Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 999c8ee6d6f1c07ba7877fb3f9aa66a90774aacc / . / src / vnet / ipsec / ipsec_sa.h
blob: 43d699be928233efe6e34964e56c1d582c2c751a [file] [log] [blame]
Neale Ranns999c8ee2019-02-01 03:31:24 -0800[diff] [blame^]1/*
2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef __IPSEC_SPD_SA_H__
16#define __IPSEC_SPD_SA_H__
17
18#include <vlib/vlib.h>
19#include <vnet/ip/ip.h>
20
21#define foreach_ipsec_crypto_alg \
22 _ (0, NONE, "none") \
23 _ (1, AES_CBC_128, "aes-cbc-128") \
24 _ (2, AES_CBC_192, "aes-cbc-192") \
25 _ (3, AES_CBC_256, "aes-cbc-256") \
26 _ (4, AES_CTR_128, "aes-ctr-128") \
27 _ (5, AES_CTR_192, "aes-ctr-192") \
28 _ (6, AES_CTR_256, "aes-ctr-256") \
29 _ (7, AES_GCM_128, "aes-gcm-128") \
30 _ (8, AES_GCM_192, "aes-gcm-192") \
31 _ (9, AES_GCM_256, "aes-gcm-256") \
32 _ (10, DES_CBC, "des-cbc") \
33 _ (11, 3DES_CBC, "3des-cbc")
34
35typedef enum
36{
37#define _(v, f, s) IPSEC_CRYPTO_ALG_##f = v,
38 foreach_ipsec_crypto_alg
39#undef _
40 IPSEC_CRYPTO_N_ALG,
41} ipsec_crypto_alg_t;
42
43#define foreach_ipsec_integ_alg \
44 _ (0, NONE, "none") \
45 _ (1, MD5_96, "md5-96") /* RFC2403 */ \
46 _ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
47 _ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
48 _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
49 _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
50 _ (6, SHA_512_256, "sha-512-256") /* RFC4868 */
51
52typedef enum
53{
54#define _(v, f, s) IPSEC_INTEG_ALG_##f = v,
55 foreach_ipsec_integ_alg
56#undef _
57 IPSEC_INTEG_N_ALG,
58} ipsec_integ_alg_t;
59
60typedef enum
61{
62 IPSEC_PROTOCOL_AH = 0,
63 IPSEC_PROTOCOL_ESP = 1
64} ipsec_protocol_t;
65
66typedef struct
67{
68 u32 id;
69 u32 spi;
70 ipsec_protocol_t protocol;
71
72 ipsec_crypto_alg_t crypto_alg;
73 u8 crypto_key_len;
74 u8 crypto_key[128];
75
76 ipsec_integ_alg_t integ_alg;
77 u8 integ_key_len;
78 u8 integ_key[128];
79
80 u8 use_esn;
81 u8 use_anti_replay;
82
83 u8 is_tunnel;
84 u8 is_tunnel_ip6;
85 u8 udp_encap;
86 ip46_address_t tunnel_src_addr;
87 ip46_address_t tunnel_dst_addr;
88
89 u32 tx_fib_index;
90 u32 salt;
91
92 /* runtime */
93 u32 seq;
94 u32 seq_hi;
95 u32 last_seq;
96 u32 last_seq_hi;
97 u64 replay_window;
98
99 /* lifetime data */
100 u64 total_data_size;
101} ipsec_sa_t;
102
103extern int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa,
104 int is_add);
105extern u8 ipsec_is_sa_used (u32 sa_index);
106extern int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update);
107extern u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
108
109extern u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
110extern u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
111extern uword unformat_ipsec_crypto_alg (unformat_input_t * input,
112 va_list * args);
113extern uword unformat_ipsec_integ_alg (unformat_input_t * input,
114 va_list * args);
115
116#endif /* __IPSEC_SPD_SA_H__ */
117
118/*
119 * fd.io coding-style-patch-verification: ON
120 *
121 * Local Variables:
122 * eval: (c-set-style "gnu")
123 * End:
124 */