|
1 // Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // pfkeyv2.h - IPSEC KEY protocol family |
|
15 // Definitions for the API and its' messages to access the SADB |
|
16 // (Security Association Data Base, previously Key Engine). |
|
17 // See: RFC-2367 (PF_KEY Key Management API, Version 2 |
|
18 // Note: This file follows the C syntax described in the above |
|
19 // reference instead of C++. This should make it easier to keep this |
|
20 // aligned with the evolving IETF specification. |
|
21 // RFC-2367 PF_KEY v2 specification |
|
22 // |
|
23 |
|
24 /* |
|
25 @publishedPartner |
|
26 @released |
|
27 */ |
|
28 |
|
29 #ifndef __PFKEYV2_H__ |
|
30 #define __PFKEYV2_H__ |
|
31 |
|
32 // |
|
33 // Temporary placeholder definitions for the posix uint types |
|
34 // (these don't belong into this file!!!) |
|
35 #include <e32std.h> |
|
36 typedef TUint8 uint8_t; |
|
37 typedef TUint16 uint16_t; |
|
38 typedef TUint32 uint32_t; |
|
39 typedef TInt64 uint64_t; // Incorrect, but gets allocation right! |
|
40 |
|
41 |
|
42 /* |
|
43 This file defines structures and symbols for the PF_KEY Version 2 |
|
44 key management interface. It was written at the U.S. Naval Research |
|
45 Laboratory. This file is in the public domain. The authors ask that |
|
46 you leave this credit intact on any copies of this file. |
|
47 */ |
|
48 #define PF_KEY_V2 2 |
|
49 #define PFKEYV2_REVISION 199806L |
|
50 /* |
|
51 ** Message Types |
|
52 */ |
|
53 #define SADB_RESERVED 0 |
|
54 #define SADB_GETSPI 1 |
|
55 #define SADB_UPDATE 2 |
|
56 #define SADB_ADD 3 |
|
57 #define SADB_DELETE 4 |
|
58 #define SADB_GET 5 |
|
59 #define SADB_ACQUIRE 6 |
|
60 #define SADB_REGISTER 7 |
|
61 #define SADB_EXPIRE 8 |
|
62 #define SADB_FLUSH 9 |
|
63 #define SADB_DUMP 10 /* Only for debugging purposes */ |
|
64 |
|
65 #define SADB_MAX 10 |
|
66 |
|
67 |
|
68 /* |
|
69 ** Security association (SA) flags |
|
70 */ |
|
71 #define SADB_SAFLAGS_PFS 1 /* Perfect forward secrecy */ |
|
72 #define SADB_SAFLAGS_TUNNEL 2 /* SA is used Tunnel mode (NRC IPSEC Addition for IKE) */ |
|
73 #define SADB_SAFLAGS_NAT_T 4 /* Nokia VPN NAT Traversal (Private extension) */ |
|
74 #define SADB_SAFLAGS_INT_ADDR 8 /* Nokia VPN Internal address (Private extension) */ |
|
75 #define SABD_SAFLAGS_ESN 16 /* Exteneded Sequence Numbers Enabled */ |
|
76 /* |
|
77 ** Security association states |
|
78 */ |
|
79 #define SADB_SASTATE_LARVAL 0 /* Unfinished SA initialized by GETSPI */ |
|
80 #define SADB_SASTATE_MATURE 1 /* SA ready for use */ |
|
81 #define SADB_SASTATE_DYING 2 /* Soft lifetime expired */ |
|
82 #define SADB_SASTATE_DEAD 3 /* Hard lifetime expired */ |
|
83 |
|
84 #define SADB_SASTATE_MAX 3 |
|
85 |
|
86 |
|
87 /* |
|
88 ** Security association types |
|
89 */ |
|
90 #define SADB_SATYPE_UNSPEC 0 /* */ |
|
91 #define SADB_SATYPE_AH 2 /* RFC-1826 */ |
|
92 #define SADB_SATYPE_ESP 3 /* RFC-1827 */ |
|
93 |
|
94 /* |
|
95 ** Security association types for security protocols implemented in user space |
|
96 */ |
|
97 #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ |
|
98 #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ |
|
99 #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ |
|
100 #define SADB_SATYPE_MIP 8 /* Mobile IP Auth. */ |
|
101 |
|
102 #define SADB_SATYPE_MAX 8 |
|
103 |
|
104 |
|
105 /* |
|
106 ** Algorithm Types (in the context of the SA type) |
|
107 */ |
|
108 #define SADB_AALG_NONE 0 /* No authentication */ |
|
109 #define SADB_AALG_MD5HMAC 2 |
|
110 #define SADB_AALG_SHA1HMAC 3 |
|
111 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
112 #define SADB_AALG_AES_XCBC_MAC 9 |
|
113 #define SADB_AALG_MAX 5 |
|
114 #else //SYMBIAN_IPSEC_VOIP_SUPPORT |
|
115 #define SADB_AALG_MAX 3 |
|
116 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
|
117 |
|
118 #define SADB_EALG_NONE 0 /* No encryption */ |
|
119 #define SADB_EALG_DESCBC 2 /* DES in CBC-mode for encryption */ |
|
120 #define SADB_EALG_3DESCBC 3 /* DES-EDE3-CBC */ |
|
121 #define SADB_EALG_NULL 11 |
|
122 #define SADB_EALG_AESCBC 12 |
|
123 |
|
124 #ifdef SYMBIAN_CRYPTOSPI |
|
125 #define SADB_EALG_AESCTR 13 |
|
126 #endif //SYMBIAN_CRYPTOSPI |
|
127 |
|
128 #define SADB_EALG_MAX 13 |
|
129 |
|
130 /* |
|
131 ** Extension header values |
|
132 */ |
|
133 #define SADB_EXT_RESERVED 0 |
|
134 #define SADB_EXT_SA 1 |
|
135 #define SADB_EXT_LIFETIME_CURRENT 2 |
|
136 #define SADB_EXT_LIFETIME_HARD 3 |
|
137 #define SADB_EXT_LIFETIME_SOFT 4 |
|
138 #define SADB_EXT_ADDRESS_SRC 5 |
|
139 #define SADB_EXT_ADDRESS_DST 6 |
|
140 #define SADB_EXT_ADDRESS_PROXY 7 |
|
141 #define SADB_EXT_KEY_AUTH 8 |
|
142 #define SADB_EXT_KEY_ENCRYPT 9 |
|
143 #define SADB_EXT_IDENTITY_SRC 10 |
|
144 #define SADB_EXT_IDENTITY_DST 11 |
|
145 #define SADB_EXT_SENSITIVITY 12 |
|
146 #define SADB_EXT_PROPOSAL 13 |
|
147 #define SADB_EXT_SUPPORTED_AUTH 14 |
|
148 #define SADB_EXT_SUPPORTED_ENCRYPT 15 |
|
149 #define SADB_EXT_SPIRANGE 16 |
|
150 |
|
151 #define SADB_EXT_MAX 16 |
|
152 |
|
153 |
|
154 /* |
|
155 ** Identity extension values |
|
156 */ |
|
157 #define SADB_IDENTTYPE_RESERVED 0 |
|
158 #define SADB_IDENTTYPE_PREFIX 1 |
|
159 #define SADB_IDENTTYPE_FQDN 2 |
|
160 #define SADB_IDENTTYPE_USERFQDN 3 |
|
161 |
|
162 #define SADB_IDENTTYPE_MAX 3 |
|
163 |
|
164 /* |
|
165 ** Base Message Header Format |
|
166 */ |
|
167 struct sadb_msg |
|
168 { |
|
169 uint8_t sadb_msg_version; /* PF_KEY_V2 */ |
|
170 uint8_t sadb_msg_type; /* Message type: see SADB_xxx defines */ |
|
171 uint8_t sadb_msg_errno; /* Error return value */ |
|
172 uint8_t sadb_msg_satype; /* Association type: see SADB_SATYPE_xxx */ |
|
173 uint16_t sadb_msg_len; /* Total msg length in 64-bit words */ |
|
174 /* ..an earlier revision used 32-bit words! */ |
|
175 uint16_t sadb_msg_reserved; /* Padding = 0 */ |
|
176 uint32_t sadb_msg_seq; /* Sequence number assigned by original sender */ |
|
177 uint32_t sadb_msg_pid; /* Id of the user-process */ |
|
178 }; |
|
179 /* sizeof(struct sadb_msg) == 16 */ |
|
180 |
|
181 /* |
|
182 * Base header is followed by additional message fields (extensions), all of which start with |
|
183 * a length-type pair. This is a generic struct used to decode the actual length and type of |
|
184 * an extension, i.e. all extensions begin with these exactly same fields. |
|
185 */ |
|
186 |
|
187 /* |
|
188 ** Additional Message Fields |
|
189 */ |
|
190 struct sadb_ext |
|
191 { |
|
192 uint16_t sadb_ext_len; /* In 64-bit words, inclusive */ |
|
193 uint16_t sadb_ext_type; /* see SA_EXT_xxx */ |
|
194 }; |
|
195 /* sizeof(struct sadb_ext) == 4 */ |
|
196 |
|
197 /* |
|
198 ** Association Extension |
|
199 */ |
|
200 struct sadb_sa |
|
201 { |
|
202 uint16_t sadb_sa_len; |
|
203 uint16_t sadb_sa_exttype; /* == SA_EXT_ASSOCIATION */ |
|
204 uint32_t sadb_sa_spi; /* Security parameter index */ |
|
205 uint8_t sadb_sa_replay; /* Size of anti-replay window */ |
|
206 uint8_t sadb_sa_state; /* see SADB_SASTATE_xxx */ |
|
207 uint8_t sadb_sa_auth; /* Authentication algorithm */ |
|
208 uint8_t sadb_sa_encrypt; /* Encryption algorithm */ |
|
209 uint32_t sadb_sa_flags; /* */ |
|
210 }; |
|
211 /* sizeof(struct sadb_sa) == 16 */ |
|
212 |
|
213 /* |
|
214 ** Lifetime Extension |
|
215 */ |
|
216 struct sadb_lifetime |
|
217 { |
|
218 uint16_t sadb_lifetime_len; |
|
219 uint16_t sadb_lifetime_exttype; /* == SA_EXT_LIFETIME_CURRENT, _HARD, _SOFT */ |
|
220 uint32_t sadb_lifetime_allocations; |
|
221 uint64_t sadb_lifetime_bytes; |
|
222 uint64_t sadb_lifetime_addtime; |
|
223 uint64_t sadb_lifetime_usetime; |
|
224 }; |
|
225 /* sizeof(struct sadb_lifetime) == 32 */ |
|
226 |
|
227 /* |
|
228 ** Address Extension |
|
229 */ |
|
230 struct sadb_address |
|
231 { |
|
232 uint16_t sadb_address_len; |
|
233 uint16_t sadb_address_exttype; /* == SA_EXT_ADDRESS_SRC, _DST, _PROXY */ |
|
234 uint8_t sadb_address_proto; |
|
235 uint8_t sadb_address_prefixlen; |
|
236 uint16_t sadb_address_reserved; |
|
237 }; |
|
238 /* sizeof(struct sadb_address) == 16 */ |
|
239 |
|
240 /* Followed by some form of struct sockaddr */ |
|
241 |
|
242 /* |
|
243 ** Key Extension |
|
244 */ |
|
245 struct sadb_key |
|
246 { |
|
247 uint16_t sadb_key_len; |
|
248 uint16_t sadb_key_exttype; /* SA_EXT_KEY_AUTH, _ENCRYPT */ |
|
249 uint16_t sadb_key_bits; /* The lenght of valid key data, in bits */ |
|
250 uint16_t sadb_key_reserved; |
|
251 }; |
|
252 /* sizeof(struct sadb_key) == 8 */ |
|
253 |
|
254 /* Followed by the key data */ |
|
255 |
|
256 /* |
|
257 ** Identity Extension |
|
258 */ |
|
259 struct sadb_ident |
|
260 { |
|
261 uint16_t sadb_ident_len; |
|
262 uint16_t sadb_ident_exttype; /* SA_EXT_IDENTITY_SRC, _DST */ |
|
263 uint16_t sadb_ident_type; /* Type of the following identify information */ |
|
264 uint16_t sadb_ident_reserved; /* Padding */ |
|
265 uint64_t sadb_ident_id; |
|
266 }; |
|
267 /* sizeof(struct sadb_ident) == 16 */ |
|
268 |
|
269 /* Followed by the identify string (C), if present */ |
|
270 |
|
271 |
|
272 /* |
|
273 ** Sensitivity extension |
|
274 */ |
|
275 struct sadb_sens |
|
276 { |
|
277 uint16_t sadb_sens_len; |
|
278 uint16_t sadb_sens_exttype; /* SA_EXT_SENSITIVITY */ |
|
279 uint32_t sadb_sens_dpd; /* Data protection domain: NONE, DOD_GENSER, |
|
280 DOD_SCI, DOE, NATO or private */ |
|
281 uint8_t sadb_sens_sens_level; |
|
282 uint8_t sadb_sens_sens_len; /* Sensitivity bitmap length in 64-bit words */ |
|
283 uint8_t sadb_sens_integ_level; |
|
284 uint8_t sadb_sens_integ_len;/* Integrty bitmap length in 64-bit words */ |
|
285 uint32_t sadb_sens_reserved; |
|
286 }; |
|
287 /* sizeof(struct sadb_sens) == 16 */ |
|
288 |
|
289 /* Followed by |
|
290 uint64_t sadb_sens_sens_bitmap[sens_len]; |
|
291 uint64_t sadb_sens_integ_bitmap[integ_len]; |
|
292 */ |
|
293 /* |
|
294 ** Proposal Extension |
|
295 */ |
|
296 struct sadb_prop |
|
297 { |
|
298 uint16_t sadb_prop_len; |
|
299 uint16_t sadb_prop_exttype; /* SA_EXT_PROPOSAL */ |
|
300 uint8_t sadb_prop_replay; /* Anti-replay window size */ |
|
301 uint8_t sadb_prop_reserved[3]; /* Padding */ |
|
302 }; |
|
303 /* sizeof(struct sadb_prop) == 8 */ |
|
304 |
|
305 /* Followed by |
|
306 struct sadb_comb sadb_combs |
|
307 [(sadb_prop_len * sizeof(uint64_t) - sizeof(struct sadb_prop)) |
|
308 / sizeof(sadb_comb)]; |
|
309 */ |
|
310 |
|
311 /* |
|
312 ** Proposal combination |
|
313 */ |
|
314 struct sadb_comb |
|
315 { |
|
316 uint8_t sadb_comb_auth; /* Authentication algorithm */ |
|
317 uint8_t sadb_comb_encrypt; /* Encryption algorithm */ |
|
318 uint16_t sadb_comb_flags; /* Bitmask: USED, UNIQUE, INBOUND, OUTBOUND, |
|
319 FORWARD, PFS, REPLAY */ |
|
320 uint16_t sadb_comb_auth_minbits; |
|
321 uint16_t sadb_comb_auth_maxbits; |
|
322 uint16_t sadb_comb_encrypt_minbits; |
|
323 uint16_t sadb_comb_encrypt_maxbits; |
|
324 uint32_t sadb_comb_reserved; |
|
325 uint32_t sadb_comb_soft_allocations; |
|
326 uint32_t sadb_comb_hard_allocations; |
|
327 uint64_t sadb_comb_soft_bytes; |
|
328 uint64_t sadb_comb_hard_bytes; |
|
329 uint64_t sadb_comb_soft_addtime; |
|
330 uint64_t sadb_comb_hard_addtime; |
|
331 uint64_t sadb_comb_soft_usetime; |
|
332 uint64_t sadb_comb_hard_usetime; |
|
333 }; |
|
334 /* sizeof(struct sadb_comb) = 72 */ |
|
335 |
|
336 /* |
|
337 ** Supported Algorithms Extension |
|
338 */ |
|
339 struct sadb_supported |
|
340 { |
|
341 uint16_t sadb_supported_len; |
|
342 uint16_t sadb_supported_exttype;/* SA_EXT_SUPPORTED */ |
|
343 uint32_t sadb_supported_reserved; /* Padding */ |
|
344 }; |
|
345 /* sizeof(struct sadb_supported) == 8 */ |
|
346 |
|
347 /* Followed by |
|
348 struct sadb_alg sadb_algs[(sadb_supported_len * sizeof(uint64_t) - |
|
349 sizeof(struct sadb_supported)) / sizeof(struct sadb_alg)]; |
|
350 */ |
|
351 |
|
352 /* |
|
353 * Supported algorithm descriptor |
|
354 */ |
|
355 struct sadb_alg |
|
356 { |
|
357 uint8_t sadb_alg_id; /* Algorithm type: MD5_HMAC, DES_CBC... */ |
|
358 uint8_t sadb_alg_ivlen; /* Initialization vector length in bits */ |
|
359 uint16_t sadb_alg_minbits; /* Min key len in bits */ |
|
360 uint16_t sadb_alg_maxbits; /* Max key len in bits */ |
|
361 uint16_t sadb_alg_reserved; /* Padding */ |
|
362 }; |
|
363 /* sizeof(struct sadb_alg) == 8 */ |
|
364 |
|
365 /* |
|
366 ** SPI Range Extension |
|
367 */ |
|
368 struct sadb_spirange |
|
369 { |
|
370 uint16_t sadb_spirange_len; |
|
371 uint16_t sadb_spirange_exttype; /* SA_EXT_SPI_RANGE */ |
|
372 uint32_t sadb_spirange_min; /* Minimum acceptable SPI value */ |
|
373 uint32_t sadb_spirange_max; /* Maximum acceptable SPI value */ |
|
374 uint32_t sadb_spirange_reserved;/* Padding */ |
|
375 }; |
|
376 /* sizeof(struct sadb_spirange) == 16 */ |
|
377 |
|
378 #endif |