ipsec: Changes to make ipsec encoder/decoders reusable by the plugins

Type: fix

Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>
Change-Id: I81b937fc8cfec36f8fb5de711ffbb02f23f3664e
Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>

1 files changed, 132 insertions, 0 deletions

diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api
new file mode 100644
index 00000000000..3015613b3c9
--- /dev/null
+++ b/src/vnet/ipsec/ipsec_types.api
@@ -0,0 +1,132 @@
+/* Hey Emacs use -*- mode: C -*- */
+/*
+ * Copyright (c) 2015-2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+option version = "3.0.0";
+
+import "vnet/ip/ip_types.api";
+
+/*
+ * @brief Support cryptographic algorithms
+ */
+enum ipsec_crypto_alg
+{
+  IPSEC_API_CRYPTO_ALG_NONE = 0,
+  IPSEC_API_CRYPTO_ALG_AES_CBC_128,
+  IPSEC_API_CRYPTO_ALG_AES_CBC_192,
+  IPSEC_API_CRYPTO_ALG_AES_CBC_256,
+  IPSEC_API_CRYPTO_ALG_AES_CTR_128,
+  IPSEC_API_CRYPTO_ALG_AES_CTR_192,
+  IPSEC_API_CRYPTO_ALG_AES_CTR_256,
+  IPSEC_API_CRYPTO_ALG_AES_GCM_128,
+  IPSEC_API_CRYPTO_ALG_AES_GCM_192,
+  IPSEC_API_CRYPTO_ALG_AES_GCM_256,
+  IPSEC_API_CRYPTO_ALG_DES_CBC,
+  IPSEC_API_CRYPTO_ALG_3DES_CBC,
+};
+
+/*
+ * @brief Supported Integrity Algorithms
+ */
+enum ipsec_integ_alg
+{
+  IPSEC_API_INTEG_ALG_NONE = 0,
+  /* RFC2403 */
+  IPSEC_API_INTEG_ALG_MD5_96,
+  /* RFC2404 */
+  IPSEC_API_INTEG_ALG_SHA1_96,
+  /* draft-ietf-ipsec-ciph-sha-256-00 */
+  IPSEC_API_INTEG_ALG_SHA_256_96,
+  /* RFC4868 */
+  IPSEC_API_INTEG_ALG_SHA_256_128,
+  /* RFC4868 */
+  IPSEC_API_INTEG_ALG_SHA_384_192,
+  /* RFC4868 */
+  IPSEC_API_INTEG_ALG_SHA_512_256,
+};
+
+enum ipsec_sad_flags
+{
+  IPSEC_API_SAD_FLAG_NONE = 0,
+  /* Enable extended sequence numbers */
+  IPSEC_API_SAD_FLAG_USE_ESN = 0x01,
+  /* Enable Anti-replay */
+  IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02,
+  /* IPsec tunnel mode if non-zero, else transport mode */
+  IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04,
+  /* IPsec tunnel mode is IPv6 if non-zero,
+   *  else IPv4 tunnel only valid if is_tunnel is non-zero */
+  IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
+  /* enable UDP encapsulation for NAT traversal */
+  IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
+};
+
+enum ipsec_proto
+{
+  IPSEC_API_PROTO_ESP,
+  IPSEC_API_PROTO_AH,
+};
+
+typedef key
+{
+  /* the length of the key */
+  u8 length;
+  /* The data for the key */
+  u8 data[128];
+};
+
+/** \brief IPsec: Security Association Database entry
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param is_add - add SAD entry if non-zero, else delete
+    @param sad_id - sad id
+    @param spi - security parameter index
+    @param protocol - 0 = AH, 1 = ESP
+    @param crypto_algorithm - a supported crypto algorithm
+    @param crypto_key - crypto keying material
+    @param integrity_algorithm - one of the supported algorithms
+    @param integrity_key - integrity keying material
+    @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
+    @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
+    @param tx_table_id - the FIB id used for encapsulated packets
+    @param salt - for use with counter mode ciphers
+ */
+typedef ipsec_sad_entry
+{
+  u32 sad_id;
+
+  u32 spi;
+
+  vl_api_ipsec_proto_t protocol;
+
+  vl_api_ipsec_crypto_alg_t crypto_algorithm;
+  vl_api_key_t crypto_key;
+
+  vl_api_ipsec_integ_alg_t integrity_algorithm;
+  vl_api_key_t integrity_key;
+
+  vl_api_ipsec_sad_flags_t flags;
+
+  vl_api_address_t tunnel_src;
+  vl_api_address_t tunnel_dst;
+  u32 tx_table_id;
+  u32 salt;
+};
+
+/*
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */