]>
Commit | Line | Data |
---|---|---|
0fecac98 MW |
1 | /* |
2 | * Definitions relevant to IPSEC transformations | |
3 | * Copyright (C) 1996, 1997 John Ioannidis. | |
4 | * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | * | |
16 | * RCSID $Id: ipsec_xform.h,v 1.3 2004/09/29 22:26:13 as Exp $ | |
17 | */ | |
18 | ||
19 | #ifndef _IPSEC_XFORM_H_ | |
20 | ||
21 | #include <freeswan.h> | |
22 | #include "ipsec_policy.h" | |
23 | ||
24 | #define XF_NONE 0 /* No transform set */ | |
25 | #define XF_IP4 1 /* IPv4 inside IPv4 */ | |
26 | #define XF_AHMD5 2 /* AH MD5 */ | |
27 | #define XF_AHSHA 3 /* AH SHA */ | |
28 | #define XF_ESP3DES 5 /* ESP DES3-CBC */ | |
29 | #define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */ | |
30 | #define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */ | |
31 | #define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */ | |
32 | #define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */ | |
33 | #define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */ | |
34 | #define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */ | |
35 | #define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */ | |
36 | #define XF_IP6 15 /* IPv6 inside IPv6 */ | |
37 | #define XF_COMPDEFLATE 16 /* IPCOMP deflate */ | |
38 | ||
39 | #define XF_CLR 126 /* Clear SA table */ | |
40 | #define XF_DEL 127 /* Delete SA */ | |
41 | ||
42 | #define XFT_AUTH 0x0001 | |
43 | #define XFT_CONF 0x0100 | |
44 | ||
45 | /* available if CONFIG_IPSEC_DEBUG is defined */ | |
46 | #define DB_XF_INIT 0x0001 | |
47 | ||
48 | #define PROTO2TXT(x) \ | |
49 | (x) == IPPROTO_AH ? "AH" : \ | |
50 | (x) == IPPROTO_ESP ? "ESP" : \ | |
51 | (x) == IPPROTO_IPIP ? "IPIP" : \ | |
52 | (x) == IPPROTO_COMP ? "COMP" : \ | |
53 | "UNKNOWN_proto" | |
54 | static inline const char *enc_name_id (unsigned id) { | |
55 | static char buf[16]; | |
56 | snprintf(buf, sizeof(buf), "_ID%d", id); | |
57 | return buf; | |
58 | } | |
59 | static inline const char *auth_name_id (unsigned id) { | |
60 | static char buf[16]; | |
61 | snprintf(buf, sizeof(buf), "_ID%d", id); | |
62 | return buf; | |
63 | } | |
64 | #define IPS_XFORM_NAME(x) \ | |
65 | PROTO2TXT((x)->ips_said.proto), \ | |
66 | (x)->ips_said.proto == IPPROTO_COMP ? \ | |
67 | ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \ | |
68 | "_DEFLATE" : "_UNKNOWN_comp") : \ | |
69 | (x)->ips_encalg == ESP_NONE ? "" : \ | |
70 | (x)->ips_encalg == ESP_3DES ? "_3DES" : \ | |
71 | (x)->ips_encalg == ESP_AES ? "_AES" : \ | |
72 | (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \ | |
73 | (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \ | |
74 | enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \ | |
75 | (x)->ips_authalg == AH_NONE ? "" : \ | |
76 | (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \ | |
77 | (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \ | |
78 | (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \ | |
79 | (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \ | |
80 | (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \ | |
81 | auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \ | |
82 | ||
83 | #define _IPSEC_XFORM_H_ | |
84 | #endif /* _IPSEC_XFORM_H_ */ | |
85 | ||
86 | /* | |
87 | * $Log: ipsec_xform.h,v $ | |
88 | * Revision 1.3 2004/09/29 22:26:13 as | |
89 | * included ipsec_policy.h | |
90 | * | |
91 | * Revision 1.2 2004/03/22 21:53:18 as | |
92 | * merged alg-0.8.1 branch with HEAD | |
93 | * | |
94 | * Revision 1.1.4.1 2004/03/16 09:48:18 as | |
95 | * alg-0.8.1rc12 patch merged | |
96 | * | |
97 | * Revision 1.1 2004/03/15 20:35:25 as | |
98 | * added files from freeswan-2.04-x509-1.5.3 | |
99 | * | |
100 | * Revision 1.36 2002/04/24 07:36:48 mcr | |
101 | * Moved from ./klips/net/ipsec/ipsec_xform.h,v | |
102 | * | |
103 | * Revision 1.35 2001/11/26 09:23:51 rgb | |
104 | * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
105 | * | |
106 | * Revision 1.33.2.1 2001/09/25 02:24:58 mcr | |
107 | * struct tdb -> struct ipsec_sa. | |
108 | * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c | |
109 | * ipsec_xform.c removed. header file still contains useful things. | |
110 | * | |
111 | * Revision 1.34 2001/11/06 19:47:17 rgb | |
112 | * Changed lifetime_packets to uint32 from uint64. | |
113 | * | |
114 | * Revision 1.33 2001/09/08 21:13:34 rgb | |
115 | * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
116 | * | |
117 | * Revision 1.32 2001/07/06 07:40:01 rgb | |
118 | * Reformatted for readability. | |
119 | * Added inbound policy checking fields for use with IPIP SAs. | |
120 | * | |
121 | * Revision 1.31 2001/06/14 19:35:11 rgb | |
122 | * Update copyright date. | |
123 | * | |
124 | * Revision 1.30 2001/05/30 08:14:03 rgb | |
125 | * Removed vestiges of esp-null transforms. | |
126 | * | |
127 | * Revision 1.29 2001/01/30 23:42:47 rgb | |
128 | * Allow pfkey msgs from pid other than user context required for ACQUIRE | |
129 | * and subsequent ADD or UDATE. | |
130 | * | |
131 | * Revision 1.28 2000/11/06 04:30:40 rgb | |
132 | * Add Svenning's adaptive content compression. | |
133 | * | |
134 | * Revision 1.27 2000/09/19 00:38:25 rgb | |
135 | * Fixed algorithm name bugs introduced for ipcomp. | |
136 | * | |
137 | * Revision 1.26 2000/09/17 21:36:48 rgb | |
138 | * Added proto2txt macro. | |
139 | * | |
140 | * Revision 1.25 2000/09/17 18:56:47 rgb | |
141 | * Added IPCOMP support. | |
142 | * | |
143 | * Revision 1.24 2000/09/12 19:34:12 rgb | |
144 | * Defined XF_IP6 from Gerhard for ipv6 tunnel support. | |
145 | * | |
146 | * Revision 1.23 2000/09/12 03:23:14 rgb | |
147 | * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb. | |
148 | * | |
149 | * Revision 1.22 2000/09/08 19:12:56 rgb | |
150 | * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
151 | * | |
152 | * Revision 1.21 2000/09/01 18:32:43 rgb | |
153 | * Added (disabled) sensitivity members to tdb struct. | |
154 | * | |
155 | * Revision 1.20 2000/08/30 05:31:01 rgb | |
156 | * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
157 | * Kill remainder of tdb_xform, tdb_xdata, xformsw. | |
158 | * | |
159 | * Revision 1.19 2000/08/01 14:51:52 rgb | |
160 | * Removed _all_ remaining traces of DES. | |
161 | * | |
162 | * Revision 1.18 2000/01/21 06:17:45 rgb | |
163 | * Tidied up spacing. | |
164 | * | |
165 | * Revision 1.17 1999/11/17 15:53:40 rgb | |
166 | * Changed all occurrences of #include "../../../lib/freeswan.h" | |
167 | * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
168 | * klips/net/ipsec/Makefile. | |
169 | * | |
170 | * Revision 1.16 1999/10/16 04:23:07 rgb | |
171 | * Add stats for replaywin_errs, replaywin_max_sequence_difference, | |
172 | * authentication errors, encryption size errors, encryption padding | |
173 | * errors, and time since last packet. | |
174 | * | |
175 | * Revision 1.15 1999/10/16 00:29:11 rgb | |
176 | * Added SA lifetime packet counting variables. | |
177 | * | |
178 | * Revision 1.14 1999/10/01 00:04:14 rgb | |
179 | * Added tdb structure locking. | |
180 | * Add function to initialize tdb hash table. | |
181 | * | |
182 | * Revision 1.13 1999/04/29 15:20:57 rgb | |
183 | * dd return values to init and cleanup functions. | |
184 | * Eliminate unnessessary usage of tdb_xform member to further switch | |
185 | * away from the transform switch to the algorithm switch. | |
186 | * Change gettdb parameter to a pointer to reduce stack loading and | |
187 | * facilitate parameter sanity checking. | |
188 | * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
189 | * | |
190 | * Revision 1.12 1999/04/15 15:37:25 rgb | |
191 | * Forward check changes from POST1_00 branch. | |
192 | * | |
193 | * Revision 1.9.2.2 1999/04/13 20:35:57 rgb | |
194 | * Fix spelling mistake in comment. | |
195 | * | |
196 | * Revision 1.9.2.1 1999/03/30 17:13:52 rgb | |
197 | * Extend struct tdb to support pfkey. | |
198 | * | |
199 | * Revision 1.11 1999/04/11 00:29:01 henry | |
200 | * GPL boilerplate | |
201 | * | |
202 | * Revision 1.10 1999/04/06 04:54:28 rgb | |
203 | * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
204 | * patch shell fixes. | |
205 | * | |
206 | * Revision 1.9 1999/01/26 02:09:31 rgb | |
207 | * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
208 | * Removed dead code. | |
209 | * | |
210 | * Revision 1.8 1999/01/22 06:29:35 rgb | |
211 | * Added algorithm switch code. | |
212 | * Cruft clean-out. | |
213 | * | |
214 | * Revision 1.7 1998/11/10 05:37:35 rgb | |
215 | * Add support for SA direction flag. | |
216 | * | |
217 | * Revision 1.6 1998/10/19 14:44:29 rgb | |
218 | * Added inclusion of freeswan.h. | |
219 | * sa_id structure implemented and used: now includes protocol. | |
220 | * | |
221 | * Revision 1.5 1998/08/12 00:12:30 rgb | |
222 | * Added macros for new xforms. Added prototypes for new xforms. | |
223 | * | |
224 | * Revision 1.4 1998/07/28 00:04:20 rgb | |
225 | * Add macro for clearing the SA table. | |
226 | * | |
227 | * Revision 1.3 1998/07/14 18:06:46 rgb | |
228 | * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
229 | * | |
230 | * Revision 1.2 1998/06/23 03:02:19 rgb | |
231 | * Created a prototype for ipsec_tdbcleanup when it was moved from | |
232 | * ipsec_init.c. | |
233 | * | |
234 | * Revision 1.1 1998/06/18 21:27:51 henry | |
235 | * move sources from klips/src to klips/net/ipsec, to keep stupid | |
236 | * kernel-build scripts happier in the presence of symlinks | |
237 | * | |
238 | * Revision 1.4 1998/06/11 05:55:31 rgb | |
239 | * Added transform version string pointer to xformsw structure definition. | |
240 | * Added extern declarations for transform version strings. | |
241 | * | |
242 | * Revision 1.3 1998/05/18 22:02:54 rgb | |
243 | * Modify the *_zeroize function prototypes to include one parameter. | |
244 | * | |
245 | * Revision 1.2 1998/04/21 21:29:08 rgb | |
246 | * Rearrange debug switches to change on the fly debug output from user | |
247 | * space. Only kernel changes checked in at this time. radij.c was also | |
248 | * changed to temporarily remove buggy debugging code in rj_delete causing | |
249 | * an OOPS and hence, netlink device open errors. | |
250 | * | |
251 | * Revision 1.1 1998/04/09 03:06:14 henry | |
252 | * sources moved up from linux/net/ipsec | |
253 | * | |
254 | * Revision 1.1.1.1 1998/04/08 05:35:06 henry | |
255 | * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
256 | * | |
257 | * Revision 0.5 1997/06/03 04:24:48 ji | |
258 | * Added ESP-3DES-MD5-96 | |
259 | * | |
260 | * Revision 0.4 1997/01/15 01:28:15 ji | |
261 | * Added new transforms. | |
262 | * | |
263 | * Revision 0.3 1996/11/20 14:39:04 ji | |
264 | * Minor cleanups. | |
265 | * Rationalized debugging code. | |
266 | * | |
267 | * Revision 0.2 1996/11/02 00:18:33 ji | |
268 | * First limited release. | |
269 | * | |
270 | * Local variables: | |
271 | * c-file-style: "linux" | |
272 | * End: | |
273 | * | |
274 | */ |