source: trunk/packages/xen-common/xen-common/tools/vnet/vnet-module/sa.h @ 34

Last change on this file since 34 was 34, checked in by hartmans, 17 years ago

Add xen and xen-common
File size: 5.1 KB
Line 
1/*
2 * Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free software Foundation, Inc.,
16 * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
17 *
18 */
19#ifndef __VNET_SA_H__
20#define __VNET_SA_H__
21
22#ifdef __KERNEL__
23#include <linux/types.h>
24#include <linux/crypto.h>
25
26#else
27
28#include "sys_kernel.h"
29
30#endif
31
32struct Vnet;
33struct VarpAddr;
34struct Tunnel;
35
36#ifndef CRYPTO_MAX_KEY_BYTES
37#define CRYPTO_MAX_KEY_BYTES            64
38#define CRYPTO_MAX_KEY_BITS             (CRYPTO_MAX_KEY_BYTES * 8)
39#endif
40
41#ifndef CRYPTO_MAX_ALG_NAME
42#define CRYPTO_MAX_ALG_NAME             64
43#endif
44
45typedef struct SALimits {
46    u64 bytes_soft;
47    u64 bytes_hard;
48    u64 packets_soft;
49    u64 packets_hard;
50} SALimits;
51
52typedef struct SACounts {
53    u64 bytes;
54    u64 packets;
55    u32 integrity_failures;
56} SACounts;
57
58typedef struct SAReplay {
59    int replay;
60    u32 send_seq;
61    u32 recv_seq;
62    u32 bitmap;
63    u32 replay_window;
64} SAReplay;
65
66typedef struct SAKey {
67    char name[CRYPTO_MAX_ALG_NAME];
68    int bits;
69    char key[CRYPTO_MAX_KEY_BYTES];
70} SAKey;
71
72typedef struct SAKeying {
73    u8 state;
74    u8 dying;
75} SAKeying;
76
77typedef struct SAIdent {
78    u32 id;
79    u32 spi;
80    u32 addr;
81    u32 protocol;
82} SAIdent;
83
84struct SAType;
85
86/** Security assocation (SA). */
87typedef struct SAState {
88    atomic_t refcount;
89    spinlock_t lock;
90    /** Identifier. */
91    struct SAIdent ident;
92    /** Security flags. */
93    int security;
94    /** Keying state. */
95    struct SAKeying keying;
96    /** Byte counts etc. */
97    struct SACounts counts;
98    /** Byte limits etc. */
99    struct SALimits limits;
100    /** Replay protection. */
101    struct SAReplay replay;
102    /** Digest algorithm. */
103    struct SAKey digest;
104    /** Cipher algorithm. */
105    struct SAKey cipher;
106    /** Compress algorith. */
107    struct SAKey compress;
108    /** SA type (ESP, AH). */
109    struct SAType *type;
110    /** Data for the SA type to use. */
111    void *data;
112} SAState;
113   
114typedef struct SAType {
115    char *name;
116    int protocol;
117    int (*init)(SAState *state, void *args);
118    void (*fini)(SAState *state);
119    int (*recv)(SAState *state, struct sk_buff *skb);
120    int (*send)(SAState *state, struct sk_buff *skb, struct Tunnel *tunnel);
121    u32 (*size)(SAState *state, int size);
122} SAType;
123
124/** Information needed to create an SA.
125 * Unused algorithms have zero key size.
126 */
127typedef struct SAInfo {
128    /** Identifier. */
129    SAIdent ident;
130    /** Security flags. */
131    int security;
132    /** Digest algorithm and key. */
133    SAKey digest;
134    /** Cipher algorithm and key. */
135    SAKey cipher;
136    /** Compress algorithm and key. */
137    SAKey compress;
138    /** SA lifetime limits. */
139    SALimits limits;
140    /** Replay protection window. */
141    int replay_window;
142} SAInfo;
143
144enum sa_alg_type {
145    SA_ALG_DIGEST = 1,
146    SA_ALG_CIPHER = 2,
147    SA_ALG_COMPRESS = 3,
148};
149
150extern int SAType_add(SAType *type);
151extern int SAType_del(SAType *type);
152extern int SAType_get(int protocol, SAType **type);
153
154extern int sa_table_init(void);
155extern void sa_table_exit(void);
156extern int sa_table_delete(SAState *state);
157extern int sa_table_add(SAState *state);
158extern SAState * sa_table_lookup_spi(u32 spi, u32 protocol, u32 addr);
159extern SAState * sa_table_lookup_id(u32 id);
160
161/** Increment reference count.
162 *
163 * @param sa security association (may be null)
164 */
165static inline void SAState_incref(SAState *sa){
166    if(!sa) return;
167    atomic_inc(&sa->refcount);
168}
169
170/** Decrement reference count, freeing if zero.
171 *
172 * @param sa security association (may be null)
173 */
174static inline void SAState_decref(SAState *sa){
175    if(!sa) return;
176    if(atomic_dec_and_test(&sa->refcount)){
177        sa->type->fini(sa);
178        kfree(sa);
179    }
180}
181
182extern SAState *SAState_alloc(void);
183extern int SAState_init(SAIdent *id, SAState **statep);
184extern int SAState_create(SAInfo *info, SAState **statep);
185
186static inline int SAState_send(SAState *sa, struct sk_buff *skb, struct Tunnel *tunnel){
187    return sa->type->send(sa, skb, tunnel);
188}
189
190static inline int SAState_recv(SAState *sa, struct sk_buff *skb){
191    return sa->type->recv(sa, skb);
192}
193
194static inline int SAState_size(SAState *sa, int n){
195    return sa->type->size(sa, n);
196}
197
198extern int sa_create(int security, u32 spi, u32 protocol, u32 addr, SAState **sa);
199extern int sa_set(SAInfo *info, int update, SAState **val);
200extern int sa_delete(int id);
201
202enum {
203    SA_AUTH = 1,
204    SA_CONF = 2
205};
206
207enum {
208    SA_STATE_ACQUIRE = 1,
209    SA_STATE_VALID   = 2,
210};
211
212extern int sa_tunnel_create(struct Vnet *info, struct VarpAddr *addr,
213                            struct Tunnel *base, struct Tunnel **tunnel);
214
215#endif /* !__VNET_SA_H__ */
Note: See TracBrowser for help on using the repository browser.