summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/ipsec.h
diff options
context:
space:
mode:
authorOthmar Gsenger <otti@anytun.org>2008-05-25 09:50:42 +0000
committerOthmar Gsenger <otti@anytun.org>2008-05-25 09:50:42 +0000
commit71da41451212389bea25d67bc5da696b6d194bff (patch)
treea3b20decbd8bc9e47640af5fa4b39f731477955a /keyexchange/isakmpd-20041012/ipsec.h
parentimproved presentation again (diff)
moved keyexchange to http://anytun.org/svn/keyexchange
Diffstat (limited to 'keyexchange/isakmpd-20041012/ipsec.h')
-rw-r--r--keyexchange/isakmpd-20041012/ipsec.h173
1 files changed, 0 insertions, 173 deletions
diff --git a/keyexchange/isakmpd-20041012/ipsec.h b/keyexchange/isakmpd-20041012/ipsec.h
deleted file mode 100644
index 1b3c996..0000000
--- a/keyexchange/isakmpd-20041012/ipsec.h
+++ /dev/null
@@ -1,173 +0,0 @@
-/* $OpenBSD: ipsec.h,v 1.24 2004/05/23 18:17:56 hshoexer Exp $ */
-/* $EOM: ipsec.h,v 1.42 2000/12/03 07:58:20 angelos Exp $ */
-
-/*
- * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
- * Copyright (c) 1999 Angelos D. Keromytis. All rights reserved.
- * Copyright (c) 2001 Håkan Olsson. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _IPSEC_H_
-#define _IPSEC_H_
-
-#include <sys/queue.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-
-#include "ipsec_doi.h"
-#ifdef USE_ISAKMP_CFG
-#include "isakmp_cfg.h"
-#endif
-
-struct group;
-struct hash;
-struct ike_auth;
-struct message;
-struct proto;
-struct sa;
-
-/*
- * IPsec-specific data to be linked into the exchange struct.
- * XXX Should probably be several different structs, one for each kind
- * of exchange, i.e. phase 1, phase 2 and ISAKMP configuration parameters
- * separated.
- */
-struct ipsec_exch {
- u_int flags;
- struct hash *hash;
- struct ike_auth *ike_auth;
- struct group *group;
- u_int16_t prf_type;
-
- /* 0 if no KEY_EXCH was proposed, 1 otherwise */
- u_int8_t pfs;
-
- /*
- * A copy of the initiator SA payload body for later computation of
- * hashes. Phase 1 only.
- */
- size_t sa_i_b_len;
- u_int8_t *sa_i_b;
-
- /* Diffie-Hellman values. */
- size_t g_x_len;
- u_int8_t *g_xi;
- u_int8_t *g_xr;
- u_int8_t *g_xy;
-
- /* SKEYIDs. XXX Phase 1 only? */
- size_t skeyid_len;
- u_int8_t *skeyid;
- u_int8_t *skeyid_d;
- u_int8_t *skeyid_a;
- u_int8_t *skeyid_e;
-
- /* HASH_I & HASH_R. XXX Do these need to be saved here? */
- u_int8_t *hash_i;
- u_int8_t *hash_r;
-
- /* KEYMAT */
- size_t keymat_len;
-
- /* Phase 2. */
- u_int8_t *id_ci;
- size_t id_ci_sz;
- u_int8_t *id_cr;
- size_t id_cr_sz;
-
-#ifdef USE_ISAKMP_CFG
- /* ISAKMP configuration mode parameters */
- u_int16_t cfg_id;
- u_int16_t cfg_type;
- LIST_HEAD(isakmp_cfg_attr_head, isakmp_cfg_attr) attrs;
-#endif
-};
-
-#define IPSEC_EXCH_FLAG_NO_ID 1
-
-struct ipsec_sa {
- /* Phase 1. */
- u_int8_t hash;
- size_t skeyid_len;
- u_int8_t *skeyid_d;
- u_int8_t *skeyid_a;
- u_int16_t prf_type;
-
- /* Phase 2. */
- u_int16_t group_desc;
-
- /* Tunnel parameters. These are in network byte order. */
- struct sockaddr *src_net;
- struct sockaddr *src_mask;
- struct sockaddr *dst_net;
- struct sockaddr *dst_mask;
- u_int8_t tproto;
- u_int16_t sport;
- u_int16_t dport;
-};
-
-struct ipsec_proto {
- /* Phase 2. */
- u_int16_t encap_mode;
- u_int16_t auth;
- u_int16_t keylen;
- u_int16_t keyrounds;
-
- /* This is not negotiated, but rather configured. */
- int32_t replay_window;
-
- /* KEYMAT */
- u_int8_t *keymat[2];
-};
-
-extern u_int8_t *ipsec_add_hash_payload(struct message *, size_t);
-extern int ipsec_ah_keylength(struct proto *);
-extern u_int8_t *ipsec_build_id(char *, size_t *);
-extern int ipsec_decode_attribute(u_int16_t, u_int8_t *, u_int16_t, void *);
-extern void ipsec_decode_transform(struct message *, struct sa *,
- struct proto *, u_int8_t *);
-extern int ipsec_esp_authkeylength(struct proto *);
-extern int ipsec_esp_enckeylength(struct proto *);
-extern int ipsec_fill_in_hash(struct message *);
-extern int ipsec_gen_g_x(struct message *);
-extern int ipsec_get_id(char *, int *, struct sockaddr **,
- struct sockaddr **, u_int8_t *, u_int16_t *);
-extern ssize_t ipsec_id_size(char *, u_int8_t *);
-extern char *ipsec_id_string(u_int8_t *, size_t);
-extern void ipsec_init(void);
-extern int ipsec_initial_contact(struct message *);
-extern int ipsec_is_attribute_incompatible(u_int16_t, u_int8_t *,
- u_int16_t, void *);
-extern int ipsec_keymat_length(struct proto *);
-extern int ipsec_save_g_x(struct message *);
-extern struct sa *ipsec_sa_lookup(struct sockaddr *, u_int32_t, u_int8_t);
-
-extern char *ipsec_decode_ids(char *, u_int8_t *, size_t, u_int8_t *,
- size_t, int);
-extern int ipsec_clone_id(u_int8_t **, size_t *, u_int8_t *, size_t);
-
-#endif /* _IPSEC_H_ */