1 /*----------------------------------------------------------------------
2 * key.h : Declarations and Definitions for Key Engine for BSD.
4 * Copyright 1995 by Bao Phan, Randall Atkinson, & Dan McDonald,
5 * All Rights Reserved. All rights have been assigned to the US
6 * Naval Research Laboratory (NRL). The NRL Copyright Notice and
7 * License Agreement governs distribution and use of this software.
9 * Patents are pending on this technology. NRL grants a license
10 * to use this technology at no cost under the terms below with
11 * the additional requirement that software, hardware, and
12 * documentation relating to use of this technology must include
14 * This product includes technology developed at and
15 * licensed from the Information Technology Division,
16 * US Naval Research Laboratory.
18 ----------------------------------------------------------------------*/
19 /*----------------------------------------------------------------------
20 # @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
24 All of the documentation and software included in this software
25 distribution from the US Naval Research Laboratory (NRL) are
26 copyrighted by their respective developers.
28 This software and documentation were developed at NRL by various
29 people. Those developers have each copyrighted the portions that they
30 developed at NRL and have assigned All Rights for those portions to
31 NRL. Outside the USA, NRL also has copyright on the software
32 developed at NRL. The affected files all contain specific copyright
33 notices and those notices must be retained in any derived work.
37 NRL grants permission for redistribution and use in source and binary
38 forms, with or without modification, of the software and documentation
39 created at NRL provided that the following conditions are met:
41 1. Redistributions of source code must retain the above copyright
42 notice, this list of conditions and the following disclaimer.
43 2. Redistributions in binary form must reproduce the above copyright
44 notice, this list of conditions and the following disclaimer in the
45 documentation and/or other materials provided with the distribution.
46 3. All advertising materials mentioning features or use of this software
47 must display the following acknowledgement:
49 This product includes software developed at the Information
50 Technology Division, US Naval Research Laboratory.
52 4. Neither the name of the NRL nor the names of its contributors
53 may be used to endorse or promote products derived from this software
54 without specific prior written permission.
56 THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
57 IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
58 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
59 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
60 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
61 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
62 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
63 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
64 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
65 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
66 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
68 The views and conclusions contained in the software and documentation
69 are those of the authors and should not be interpreted as representing
70 official policies, either expressed or implied, of the US Naval
71 Research Laboratory (NRL).
73 ----------------------------------------------------------------------*/
76 #define _netkey_key_h 1
88 #define KEY_REGISTER 7
94 #define POLICY_VERSION 1
96 #define SECURITY_TYPE_NONE 0
99 #define KEY_TYPE_ESP 2
100 #define KEY_TYPE_RSVP 3
101 #define KEY_TYPE_OSPF 4
102 #define KEY_TYPE_RIPV2 5
103 #define KEY_TYPE_MIPV4 6
104 #define KEY_TYPE_MIPV6 7
105 #define KEY_TYPE_MAX 7
108 * Security association state
111 #define K_USED 0x1 /* Key used/not used */
112 #define K_UNIQUE 0x2 /* Key unique/reusable */
113 #define K_LARVAL 0x4 /* SPI assigned, but sa incomplete */
114 #define K_ZOMBIE 0x8 /* sa expired but still useable */
115 #define K_DEAD 0x10 /* sa marked for deletion, ready for reaping */
116 #define K_INBOUND 0x20 /* sa for inbound packets, ie. dst=myhost */
117 #define K_OUTBOUND 0x40 /* sa for outbound packets, ie. src=myhost */
120 #ifndef MAX_SOCKADDR_SZ
122 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in6))
124 #define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in))
126 #endif /* MAX_SOCKADDR_SZ */
129 #define MAX_KEY_SZ 16
130 #endif /* MAX_KEY_SZ */
134 #endif /* MAX_IV_SZ */
136 /* Security association data for IP Security */
137 struct key_secassoc {
138 u_int8_t len; /* Length of the data (for radix) */
139 u_int8_t type; /* Type of association */
140 u_int8_t vers; /* Version of association (AH/ESP) */
141 u_int8_t state; /* State of the association */
142 u_int8_t label; /* Sensitivity label (unused) */
143 u_int32_t spi; /* SPI */
144 u_int8_t keylen; /* Key length */
145 u_int8_t ekeylen; /* Extra key length */
146 u_int8_t ivlen; /* Initialization vector length */
147 u_int8_t algorithm; /* Algorithm switch index */
148 u_int8_t lifetype; /* Type of lifetime */
149 caddr_t iv; /* Initialization vector */
150 caddr_t key; /* Key */
151 caddr_t ekey; /* Extra key */
152 u_int32_t lifetime1; /* Lifetime value 1 */
153 u_int32_t lifetime2; /* Lifetime value 2 */
154 struct sockaddr *src; /* Source host address */
155 struct sockaddr *dst; /* Destination host address */
156 struct sockaddr *from; /* Originator of association */
158 int antireplay; /*anti replay flag*/
159 u_int32_t sequence; /*send: sequence number*/
160 u_int32_t replayright; /*receive: replay window, right*/
161 u_int64_t replaywindow; /*receive: replay window*/
165 * Structure for key message header. PF_KEY message consists of key_msghdr
166 * followed by src struct sockaddr, dest struct sockaddr, from struct
167 * sockaddr, key, and iv. Assumes size of key message header less than MHLEN.
171 u_short key_msglen; /* length of message including
172 * src/dst/from/key/iv */
173 u_char key_msgvers; /* key version number */
174 u_char key_msgtype; /* key message type, eg. KEY_ADD */
175 pid_t key_pid; /* process id of message sender */
176 int key_seq; /* message sequence number */
177 int key_errno; /* error code */
178 u_int8_t type; /* type of security association */
179 u_int8_t vers; /* version of sassoc (AH/ESP) */
180 u_int8_t state; /* state of security association */
181 u_int8_t label; /* sensitivity level */
182 u_int8_t pad; /* padding for allignment */
183 u_int32_t spi; /* spi value */
184 u_int8_t keylen; /* key length */
185 u_int8_t ekeylen; /* extra key length */
186 u_int8_t ivlen; /* iv length */
187 u_int8_t algorithm; /* algorithm identifier */
188 u_int8_t lifetype; /* type of lifetime */
189 u_int32_t lifetime1; /* lifetime value 1 */
190 u_int32_t lifetime2; /* lifetime value 2 */
192 int antireplay; /* anti replay flag */
196 struct sockaddr *src; /* source host address */
197 struct sockaddr *dst; /* destination host address */
198 struct sockaddr *from; /* originator of security association */
199 caddr_t iv; /* initialization vector */
200 caddr_t key; /* key */
201 caddr_t ekey; /* extra key */
202 int ivlen; /* key length */
203 int keylen; /* iv length */
204 int ekeylen; /* extra key length */
207 struct policy_msghdr {
208 u_short policy_msglen; /* message length */
209 u_char policy_msgvers; /* message version */
210 u_char policy_msgtype; /* message type */
211 int policy_seq; /* message sequence number */
212 int policy_errno; /* error code */
216 * Key engine table structures
220 struct socket *socket; /* pointer to socket */
221 struct socketlist *next; /* next */
225 int alloc_count; /* number of sockets allocated to
227 int ref_count; /* number of sockets referencing
229 struct socketlist *solist; /* list of sockets allocated to
231 struct key_secassoc *secassoc; /* security association */
232 struct key_tblnode *next; /* next node */
235 struct key_allocnode {
236 struct key_tblnode *keynode;
237 struct key_allocnode *next;
240 struct key_so2spinode {
241 struct socket *socket; /* socket pointer */
242 struct key_tblnode *keynode; /* pointer to tblnode containing
244 /* info for socket */
245 struct key_so2spinode *next;
248 struct key_registry {
249 u_int8_t type; /* secassoc type that key mgnt. daemon can
251 struct socket *socket; /* key management daemon socket pointer */
252 struct key_registry *next;
255 struct key_acquirelist {
256 u_int8_t type; /* secassoc type to acquire */
257 struct sockaddr *target; /* destination address of secassoc */
258 u_int32_t count; /* number of acquire messages sent */
259 u_long expiretime; /* expiration time for acquire message */
260 struct key_acquirelist *next;
268 int any_count; /* Sum of above counters */
272 extern int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *,
273 struct key_msgdata *));
274 extern int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *,
275 struct key_msgdata *));
276 extern int key_inittables __P((void));
277 extern void key_sodelete __P((struct socket *, int));
278 extern int key_add __P((struct key_secassoc *));
279 extern int key_delete __P((struct key_secassoc *));
280 extern int key_get __P((u_int, struct sockaddr *, struct sockaddr *,
281 u_int32_t, struct key_secassoc **));
282 extern void key_flush __P((void));
283 extern int key_dump __P((struct socket *));
284 extern int key_getspi __P((u_int, u_int, struct sockaddr *, struct sockaddr *,
285 u_int32_t, u_int32_t, u_int32_t *));
286 extern int key_update __P((struct key_secassoc *));
287 extern int key_register __P((struct socket *, u_int));
288 extern void key_unregister __P((struct socket *, u_int, int));
289 extern int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *));
290 extern int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *,
291 u_int32_t, struct key_tblnode **));
292 extern int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *,
293 struct socket *, u_int, struct key_tblnode **));
294 extern void key_free __P((struct key_tblnode *));
295 extern int key_parse __P((struct key_msghdr ** km, struct socket * so,
299 #endif /* _netkey_key_h */