diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-01-28 22:37:29 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:03 -0500 |
| commit | 1a6509d991225ad210de54c63314fd9542922095 (patch) | |
| tree | afe5c560388558bebd3e21b7c6f789a28a323a51 /include/net | |
| parent | 6fbf2cb77461a0cd0675228d20dd0f70d7b2251f (diff) | |
[IPSEC]: Add support for combined mode algorithms
This patch adds support for combined mode algorithms with GCM being
the first algorithm supported.
Combined mode algorithms can be added through the xfrm_user interface
using the new algorithm payload type XFRMA_ALG_AEAD. Each algorithms
is identified by its name and the ICV length.
For the purposes of matching algorithms in xfrm_tmpl structures,
combined mode algorithms occupy the same name space as encryption
algorithms. This is in line with how they are negotiated using IKE.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/xfrm.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5ebb9ba479b1..34d373775a0e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -159,6 +159,7 @@ struct xfrm_state | |||
| 159 | struct xfrm_algo *aalg; | 159 | struct xfrm_algo *aalg; |
| 160 | struct xfrm_algo *ealg; | 160 | struct xfrm_algo *ealg; |
| 161 | struct xfrm_algo *calg; | 161 | struct xfrm_algo *calg; |
| 162 | struct xfrm_algo_aead *aead; | ||
| 162 | 163 | ||
| 163 | /* Data for encapsulator */ | 164 | /* Data for encapsulator */ |
| 164 | struct xfrm_encap_tmpl *encap; | 165 | struct xfrm_encap_tmpl *encap; |
| @@ -1108,6 +1109,10 @@ static inline int xfrm_id_proto_match(u8 proto, u8 userproto) | |||
| 1108 | /* | 1109 | /* |
| 1109 | * xfrm algorithm information | 1110 | * xfrm algorithm information |
| 1110 | */ | 1111 | */ |
| 1112 | struct xfrm_algo_aead_info { | ||
| 1113 | u16 icv_truncbits; | ||
| 1114 | }; | ||
| 1115 | |||
| 1111 | struct xfrm_algo_auth_info { | 1116 | struct xfrm_algo_auth_info { |
| 1112 | u16 icv_truncbits; | 1117 | u16 icv_truncbits; |
| 1113 | u16 icv_fullbits; | 1118 | u16 icv_fullbits; |
| @@ -1127,6 +1132,7 @@ struct xfrm_algo_desc { | |||
| 1127 | char *compat; | 1132 | char *compat; |
| 1128 | u8 available:1; | 1133 | u8 available:1; |
| 1129 | union { | 1134 | union { |
| 1135 | struct xfrm_algo_aead_info aead; | ||
| 1130 | struct xfrm_algo_auth_info auth; | 1136 | struct xfrm_algo_auth_info auth; |
| 1131 | struct xfrm_algo_encr_info encr; | 1137 | struct xfrm_algo_encr_info encr; |
| 1132 | struct xfrm_algo_comp_info comp; | 1138 | struct xfrm_algo_comp_info comp; |
| @@ -1343,6 +1349,8 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id); | |||
| 1343 | extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); | 1349 | extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); |
| 1344 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); | 1350 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); |
| 1345 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); | 1351 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); |
| 1352 | extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, | ||
| 1353 | int probe); | ||
| 1346 | 1354 | ||
| 1347 | struct hash_desc; | 1355 | struct hash_desc; |
| 1348 | struct scatterlist; | 1356 | struct scatterlist; |