1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
/*
* Definitions relevant to IPSEC transformations
* Copyright (C) 1996, 1997 John Ioannidis.
* Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: ipsec_xform.h,v 1.3 2004/09/29 22:26:13 as Exp $
*/
#ifndef _IPSEC_XFORM_H_
#include <freeswan.h>
#include "ipsec_policy.h"
#define XF_NONE 0 /* No transform set */
#define XF_IP4 1 /* IPv4 inside IPv4 */
#define XF_AHMD5 2 /* AH MD5 */
#define XF_AHSHA 3 /* AH SHA */
#define XF_ESP3DES 5 /* ESP DES3-CBC */
#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */
#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */
#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */
#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */
#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */
#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */
#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */
#define XF_IP6 15 /* IPv6 inside IPv6 */
#define XF_COMPDEFLATE 16 /* IPCOMP deflate */
#define XF_CLR 126 /* Clear SA table */
#define XF_DEL 127 /* Delete SA */
#define XFT_AUTH 0x0001
#define XFT_CONF 0x0100
/* available if CONFIG_IPSEC_DEBUG is defined */
#define DB_XF_INIT 0x0001
#define PROTO2TXT(x) \
(x) == IPPROTO_AH ? "AH" : \
(x) == IPPROTO_ESP ? "ESP" : \
(x) == IPPROTO_IPIP ? "IPIP" : \
(x) == IPPROTO_COMP ? "COMP" : \
"UNKNOWN_proto"
static inline const char *enc_name_id (unsigned id) {
static char buf[16];
snprintf(buf, sizeof(buf), "_ID%d", id);
return buf;
}
static inline const char *auth_name_id (unsigned id) {
static char buf[16];
snprintf(buf, sizeof(buf), "_ID%d", id);
return buf;
}
#define IPS_XFORM_NAME(x) \
PROTO2TXT((x)->ips_said.proto), \
(x)->ips_said.proto == IPPROTO_COMP ? \
((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \
"_DEFLATE" : "_UNKNOWN_comp") : \
(x)->ips_encalg == ESP_NONE ? "" : \
(x)->ips_encalg == ESP_3DES ? "_3DES" : \
(x)->ips_encalg == ESP_AES ? "_AES" : \
(x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \
(x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \
enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \
(x)->ips_authalg == AH_NONE ? "" : \
(x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \
(x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \
(x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \
(x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \
(x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \
auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \
#define _IPSEC_XFORM_H_
#endif /* _IPSEC_XFORM_H_ */
/*
* $Log: ipsec_xform.h,v $
* Revision 1.3 2004/09/29 22:26:13 as
* included ipsec_policy.h
*
* Revision 1.2 2004/03/22 21:53:18 as
* merged alg-0.8.1 branch with HEAD
*
* Revision 1.1.4.1 2004/03/16 09:48:18 as
* alg-0.8.1rc12 patch merged
*
* Revision 1.1 2004/03/15 20:35:25 as
* added files from freeswan-2.04-x509-1.5.3
*
* Revision 1.36 2002/04/24 07:36:48 mcr
* Moved from ./klips/net/ipsec/ipsec_xform.h,v
*
* Revision 1.35 2001/11/26 09:23:51 rgb
* Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
*
* Revision 1.33.2.1 2001/09/25 02:24:58 mcr
* struct tdb -> struct ipsec_sa.
* sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
* ipsec_xform.c removed. header file still contains useful things.
*
* Revision 1.34 2001/11/06 19:47:17 rgb
* Changed lifetime_packets to uint32 from uint64.
*
* Revision 1.33 2001/09/08 21:13:34 rgb
* Added pfkey ident extension support for ISAKMPd. (NetCelo)
*
* Revision 1.32 2001/07/06 07:40:01 rgb
* Reformatted for readability.
* Added inbound policy checking fields for use with IPIP SAs.
*
* Revision 1.31 2001/06/14 19:35:11 rgb
* Update copyright date.
*
* Revision 1.30 2001/05/30 08:14:03 rgb
* Removed vestiges of esp-null transforms.
*
* Revision 1.29 2001/01/30 23:42:47 rgb
* Allow pfkey msgs from pid other than user context required for ACQUIRE
* and subsequent ADD or UDATE.
*
* Revision 1.28 2000/11/06 04:30:40 rgb
* Add Svenning's adaptive content compression.
*
* Revision 1.27 2000/09/19 00:38:25 rgb
* Fixed algorithm name bugs introduced for ipcomp.
*
* Revision 1.26 2000/09/17 21:36:48 rgb
* Added proto2txt macro.
*
* Revision 1.25 2000/09/17 18:56:47 rgb
* Added IPCOMP support.
*
* Revision 1.24 2000/09/12 19:34:12 rgb
* Defined XF_IP6 from Gerhard for ipv6 tunnel support.
*
* Revision 1.23 2000/09/12 03:23:14 rgb
* Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
*
* Revision 1.22 2000/09/08 19:12:56 rgb
* Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
*
* Revision 1.21 2000/09/01 18:32:43 rgb
* Added (disabled) sensitivity members to tdb struct.
*
* Revision 1.20 2000/08/30 05:31:01 rgb
* Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
* Kill remainder of tdb_xform, tdb_xdata, xformsw.
*
* Revision 1.19 2000/08/01 14:51:52 rgb
* Removed _all_ remaining traces of DES.
*
* Revision 1.18 2000/01/21 06:17:45 rgb
* Tidied up spacing.
*
* Revision 1.17 1999/11/17 15:53:40 rgb
* Changed all occurrences of #include "../../../lib/freeswan.h"
* to #include <freeswan.h> which works due to -Ilibfreeswan in the
* klips/net/ipsec/Makefile.
*
* Revision 1.16 1999/10/16 04:23:07 rgb
* Add stats for replaywin_errs, replaywin_max_sequence_difference,
* authentication errors, encryption size errors, encryption padding
* errors, and time since last packet.
*
* Revision 1.15 1999/10/16 00:29:11 rgb
* Added SA lifetime packet counting variables.
*
* Revision 1.14 1999/10/01 00:04:14 rgb
* Added tdb structure locking.
* Add function to initialize tdb hash table.
*
* Revision 1.13 1999/04/29 15:20:57 rgb
* dd return values to init and cleanup functions.
* Eliminate unnessessary usage of tdb_xform member to further switch
* away from the transform switch to the algorithm switch.
* Change gettdb parameter to a pointer to reduce stack loading and
* facilitate parameter sanity checking.
* Add a parameter to tdbcleanup to be able to delete a class of SAs.
*
* Revision 1.12 1999/04/15 15:37:25 rgb
* Forward check changes from POST1_00 branch.
*
* Revision 1.9.2.2 1999/04/13 20:35:57 rgb
* Fix spelling mistake in comment.
*
* Revision 1.9.2.1 1999/03/30 17:13:52 rgb
* Extend struct tdb to support pfkey.
*
* Revision 1.11 1999/04/11 00:29:01 henry
* GPL boilerplate
*
* Revision 1.10 1999/04/06 04:54:28 rgb
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
* patch shell fixes.
*
* Revision 1.9 1999/01/26 02:09:31 rgb
* Removed CONFIG_IPSEC_ALGO_SWITCH macro.
* Removed dead code.
*
* Revision 1.8 1999/01/22 06:29:35 rgb
* Added algorithm switch code.
* Cruft clean-out.
*
* Revision 1.7 1998/11/10 05:37:35 rgb
* Add support for SA direction flag.
*
* Revision 1.6 1998/10/19 14:44:29 rgb
* Added inclusion of freeswan.h.
* sa_id structure implemented and used: now includes protocol.
*
* Revision 1.5 1998/08/12 00:12:30 rgb
* Added macros for new xforms. Added prototypes for new xforms.
*
* Revision 1.4 1998/07/28 00:04:20 rgb
* Add macro for clearing the SA table.
*
* Revision 1.3 1998/07/14 18:06:46 rgb
* Added #ifdef __KERNEL__ directives to restrict scope of header.
*
* Revision 1.2 1998/06/23 03:02:19 rgb
* Created a prototype for ipsec_tdbcleanup when it was moved from
* ipsec_init.c.
*
* Revision 1.1 1998/06/18 21:27:51 henry
* move sources from klips/src to klips/net/ipsec, to keep stupid
* kernel-build scripts happier in the presence of symlinks
*
* Revision 1.4 1998/06/11 05:55:31 rgb
* Added transform version string pointer to xformsw structure definition.
* Added extern declarations for transform version strings.
*
* Revision 1.3 1998/05/18 22:02:54 rgb
* Modify the *_zeroize function prototypes to include one parameter.
*
* Revision 1.2 1998/04/21 21:29:08 rgb
* Rearrange debug switches to change on the fly debug output from user
* space. Only kernel changes checked in at this time. radij.c was also
* changed to temporarily remove buggy debugging code in rj_delete causing
* an OOPS and hence, netlink device open errors.
*
* Revision 1.1 1998/04/09 03:06:14 henry
* sources moved up from linux/net/ipsec
*
* Revision 1.1.1.1 1998/04/08 05:35:06 henry
* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
*
* Revision 0.5 1997/06/03 04:24:48 ji
* Added ESP-3DES-MD5-96
*
* Revision 0.4 1997/01/15 01:28:15 ji
* Added new transforms.
*
* Revision 0.3 1996/11/20 14:39:04 ji
* Minor cleanups.
* Rationalized debugging code.
*
* Revision 0.2 1996/11/02 00:18:33 ji
* First limited release.
*
* Local variables:
* c-file-style: "linux"
* End:
*
*/
|
