secashead */
 166 extern struct secashead *keydb_newsecashead (void);
 167 extern void keydb_delsecashead (struct secashead *);
 168 /* secasvar */
 169 extern struct secasvar *keydb_newsecasvar (void);
 170 extern void keydb_refsecasvar (struct secasvar *);
 171 extern void keydb_freesecasvar (struct secasvar *);
 172 /* secreplay */
 173 extern struct secreplay *keydb_newsecreplay (size_t);
 174 extern void keydb_delsecreplay (struct secreplay *);
 175 /* secreg */
 176 extern struct secreg *keydb_newsecreg (void);
 177 extern void keydb_delsecreg (struct secreg *);
 178
 179 #endif /* _KERNEL */
 180
 181 #endif /* _NETKEY_KEYDB_H_ */