PageRenderTime 45ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/packages/net/bsd_tcpip/current/include/netkey/keydb.h

https://gitlab.com/metadevfoundation/ecos-ax-som-bf609
C Header | 178 lines | 82 code | 31 blank | 65 comment | 0 complexity | c32afb7382c3ae30a7f9d03bd2afe9f9 MD5 | raw file
Possible License(s): GPL-2.0, MIT 
    

  1. //==========================================================================

    2. 

  2. //

    3. 

  3. //      include/netkey/keydb.h

    4. 

  4. //

    5. 

  5. //==========================================================================

    6. 

  6. // ####BSDCOPYRIGHTBEGIN####                                    

    7. 

  7. // -------------------------------------------                  

    8. 

  8. // This file is part of eCos, the Embedded Configurable Operating System.

    9. 

  9. //

    10. 

  10. // Portions of this software may have been derived from FreeBSD 

    11. 

  11. // or other sources, and if so are covered by the appropriate copyright

    12. 

  12. // and license included herein.                                 

    13. 

  13. //

    14. 

  14. // Portions created by the Free Software Foundation are         

    15. 

  15. // Copyright (C) 2002 Free Software Foundation, Inc.            

    16. 

  16. // -------------------------------------------                  

    17. 

  17. // ####BSDCOPYRIGHTEND####                                      

    18. 

  18. //==========================================================================

    19. 

  19. 

    20. 

  20. /*	$KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $	*/

    21. 

  21. 

    22. 

  22. /*

    23. 

  23.  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.

    24. 

  24.  * All rights reserved.

    25. 

  25.  *

    26. 

  26.  * Redistribution and use in source and binary forms, with or without

    27. 

  27.  * modification, are permitted provided that the following conditions

    28. 

  28.  * are met:

    29. 

  29.  * 1. Redistributions of source code must retain the above copyright

    30. 

  30.  *    notice, this list of conditions and the following disclaimer.

    31. 

  31.  * 2. Redistributions in binary form must reproduce the above copyright

    32. 

  32.  *    notice, this list of conditions and the following disclaimer in the

    33. 

  33.  *    documentation and/or other materials provided with the distribution.

    34. 

  34.  * 3. Neither the name of the project nor the names of its contributors

    35. 

  35.  *    may be used to endorse or promote products derived from this software

    36. 

  36.  *    without specific prior written permission.

    37. 

  37.  *

    38. 

  38.  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND

    39. 

  39.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    40. 

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

    41. 

  41.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE

    42. 

  42.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

    43. 

  43.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

    44. 

  44.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    45. 

  45.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

    46. 

  46.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

    47. 

  47.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

    48. 

  48.  * SUCH DAMAGE.

    49. 

  49.  */

    50. 

  50. 

    51. 

  51. #ifndef _NETKEY_KEYDB_H_

    52. 

  52. #define _NETKEY_KEYDB_H_

    53. 

  53. 

    54. 

  54. #ifdef _KERNEL

    55. 

  55. 

    56. 

  56. #include <netkey/key_var.h>

    57. 

  57. 

    58. 

  58. /* Security Assocciation Index */

    59. 

  59. /* NOTE: Ensure to be same address family */

    60. 

  60. struct secasindex {

    61. 

  61. 	struct sockaddr_storage src;	/* srouce address for SA */

    62. 

  62. 	struct sockaddr_storage dst;	/* destination address for SA */

    63. 

  63. 	u_int16_t proto;		/* IPPROTO_ESP or IPPROTO_AH */

    64. 

  64. 	u_int8_t mode;			/* mode of protocol, see ipsec.h */

    65. 

  65. 	u_int32_t reqid;		/* reqid id who owned this SA */

    66. 

  66. 					/* see IPSEC_MANUAL_REQID_MAX. */

    67. 

  67. };

    68. 

  68. 

    69. 

  69. /* Security Association Data Base */

    70. 

  70. struct secashead {

    71. 

  71. 	LIST_ENTRY(secashead) chain;

    72. 

  72. 

    73. 

  73. 	struct secasindex saidx;

    74. 

  74. 

    75. 

  75. 	struct sadb_ident *idents;	/* source identity */

    76. 

  76. 	struct sadb_ident *identd;	/* destination identity */

    77. 

  77. 					/* XXX I don't know how to use them. */

    78. 

  78. 

    79. 

  79. 	u_int8_t state;			/* MATURE or DEAD. */

    80. 

  80. 	LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];

    81. 

  81. 					/* SA chain */

    82. 

  82. 					/* The first of this list is newer SA */

    83. 

  83. 

    84. 

  84. 	struct route sa_route;		/* route cache */

    85. 

  85. };

    86. 

  86. 

    87. 

  87. /* Security Association */

    88. 

  88. struct secasvar {

    89. 

  89. 	LIST_ENTRY(secasvar) chain;

    90. 

  90. 

    91. 

  91. 	int refcnt;			/* reference count */

    92. 

  92. 	u_int8_t state;			/* Status of this Association */

    93. 

  93. 

    94. 

  94. 	u_int8_t alg_auth;		/* Authentication Algorithm Identifier*/

    95. 

  95. 	u_int8_t alg_enc;		/* Cipher Algorithm Identifier */

    96. 

  96. 	u_int32_t spi;			/* SPI Value, network byte order */

    97. 

  97. 	u_int32_t flags;		/* holder for SADB_KEY_FLAGS */

    98. 

  98. 

    99. 

  99. 	struct sadb_key *key_auth;	/* Key for Authentication */

    100. 

  100. 	struct sadb_key *key_enc;	/* Key for Encryption */

    101. 

  101. 	caddr_t iv;			/* Initilization Vector */

    102. 

  102. 	u_int ivlen;			/* length of IV */

    103. 

  103. 	void *sched;			/* intermediate encryption key */

    104. 

  104. 	size_t schedlen;

    105. 

  105. 

    106. 

  106. 	struct secreplay *replay;	/* replay prevention */

    107. 

  107. 	long created;			/* for lifetime */

    108. 

  108. 

    109. 

  109. 	struct sadb_lifetime *lft_c;	/* CURRENT lifetime, it's constant. */

    110. 

  110. 	struct sadb_lifetime *lft_h;	/* HARD lifetime */

    111. 

  111. 	struct sadb_lifetime *lft_s;	/* SOFT lifetime */

    112. 

  112. 

    113. 

  113. 	u_int32_t seq;			/* sequence number */

    114. 

  114. 	pid_t pid;			/* message's pid */

    115. 

  115. 

    116. 

  116. 	struct secashead *sah;		/* back pointer to the secashead */

    117. 

  117. };

    118. 

  118. 

    119. 

  119. /* replay prevention */

    120. 

  120. struct secreplay {

    121. 

  121. 	u_int32_t count;

    122. 

  122. 	u_int wsize;		/* window size, i.g. 4 bytes */

    123. 

  123. 	u_int32_t seq;		/* used by sender */

    124. 

  124. 	u_int32_t lastseq;	/* used by receiver */

    125. 

  125. 	caddr_t bitmap;		/* used by receiver */

    126. 

  126. 	int overflow;		/* overflow flag */

    127. 

  127. };

    128. 

  128. 

    129. 

  129. /* socket table due to send PF_KEY messages. */

    130. 

  130. struct secreg {

    131. 

  131. 	LIST_ENTRY(secreg) chain;

    132. 

  132. 

    133. 

  133. 	struct socket *so;

    134. 

  134. };

    135. 

  135. 

    136. 

  136. #ifndef IPSEC_NONBLOCK_ACQUIRE

    137. 

  137. /* acquiring list table. */

    138. 

  138. struct secacq {

    139. 

  139. 	LIST_ENTRY(secacq) chain;

    140. 

  140. 

    141. 

  141. 	struct secasindex saidx;

    142. 

  142. 

    143. 

  143. 	u_int32_t seq;		/* sequence number */

    144. 

  144. 	long created;		/* for lifetime */

    145. 

  145. 	int count;		/* for lifetime */

    146. 

  146. };

    147. 

  147. #endif

    148. 

  148. 

    149. 

  149. /* Sensitivity Level Specification */

    150. 

  150. /* nothing */

    151. 

  151. 

    152. 

  152. #define SADB_KILL_INTERVAL	600	/* six seconds */

    153. 

  153. 

    154. 

  154. struct key_cb {

    155. 

  155. 	int key_count;

    156. 

  156. 	int any_count;

    157. 

  157. };

    158. 

  158. 

    159. 

  159. /* secpolicy */

    160. 

  160. extern struct secpolicy *keydb_newsecpolicy __P((void));

    161. 

  161. extern void keydb_delsecpolicy __P((struct secpolicy *));

    162. 

  162. /* secashead */

    163. 

  163. extern struct secashead *keydb_newsecashead __P((void));

    164. 

  164. extern void keydb_delsecashead __P((struct secashead *));

    165. 

  165. /* secasvar */

    166. 

  166. extern struct secasvar *keydb_newsecasvar __P((void));

    167. 

  167. extern void keydb_refsecasvar __P((struct secasvar *));

    168. 

  168. extern void keydb_freesecasvar __P((struct secasvar *));

    169. 

  169. /* secreplay */

    170. 

  170. extern struct secreplay *keydb_newsecreplay __P((size_t));

    171. 

  171. extern void keydb_delsecreplay __P((struct secreplay *));

    172. 

  172. /* secreg */

    173. 

  173. extern struct secreg *keydb_newsecreg __P((void));

    174. 

  174. extern void keydb_delsecreg __P((struct secreg *));

    175. 

  175. 

    176. 

  176. #endif /* _KERNEL */

    177. 

  177. 

    178. 

  178. #endif /* _NETKEY_KEYDB_H_ */

    179. 

  179.