diff -r 000000000000 -r af10295192d8 networksecurity/ipsec/ipsec6/include/pfkeyv2.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/networksecurity/ipsec/ipsec6/include/pfkeyv2.h Tue Jan 26 15:23:49 2010 +0200 @@ -0,0 +1,378 @@ +// Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// pfkeyv2.h - IPSEC KEY protocol family +// Definitions for the API and its' messages to access the SADB +// (Security Association Data Base, previously Key Engine). +// See: RFC-2367 (PF_KEY Key Management API, Version 2 +// Note: This file follows the C syntax described in the above +// reference instead of C++. This should make it easier to keep this +// aligned with the evolving IETF specification. +// RFC-2367 PF_KEY v2 specification +// + +/* +@publishedPartner +@released +*/ + +#ifndef __PFKEYV2_H__ +#define __PFKEYV2_H__ + +// +// Temporary placeholder definitions for the posix uint types +// (these don't belong into this file!!!) +#include +typedef TUint8 uint8_t; +typedef TUint16 uint16_t; +typedef TUint32 uint32_t; +typedef TInt64 uint64_t; // Incorrect, but gets allocation right! + + +/* +This file defines structures and symbols for the PF_KEY Version 2 +key management interface. It was written at the U.S. Naval Research +Laboratory. This file is in the public domain. The authors ask that +you leave this credit intact on any copies of this file. +*/ +#define PF_KEY_V2 2 +#define PFKEYV2_REVISION 199806L +/* +** Message Types +*/ +#define SADB_RESERVED 0 +#define SADB_GETSPI 1 +#define SADB_UPDATE 2 +#define SADB_ADD 3 +#define SADB_DELETE 4 +#define SADB_GET 5 +#define SADB_ACQUIRE 6 +#define SADB_REGISTER 7 +#define SADB_EXPIRE 8 +#define SADB_FLUSH 9 +#define SADB_DUMP 10 /* Only for debugging purposes */ + +#define SADB_MAX 10 + + +/* +** Security association (SA) flags +*/ +#define SADB_SAFLAGS_PFS 1 /* Perfect forward secrecy */ +#define SADB_SAFLAGS_TUNNEL 2 /* SA is used Tunnel mode (NRC IPSEC Addition for IKE) */ +#define SADB_SAFLAGS_NAT_T 4 /* Nokia VPN NAT Traversal (Private extension) */ +#define SADB_SAFLAGS_INT_ADDR 8 /* Nokia VPN Internal address (Private extension) */ +#define SABD_SAFLAGS_ESN 16 /* Exteneded Sequence Numbers Enabled */ +/* +** Security association states +*/ +#define SADB_SASTATE_LARVAL 0 /* Unfinished SA initialized by GETSPI */ +#define SADB_SASTATE_MATURE 1 /* SA ready for use */ +#define SADB_SASTATE_DYING 2 /* Soft lifetime expired */ +#define SADB_SASTATE_DEAD 3 /* Hard lifetime expired */ + +#define SADB_SASTATE_MAX 3 + + +/* +** Security association types +*/ +#define SADB_SATYPE_UNSPEC 0 /* */ +#define SADB_SATYPE_AH 2 /* RFC-1826 */ +#define SADB_SATYPE_ESP 3 /* RFC-1827 */ + +/* +** Security association types for security protocols implemented in user space +*/ +#define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ +#define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ +#define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ +#define SADB_SATYPE_MIP 8 /* Mobile IP Auth. */ + +#define SADB_SATYPE_MAX 8 + + +/* +** Algorithm Types (in the context of the SA type) +*/ +#define SADB_AALG_NONE 0 /* No authentication */ +#define SADB_AALG_MD5HMAC 2 +#define SADB_AALG_SHA1HMAC 3 +#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT +#define SADB_AALG_AES_XCBC_MAC 9 +#define SADB_AALG_MAX 5 +#else //SYMBIAN_IPSEC_VOIP_SUPPORT +#define SADB_AALG_MAX 3 +#endif //SYMBIAN_IPSEC_VOIP_SUPPORT + +#define SADB_EALG_NONE 0 /* No encryption */ +#define SADB_EALG_DESCBC 2 /* DES in CBC-mode for encryption */ +#define SADB_EALG_3DESCBC 3 /* DES-EDE3-CBC */ +#define SADB_EALG_NULL 11 +#define SADB_EALG_AESCBC 12 + +#ifdef SYMBIAN_CRYPTOSPI +#define SADB_EALG_AESCTR 13 +#endif //SYMBIAN_CRYPTOSPI + +#define SADB_EALG_MAX 13 + +/* +** Extension header values +*/ +#define SADB_EXT_RESERVED 0 +#define SADB_EXT_SA 1 +#define SADB_EXT_LIFETIME_CURRENT 2 +#define SADB_EXT_LIFETIME_HARD 3 +#define SADB_EXT_LIFETIME_SOFT 4 +#define SADB_EXT_ADDRESS_SRC 5 +#define SADB_EXT_ADDRESS_DST 6 +#define SADB_EXT_ADDRESS_PROXY 7 +#define SADB_EXT_KEY_AUTH 8 +#define SADB_EXT_KEY_ENCRYPT 9 +#define SADB_EXT_IDENTITY_SRC 10 +#define SADB_EXT_IDENTITY_DST 11 +#define SADB_EXT_SENSITIVITY 12 +#define SADB_EXT_PROPOSAL 13 +#define SADB_EXT_SUPPORTED_AUTH 14 +#define SADB_EXT_SUPPORTED_ENCRYPT 15 +#define SADB_EXT_SPIRANGE 16 + +#define SADB_EXT_MAX 16 + + +/* +** Identity extension values + */ +#define SADB_IDENTTYPE_RESERVED 0 +#define SADB_IDENTTYPE_PREFIX 1 +#define SADB_IDENTTYPE_FQDN 2 +#define SADB_IDENTTYPE_USERFQDN 3 + +#define SADB_IDENTTYPE_MAX 3 + +/* +** Base Message Header Format +*/ +struct sadb_msg + { + uint8_t sadb_msg_version; /* PF_KEY_V2 */ + uint8_t sadb_msg_type; /* Message type: see SADB_xxx defines */ + uint8_t sadb_msg_errno; /* Error return value */ + uint8_t sadb_msg_satype; /* Association type: see SADB_SATYPE_xxx */ + uint16_t sadb_msg_len; /* Total msg length in 64-bit words */ + /* ..an earlier revision used 32-bit words! */ + uint16_t sadb_msg_reserved; /* Padding = 0 */ + uint32_t sadb_msg_seq; /* Sequence number assigned by original sender */ + uint32_t sadb_msg_pid; /* Id of the user-process */ + }; + /* sizeof(struct sadb_msg) == 16 */ + +/* + * Base header is followed by additional message fields (extensions), all of which start with + * a length-type pair. This is a generic struct used to decode the actual length and type of + * an extension, i.e. all extensions begin with these exactly same fields. + */ + +/* +** Additional Message Fields +*/ +struct sadb_ext + { + uint16_t sadb_ext_len; /* In 64-bit words, inclusive */ + uint16_t sadb_ext_type; /* see SA_EXT_xxx */ + }; + /* sizeof(struct sadb_ext) == 4 */ + +/* +** Association Extension +*/ +struct sadb_sa + { + uint16_t sadb_sa_len; + uint16_t sadb_sa_exttype; /* == SA_EXT_ASSOCIATION */ + uint32_t sadb_sa_spi; /* Security parameter index */ + uint8_t sadb_sa_replay; /* Size of anti-replay window */ + uint8_t sadb_sa_state; /* see SADB_SASTATE_xxx */ + uint8_t sadb_sa_auth; /* Authentication algorithm */ + uint8_t sadb_sa_encrypt; /* Encryption algorithm */ + uint32_t sadb_sa_flags; /* */ +}; +/* sizeof(struct sadb_sa) == 16 */ + +/* +** Lifetime Extension +*/ +struct sadb_lifetime + { + uint16_t sadb_lifetime_len; + uint16_t sadb_lifetime_exttype; /* == SA_EXT_LIFETIME_CURRENT, _HARD, _SOFT */ + uint32_t sadb_lifetime_allocations; + uint64_t sadb_lifetime_bytes; + uint64_t sadb_lifetime_addtime; + uint64_t sadb_lifetime_usetime; +}; +/* sizeof(struct sadb_lifetime) == 32 */ + +/* +** Address Extension +*/ +struct sadb_address + { + uint16_t sadb_address_len; + uint16_t sadb_address_exttype; /* == SA_EXT_ADDRESS_SRC, _DST, _PROXY */ + uint8_t sadb_address_proto; + uint8_t sadb_address_prefixlen; + uint16_t sadb_address_reserved; + }; + /* sizeof(struct sadb_address) == 16 */ + + /* Followed by some form of struct sockaddr */ + +/* +** Key Extension +*/ +struct sadb_key + { + uint16_t sadb_key_len; + uint16_t sadb_key_exttype; /* SA_EXT_KEY_AUTH, _ENCRYPT */ + uint16_t sadb_key_bits; /* The lenght of valid key data, in bits */ + uint16_t sadb_key_reserved; + }; + /* sizeof(struct sadb_key) == 8 */ + + /* Followed by the key data */ + +/* +** Identity Extension +*/ +struct sadb_ident + { + uint16_t sadb_ident_len; + uint16_t sadb_ident_exttype; /* SA_EXT_IDENTITY_SRC, _DST */ + uint16_t sadb_ident_type; /* Type of the following identify information */ + uint16_t sadb_ident_reserved; /* Padding */ + uint64_t sadb_ident_id; + }; + /* sizeof(struct sadb_ident) == 16 */ + + /* Followed by the identify string (C), if present */ + + +/* +** Sensitivity extension +*/ +struct sadb_sens + { + uint16_t sadb_sens_len; + uint16_t sadb_sens_exttype; /* SA_EXT_SENSITIVITY */ + uint32_t sadb_sens_dpd; /* Data protection domain: NONE, DOD_GENSER, + DOD_SCI, DOE, NATO or private */ + uint8_t sadb_sens_sens_level; + uint8_t sadb_sens_sens_len; /* Sensitivity bitmap length in 64-bit words */ + uint8_t sadb_sens_integ_level; + uint8_t sadb_sens_integ_len;/* Integrty bitmap length in 64-bit words */ + uint32_t sadb_sens_reserved; + }; + /* sizeof(struct sadb_sens) == 16 */ + + /* Followed by + uint64_t sadb_sens_sens_bitmap[sens_len]; + uint64_t sadb_sens_integ_bitmap[integ_len]; + */ +/* +** Proposal Extension +*/ +struct sadb_prop + { + uint16_t sadb_prop_len; + uint16_t sadb_prop_exttype; /* SA_EXT_PROPOSAL */ + uint8_t sadb_prop_replay; /* Anti-replay window size */ + uint8_t sadb_prop_reserved[3]; /* Padding */ + }; + /* sizeof(struct sadb_prop) == 8 */ + + /* Followed by + struct sadb_comb sadb_combs + [(sadb_prop_len * sizeof(uint64_t) - sizeof(struct sadb_prop)) + / sizeof(sadb_comb)]; + */ + +/* +** Proposal combination +*/ +struct sadb_comb + { + uint8_t sadb_comb_auth; /* Authentication algorithm */ + uint8_t sadb_comb_encrypt; /* Encryption algorithm */ + uint16_t sadb_comb_flags; /* Bitmask: USED, UNIQUE, INBOUND, OUTBOUND, + FORWARD, PFS, REPLAY */ + uint16_t sadb_comb_auth_minbits; + uint16_t sadb_comb_auth_maxbits; + uint16_t sadb_comb_encrypt_minbits; + uint16_t sadb_comb_encrypt_maxbits; + uint32_t sadb_comb_reserved; + uint32_t sadb_comb_soft_allocations; + uint32_t sadb_comb_hard_allocations; + uint64_t sadb_comb_soft_bytes; + uint64_t sadb_comb_hard_bytes; + uint64_t sadb_comb_soft_addtime; + uint64_t sadb_comb_hard_addtime; + uint64_t sadb_comb_soft_usetime; + uint64_t sadb_comb_hard_usetime; + }; + /* sizeof(struct sadb_comb) = 72 */ + +/* +** Supported Algorithms Extension +*/ +struct sadb_supported + { + uint16_t sadb_supported_len; + uint16_t sadb_supported_exttype;/* SA_EXT_SUPPORTED */ + uint32_t sadb_supported_reserved; /* Padding */ + }; + /* sizeof(struct sadb_supported) == 8 */ + + /* Followed by + struct sadb_alg sadb_algs[(sadb_supported_len * sizeof(uint64_t) - + sizeof(struct sadb_supported)) / sizeof(struct sadb_alg)]; + */ + +/* + * Supported algorithm descriptor + */ +struct sadb_alg + { + uint8_t sadb_alg_id; /* Algorithm type: MD5_HMAC, DES_CBC... */ + uint8_t sadb_alg_ivlen; /* Initialization vector length in bits */ + uint16_t sadb_alg_minbits; /* Min key len in bits */ + uint16_t sadb_alg_maxbits; /* Max key len in bits */ + uint16_t sadb_alg_reserved; /* Padding */ + }; + /* sizeof(struct sadb_alg) == 8 */ + +/* +** SPI Range Extension +*/ +struct sadb_spirange + { + uint16_t sadb_spirange_len; + uint16_t sadb_spirange_exttype; /* SA_EXT_SPI_RANGE */ + uint32_t sadb_spirange_min; /* Minimum acceptable SPI value */ + uint32_t sadb_spirange_max; /* Maximum acceptable SPI value */ + uint32_t sadb_spirange_reserved;/* Padding */ + }; + /* sizeof(struct sadb_spirange) == 16 */ + +#endif