2 * Definitions relevant to IPSEC transformations
3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * RCSID $Id: ipsec_xform.h,v 1.35 2001/11/26 09:23:51 rgb Exp $
19 #ifndef _IPSEC_XFORM_H_
23 #define XF_NONE 0 /* No transform set */
24 #define XF_IP4 1 /* IPv4 inside IPv4 */
25 #define XF_AHMD5 2 /* AH MD5 */
26 #define XF_AHSHA 3 /* AH SHA */
27 #define XF_ESPDES 4 /* ESP DES-CBC */
28 #define XF_ESP3DES 5 /* ESP DES3-CBC */
29 #define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */
30 #define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */
31 #define XF_ESPDESMD5 8 /* DES, HMAC-MD-5, 128-bits of authentication */
32 #define XF_ESPDESMD596 9 /* DES, HMAC-MD-5, 96-bits of authentication */
33 #define XF_ESP3DESMD5 10 /* triple DES, HMAC-MD-5, 128-bits of authentication */
34 #define XF_ESP3DESMD596 11 /* triple DES, HMAC-MD-5, 96-bits of authentication */
35 #define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */
36 #define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */
37 #define XF_ESPDESSHA196 14 /* DES, HMAC-SHA-1, 96-bits of authentication */
38 #define XF_ESP3DESSHA196 15 /* triple DES, HMAC-SHA-1, 96-bits of authentication */
39 #define XF_IP6 16 /* IPv6 inside IPv6 */
40 #define XF_COMPDEFLATE 17 /* IPCOMP deflate */
41 #define XF_COMPLZS 18 /* IPCOMP LZS */
43 #define XF_CLR 126 /* Clear SA table */
44 #define XF_DEL 127 /* Delete SA */
46 /* IPsec AH transform values
48 * draft-ietf-ipsec-doi-tc-mib-02.txt
54 /* draft-ietf-ipsec-ciph-aes-cbc-03.txt */
61 /* IPsec ESP transform values */
69 #define ESP_BLOWFISH 7
75 /* as draft-ietf-ipsec-ciph-aes-cbc-02.txt */
78 #define ESP_SERPENT 252
79 #define ESP_TWOFISH 253
81 /* IPCOMP transform values */
85 #define IPCOMP_DEFLAT 2
87 #define IPCOMP_V42BIS 4
89 #define XFT_AUTH 0x0001
90 #define XFT_CONF 0x0100
92 /* available if CONFIG_IPSEC_DEBUG is defined */
93 #define DB_XF_INIT 0x0001
95 #define PROTO2TXT(x) \
96 (x) == IPPROTO_AH ? "AH" : \
97 (x) == IPPROTO_ESP ? "ESP" : \
98 (x) == IPPROTO_IPIP ? "IPIP" : \
99 (x) == IPPROTO_COMP ? "COMP" : \
101 static inline const char *enc_name_id (unsigned id) {
103 snprintf(buf, sizeof(buf), "_ID%d", id);
106 static inline const char *auth_name_id (unsigned id) {
108 snprintf(buf, sizeof(buf), "_ID%d", id);
111 #define IPS_XFORM_NAME(x) \
112 PROTO2TXT((x)->ips_said.proto), \
113 (x)->ips_said.proto == IPPROTO_COMP ? \
114 ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? "_DEFLATE" : \
115 (x)->ips_encalg == SADB_X_CALG_LZS ? "_LZS" : \
117 (x)->ips_encalg == ESP_NONE ? "" : \
118 (x)->ips_encalg == ESP_DES ? "_DES" : \
119 (x)->ips_encalg == ESP_3DES ? "_3DES" : \
120 (x)->ips_encalg == ESP_RC5 ? "_RC5" : \
121 (x)->ips_encalg == ESP_IDEA ? "_IDEA" : \
122 (x)->ips_encalg == ESP_CAST ? "_CAST" : \
123 (x)->ips_encalg == ESP_BLOWFISH ? "_BLOWFISH" : \
124 (x)->ips_encalg == ESP_3IDEA ? "_3IDEA" : \
125 (x)->ips_encalg == ESP_RC4 ? "_RC4" : \
126 (x)->ips_encalg == ESP_NULL ? "_NULL" : \
127 (x)->ips_encalg == ESP_AES ? "_AES" : \
128 (x)->ips_encalg == ESP_MARS ? "_MARS" : \
129 (x)->ips_encalg == ESP_RC6 ? "_RC6" : \
130 (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \
131 (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \
132 enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \
133 (x)->ips_authalg == AH_NONE ? "" : \
134 (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \
135 (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \
136 (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \
137 (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \
138 (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \
139 (x)->ips_authalg == AH_RIPEMD ? "_HMAC_RIPEMD" : \
140 auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \
143 #define _IPSEC_XFORM_H_
144 #endif /* _IPSEC_XFORM_H_ */
147 * $Log: ipsec_xform.h,v $
148 * Revision 1.35 2001/11/26 09:23:51 rgb
149 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
151 * Revision 1.33.2.1 2001/09/25 02:24:58 mcr
152 * struct tdb -> struct ipsec_sa.
153 * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
154 * ipsec_xform.c removed. header file still contains useful things.
156 * Revision 1.34 2001/11/06 19:47:17 rgb
157 * Changed lifetime_packets to uint32 from uint64.
159 * Revision 1.33 2001/09/08 21:13:34 rgb
160 * Added pfkey ident extension support for ISAKMPd. (NetCelo)
162 * Revision 1.32 2001/07/06 07:40:01 rgb
163 * Reformatted for readability.
164 * Added inbound policy checking fields for use with IPIP SAs.
166 * Revision 1.31 2001/06/14 19:35:11 rgb
167 * Update copyright date.
169 * Revision 1.30 2001/05/30 08:14:03 rgb
170 * Removed vestiges of esp-null transforms.
172 * Revision 1.29 2001/01/30 23:42:47 rgb
173 * Allow pfkey msgs from pid other than user context required for ACQUIRE
174 * and subsequent ADD or UDATE.
176 * Revision 1.28 2000/11/06 04:30:40 rgb
177 * Add Svenning's adaptive content compression.
179 * Revision 1.27 2000/09/19 00:38:25 rgb
180 * Fixed algorithm name bugs introduced for ipcomp.
182 * Revision 1.26 2000/09/17 21:36:48 rgb
183 * Added proto2txt macro.
185 * Revision 1.25 2000/09/17 18:56:47 rgb
186 * Added IPCOMP support.
188 * Revision 1.24 2000/09/12 19:34:12 rgb
189 * Defined XF_IP6 from Gerhard for ipv6 tunnel support.
191 * Revision 1.23 2000/09/12 03:23:14 rgb
192 * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
194 * Revision 1.22 2000/09/08 19:12:56 rgb
195 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
197 * Revision 1.21 2000/09/01 18:32:43 rgb
198 * Added (disabled) sensitivity members to tdb struct.
200 * Revision 1.20 2000/08/30 05:31:01 rgb
201 * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
202 * Kill remainder of tdb_xform, tdb_xdata, xformsw.
204 * Revision 1.19 2000/08/01 14:51:52 rgb
205 * Removed _all_ remaining traces of DES.
207 * Revision 1.18 2000/01/21 06:17:45 rgb
210 * Revision 1.17 1999/11/17 15:53:40 rgb
211 * Changed all occurrences of #include "../../../lib/freeswan.h"
212 * to #include <freeswan.h> which works due to -Ilibfreeswan in the
213 * klips/net/ipsec/Makefile.
215 * Revision 1.16 1999/10/16 04:23:07 rgb
216 * Add stats for replaywin_errs, replaywin_max_sequence_difference,
217 * authentication errors, encryption size errors, encryption padding
218 * errors, and time since last packet.
220 * Revision 1.15 1999/10/16 00:29:11 rgb
221 * Added SA lifetime packet counting variables.
223 * Revision 1.14 1999/10/01 00:04:14 rgb
224 * Added tdb structure locking.
225 * Add function to initialize tdb hash table.
227 * Revision 1.13 1999/04/29 15:20:57 rgb
228 * dd return values to init and cleanup functions.
229 * Eliminate unnessessary usage of tdb_xform member to further switch
230 * away from the transform switch to the algorithm switch.
231 * Change gettdb parameter to a pointer to reduce stack loading and
232 * facilitate parameter sanity checking.
233 * Add a parameter to tdbcleanup to be able to delete a class of SAs.
235 * Revision 1.12 1999/04/15 15:37:25 rgb
236 * Forward check changes from POST1_00 branch.
238 * Revision 1.9.2.2 1999/04/13 20:35:57 rgb
239 * Fix spelling mistake in comment.
241 * Revision 1.9.2.1 1999/03/30 17:13:52 rgb
242 * Extend struct tdb to support pfkey.
244 * Revision 1.11 1999/04/11 00:29:01 henry
247 * Revision 1.10 1999/04/06 04:54:28 rgb
248 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
251 * Revision 1.9 1999/01/26 02:09:31 rgb
252 * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
255 * Revision 1.8 1999/01/22 06:29:35 rgb
256 * Added algorithm switch code.
259 * Revision 1.7 1998/11/10 05:37:35 rgb
260 * Add support for SA direction flag.
262 * Revision 1.6 1998/10/19 14:44:29 rgb
263 * Added inclusion of freeswan.h.
264 * sa_id structure implemented and used: now includes protocol.
266 * Revision 1.5 1998/08/12 00:12:30 rgb
267 * Added macros for new xforms. Added prototypes for new xforms.
269 * Revision 1.4 1998/07/28 00:04:20 rgb
270 * Add macro for clearing the SA table.
272 * Revision 1.3 1998/07/14 18:06:46 rgb
273 * Added #ifdef __KERNEL__ directives to restrict scope of header.
275 * Revision 1.2 1998/06/23 03:02:19 rgb
276 * Created a prototype for ipsec_tdbcleanup when it was moved from
279 * Revision 1.1 1998/06/18 21:27:51 henry
280 * move sources from klips/src to klips/net/ipsec, to keep stupid
281 * kernel-build scripts happier in the presence of symlinks
283 * Revision 1.4 1998/06/11 05:55:31 rgb
284 * Added transform version string pointer to xformsw structure definition.
285 * Added extern declarations for transform version strings.
287 * Revision 1.3 1998/05/18 22:02:54 rgb
288 * Modify the *_zeroize function prototypes to include one parameter.
290 * Revision 1.2 1998/04/21 21:29:08 rgb
291 * Rearrange debug switches to change on the fly debug output from user
292 * space. Only kernel changes checked in at this time. radij.c was also
293 * changed to temporarily remove buggy debugging code in rj_delete causing
294 * an OOPS and hence, netlink device open errors.
296 * Revision 1.1 1998/04/09 03:06:14 henry
297 * sources moved up from linux/net/ipsec
299 * Revision 1.1.1.1 1998/04/08 05:35:06 henry
300 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
302 * Revision 0.5 1997/06/03 04:24:48 ji
303 * Added ESP-3DES-MD5-96
305 * Revision 0.4 1997/01/15 01:28:15 ji
306 * Added new transforms.
308 * Revision 0.3 1996/11/20 14:39:04 ji
310 * Rationalized debugging code.
312 * Revision 0.2 1996/11/02 00:18:33 ji
313 * First limited release.
316 * c-file-style: "linux"