ipsec_esp_message.h

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/******************************************************************************/
/* Copyright 2000-2004 Wind River Systems, Inc.                               */
/******************************************************************************/
/*
modification history
--------------------
03i,08nov05,rlm  Removed references to rw_packet routines and
                 RW_PACKET_HANDLE.
03h,12aug05,rlm  Mods for single-pass encryption/HMAC with hardware
                 acceleration.
03g,30nov04,jfb  Beautified again
03f,29nov04,jfb  Beautified
03e,18jun04,rlm  Updated parameters names for prototype of
                 ipsec_esp_message_encrypt_and_serialize_trailer().
03d,16jun04,rlm  Cipher reorg: updated prototypes for
                 ipsec_esp_message_decrypt_and_deserialize_trailer(),
                 ipsec_esp_message_encrypt_and_serialize_trailer() and
                 ipsec_decrypt_esp_message().
03c,31mar03,rparkhil    added padding alignment constant for NULL encryption
03b,15apr03,sam(teamf1) Changes for PMTU support(SPR #86677).
03a,14nov02,rks(teamf1) changes for CCI intergration
02b,27mar02,rpt   changed ESP function declarations to integrate with enhanced 
                  crypto interface "crypto_if.h"
02a,19mar02,rpt   Changed func declarations to use IP_VI_MESSAGE instead of 
                  IP_MESSAGE. 
01a,19mar02,rpt   Extracted from WindNet IPSec 1.1, added modification history
*/
/******************************************************************************/
#if !defined (__IPSEC_ESP_MESSAGE_H__)
#define __IPSEC_ESP_MESSAGE_H__

/* #include "ipsec_if.h" */

/* Constants required for building ESP packets */
/* These sizes are all defined in RFC2406 */
#define ESP_ALIGNMENT_BOUNDARY               4 /* rparkhil - 2003-03-25 - added for NULL padding */
#define LENGTH_OF_SPI_FIELD                  4
#define LENGTH_OF_SEQ_FIELD                  4
#define LENGTH_OF_SPI_AND_SEQ_FIELDS                       \
        (LENGTH_OF_SPI_FIELD + LENGTH_OF_SEQ_FIELD)
#define LENGTH_OF_PADLEN_FIELD               1             /* byte */
#define LENGTH_OF_NEXTHDR_FIELD              1             /* byte */
#define LENGTH_OF_PADLEN_AND_NEXTHDR_FIELDS                \
        (LENGTH_OF_PADLEN_FIELD + LENGTH_OF_NEXTHDR_FIELD) /* rlm - 2004-06-21 - cipher reorg */
#define MAXIMUM_ESP_PAD_LENGTH               255           /* rlm - 2004-06-21 - cipher reorg */
/******************************************************************************/
typedef struct IPSEC_ESP_MESSAGE
    {
    UINT spi;
    UINT esp_sequence_number;
    IP_TRANSPORT_PROTOCOL next_header;

    /* The following variables are private variable */
    IPSEC_AUTH_ALGORITHM_ID authentication_type;
    IPSEC_ESP_TRANSFORM_ID crypto_algorithm;
    } IPSEC_ESP_MESSAGE;

/******************************************************************************/
IPSEC_ESP_MESSAGE *ipsec_esp_message_create
    (
    void
    );

void ipsec_esp_message_construct
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message
    );

void ipsec_esp_message_destruct
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message
    );

void ipsec_esp_message_delete
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message
    );

/*
 * As well as decrypting the packet, this function does away with the IV
 * (in case it is present), padding, pad length and next header fields.
 *
 * Hence the Payload of ESP packet actually points to the Transport data.
 * The length is also reduced to reflect the absence of the IV 
 * (in case it is present), padding, pad length and next header fields.
 */
BOOL ipsec_esp_message_decrypt_and_deserialize_trailer
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket,
    CIPHER            * localCipher,
    SA_SPEC_RET_TYPES * failReason
    );

/*
 * This function deserializes the ESP header, the payload does not contain the 
 * IV if present in  the actual packet
 * The IV is removed in the ipsec_esp_message_decrypt_and_deserialize_trailer()
 * function
 */
BOOL ipsec_esp_message_deserialize_header
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket
    );

/*
 * This function serializes the ESP header, it does not fill in the IV if 
 * required. The IV will be filled in in the encrypt function.
 */
UINT ipsec_esp_message_serialize_header
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket
    );

/*
 * This function fills in the IV (in case it is present), padding, pad length 
 * and next header fields.
 * The length is also adjusted to reflect the presence of these fields.
 */
BOOL ipsec_esp_message_encrypt_and_serialize_trailer
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket,
    CIPHER *localCipher
    );

UINT ipsec_esp_message_peek_at_security_parameters_index
    (
    IP_VI_MESSAGE *p_ip_message
    );

void ipsec_esp_message_get_spi_and_sequence_number
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message,
    IP_VI_MESSAGE *p_ip_message
    );

void ipsec_esp_message_set_authentication_algorithm
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message,
    IPSEC_AUTH_ALGORITHM_ID authentication_type
    );

void ipsec_esp_message_set_crypto_algorithm
    (
    IPSEC_ESP_MESSAGE *sptr_ipsec_esp_message,
    IPSEC_ESP_TRANSFORM_ID crypto_algorithm
    );

BOOL ipsec_esp_message_verify
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket,
    CCIContext auth_context
    );

BOOL ipsec_esp_message_sign
    (
    IPSEC_ESP_MESSAGE * sptr_ipsec_esp_message,
    PACKETBUF         * pPacket,
    CCIContext auth_context
    );

BOOL ipsec_decrypt_esp_message
    (
    SA_BUNDLE *sptr_ib_sa_bundle,
    UCHAR *bptr_packet,
    UINT packet_length,
    UCHAR ** bptr_decrypted_data,
    USHORT *decrypted_packet_length,
    UINT *pad_length,
    UCHAR *next_header
    );
#endif /* __IPSEC_ESP_MESSAGE_H__*/
/******************************************************************************/