X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_types.api;fp=src%2Fvnet%2Fipsec%2Fipsec_types.api;h=3015613b3c95a6ae31db6b434089896b320afa51;hb=dbf68c9aa258238260df34c0e864223ea4f3a987;hp=0000000000000000000000000000000000000000;hpb=abde62fb83ebd0e0e1204fc77affe909fc95ba51;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api new file mode 100644 index 00000000000..3015613b3c9 --- /dev/null +++ b/src/vnet/ipsec/ipsec_types.api @@ -0,0 +1,132 @@ +/* Hey Emacs use -*- mode: C -*- */ +/* + * Copyright (c) 2015-2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option version = "3.0.0"; + +import "vnet/ip/ip_types.api"; + +/* + * @brief Support cryptographic algorithms + */ +enum ipsec_crypto_alg +{ + IPSEC_API_CRYPTO_ALG_NONE = 0, + IPSEC_API_CRYPTO_ALG_AES_CBC_128, + IPSEC_API_CRYPTO_ALG_AES_CBC_192, + IPSEC_API_CRYPTO_ALG_AES_CBC_256, + IPSEC_API_CRYPTO_ALG_AES_CTR_128, + IPSEC_API_CRYPTO_ALG_AES_CTR_192, + IPSEC_API_CRYPTO_ALG_AES_CTR_256, + IPSEC_API_CRYPTO_ALG_AES_GCM_128, + IPSEC_API_CRYPTO_ALG_AES_GCM_192, + IPSEC_API_CRYPTO_ALG_AES_GCM_256, + IPSEC_API_CRYPTO_ALG_DES_CBC, + IPSEC_API_CRYPTO_ALG_3DES_CBC, +}; + +/* + * @brief Supported Integrity Algorithms + */ +enum ipsec_integ_alg +{ + IPSEC_API_INTEG_ALG_NONE = 0, + /* RFC2403 */ + IPSEC_API_INTEG_ALG_MD5_96, + /* RFC2404 */ + IPSEC_API_INTEG_ALG_SHA1_96, + /* draft-ietf-ipsec-ciph-sha-256-00 */ + IPSEC_API_INTEG_ALG_SHA_256_96, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_256_128, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_384_192, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_512_256, +}; + +enum ipsec_sad_flags +{ + IPSEC_API_SAD_FLAG_NONE = 0, + /* Enable extended sequence numbers */ + IPSEC_API_SAD_FLAG_USE_ESN = 0x01, + /* Enable Anti-replay */ + IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02, + /* IPsec tunnel mode if non-zero, else transport mode */ + IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04, + /* IPsec tunnel mode is IPv6 if non-zero, + * else IPv4 tunnel only valid if is_tunnel is non-zero */ + IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, + /* enable UDP encapsulation for NAT traversal */ + IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10, +}; + +enum ipsec_proto +{ + IPSEC_API_PROTO_ESP, + IPSEC_API_PROTO_AH, +}; + +typedef key +{ + /* the length of the key */ + u8 length; + /* The data for the key */ + u8 data[128]; +}; + +/** \brief IPsec: Security Association Database entry + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - add SAD entry if non-zero, else delete + @param sad_id - sad id + @param spi - security parameter index + @param protocol - 0 = AH, 1 = ESP + @param crypto_algorithm - a supported crypto algorithm + @param crypto_key - crypto keying material + @param integrity_algorithm - one of the supported algorithms + @param integrity_key - integrity keying material + @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero + @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero + @param tx_table_id - the FIB id used for encapsulated packets + @param salt - for use with counter mode ciphers + */ +typedef ipsec_sad_entry +{ + u32 sad_id; + + u32 spi; + + vl_api_ipsec_proto_t protocol; + + vl_api_ipsec_crypto_alg_t crypto_algorithm; + vl_api_key_t crypto_key; + + vl_api_ipsec_integ_alg_t integrity_algorithm; + vl_api_key_t integrity_key; + + vl_api_ipsec_sad_flags_t flags; + + vl_api_address_t tunnel_src; + vl_api_address_t tunnel_dst; + u32 tx_table_id; + u32 salt; +}; + +/* + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */