2
* Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
4
* This program is free software; you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by the
6
* Free Software Foundation; either version 2 of the License, or (at your
7
* option) any later version.
9
* This program is distributed in the hope that it will be useful, but
10
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14
* You should have received a copy of the GNU General Public License along
15
* with this program; if not, write to the Free software Foundation, Inc.,
16
* 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
23
#include <linux/types.h>
24
#include <linux/crypto.h>
28
#include "sys_kernel.h"
36
#ifndef CRYPTO_MAX_KEY_BYTES
37
#define CRYPTO_MAX_KEY_BYTES 64
38
#define CRYPTO_MAX_KEY_BITS (CRYPTO_MAX_KEY_BYTES * 8)
41
#ifndef CRYPTO_MAX_ALG_NAME
42
#define CRYPTO_MAX_ALG_NAME 64
45
typedef struct SALimits {
52
typedef struct SACounts {
55
u32 integrity_failures;
58
typedef struct SAReplay {
66
typedef struct SAKey {
67
char name[CRYPTO_MAX_ALG_NAME];
69
char key[CRYPTO_MAX_KEY_BYTES];
72
typedef struct SAKeying {
77
typedef struct SAIdent {
86
/** Security assocation (SA). */
87
typedef struct SAState {
92
/** Security flags. */
95
struct SAKeying keying;
96
/** Byte counts etc. */
97
struct SACounts counts;
98
/** Byte limits etc. */
99
struct SALimits limits;
100
/** Replay protection. */
101
struct SAReplay replay;
102
/** Digest algorithm. */
104
/** Cipher algorithm. */
106
/** Compress algorith. */
107
struct SAKey compress;
108
/** SA type (ESP, AH). */
110
/** Data for the SA type to use. */
114
typedef struct SAType {
117
int (*init)(SAState *state, void *args);
118
void (*fini)(SAState *state);
119
int (*recv)(SAState *state, struct sk_buff *skb);
120
int (*send)(SAState *state, struct sk_buff *skb, struct Tunnel *tunnel);
121
u32 (*size)(SAState *state, int size);
124
/** Information needed to create an SA.
125
* Unused algorithms have zero key size.
127
typedef struct SAInfo {
130
/** Security flags. */
132
/** Digest algorithm and key. */
134
/** Cipher algorithm and key. */
136
/** Compress algorithm and key. */
138
/** SA lifetime limits. */
140
/** Replay protection window. */
150
extern int SAType_add(SAType *type);
151
extern int SAType_del(SAType *type);
152
extern int SAType_get(int protocol, SAType **type);
154
extern int sa_table_init(void);
155
extern void sa_table_exit(void);
156
extern int sa_table_delete(SAState *state);
157
extern int sa_table_add(SAState *state);
158
extern SAState * sa_table_lookup_spi(u32 spi, u32 protocol, u32 addr);
159
extern SAState * sa_table_lookup_id(u32 id);
161
/** Increment reference count.
163
* @param sa security association (may be null)
165
static inline void SAState_incref(SAState *sa){
167
atomic_inc(&sa->refcount);
170
/** Decrement reference count, freeing if zero.
172
* @param sa security association (may be null)
174
static inline void SAState_decref(SAState *sa){
176
if(atomic_dec_and_test(&sa->refcount)){
182
extern SAState *SAState_alloc(void);
183
extern int SAState_init(SAIdent *id, SAState **statep);
184
extern int SAState_create(SAInfo *info, SAState **statep);
186
static inline int SAState_send(SAState *sa, struct sk_buff *skb, struct Tunnel *tunnel){
187
return sa->type->send(sa, skb, tunnel);
190
static inline int SAState_recv(SAState *sa, struct sk_buff *skb){
191
return sa->type->recv(sa, skb);
194
static inline int SAState_size(SAState *sa, int n){
195
return sa->type->size(sa, n);
198
extern int sa_create(int security, u32 spi, u32 protocol, u32 addr, SAState **sa);
199
extern int sa_set(SAInfo *info, int update, SAState **val);
200
extern int sa_delete(int id);
208
SA_STATE_ACQUIRE = 1,
212
extern int sa_tunnel_create(struct Vnet *info, struct VarpAddr *addr,
213
struct Tunnel *base, struct Tunnel **tunnel);
215
#endif /* !__VNET_SA_H__ */