diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-01-28 22:37:29 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:03 -0500 |
| commit | 1a6509d991225ad210de54c63314fd9542922095 (patch) | |
| tree | afe5c560388558bebd3e21b7c6f789a28a323a51 /include | |
| parent | 6fbf2cb77461a0cd0675228d20dd0f70d7b2251f (diff) | |
[IPSEC]: Add support for combined mode algorithms
This patch adds support for combined mode algorithms with GCM being
the first algorithm supported.
Combined mode algorithms can be added through the xfrm_user interface
using the new algorithm payload type XFRMA_ALG_AEAD. Each algorithms
is identified by its name and the ICV length.
For the purposes of matching algorithms in xfrm_tmpl structures,
combined mode algorithms occupy the same name space as encryption
algorithms. This is in line with how they are negotiated using IKE.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/pfkeyv2.h | 6 | ||||
| -rw-r--r-- | include/linux/xfrm.h | 8 | ||||
| -rw-r--r-- | include/net/xfrm.h | 8 |
3 files changed, 22 insertions, 0 deletions
diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h index d9db5f62ee48..6db69ff5d83e 100644 --- a/include/linux/pfkeyv2.h +++ b/include/linux/pfkeyv2.h | |||
| @@ -298,6 +298,12 @@ struct sadb_x_sec_ctx { | |||
| 298 | #define SADB_X_EALG_BLOWFISHCBC 7 | 298 | #define SADB_X_EALG_BLOWFISHCBC 7 |
| 299 | #define SADB_EALG_NULL 11 | 299 | #define SADB_EALG_NULL 11 |
| 300 | #define SADB_X_EALG_AESCBC 12 | 300 | #define SADB_X_EALG_AESCBC 12 |
| 301 | #define SADB_X_EALG_AES_CCM_ICV8 14 | ||
| 302 | #define SADB_X_EALG_AES_CCM_ICV12 15 | ||
| 303 | #define SADB_X_EALG_AES_CCM_ICV16 16 | ||
| 304 | #define SADB_X_EALG_AES_GCM_ICV8 18 | ||
| 305 | #define SADB_X_EALG_AES_GCM_ICV12 19 | ||
| 306 | #define SADB_X_EALG_AES_GCM_ICV16 20 | ||
| 301 | #define SADB_X_EALG_CAMELLIACBC 22 | 307 | #define SADB_X_EALG_CAMELLIACBC 22 |
| 302 | #define SADB_EALG_MAX 253 /* last EALG */ | 308 | #define SADB_EALG_MAX 253 /* last EALG */ |
| 303 | /* private allocations should use 249-255 (RFC2407) */ | 309 | /* private allocations should use 249-255 (RFC2407) */ |
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 9b5b00c4ef9d..e31b8c84f2c9 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h | |||
| @@ -96,6 +96,13 @@ struct xfrm_algo { | |||
| 96 | char alg_key[0]; | 96 | char alg_key[0]; |
| 97 | }; | 97 | }; |
| 98 | 98 | ||
| 99 | struct xfrm_algo_aead { | ||
| 100 | char alg_name[64]; | ||
| 101 | int alg_key_len; /* in bits */ | ||
| 102 | int alg_icv_len; /* in bits */ | ||
| 103 | char alg_key[0]; | ||
| 104 | }; | ||
| 105 | |||
| 99 | struct xfrm_stats { | 106 | struct xfrm_stats { |
| 100 | __u32 replay_window; | 107 | __u32 replay_window; |
| 101 | __u32 replay; | 108 | __u32 replay; |
| @@ -270,6 +277,7 @@ enum xfrm_attr_type_t { | |||
| 270 | XFRMA_LASTUSED, | 277 | XFRMA_LASTUSED, |
| 271 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ | 278 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ |
| 272 | XFRMA_MIGRATE, | 279 | XFRMA_MIGRATE, |
| 280 | XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ | ||
| 273 | __XFRMA_MAX | 281 | __XFRMA_MAX |
| 274 | 282 | ||
| 275 | #define XFRMA_MAX (__XFRMA_MAX - 1) | 283 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5ebb9ba479b1..34d373775a0e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -159,6 +159,7 @@ struct xfrm_state | |||
| 159 | struct xfrm_algo *aalg; | 159 | struct xfrm_algo *aalg; |
| 160 | struct xfrm_algo *ealg; | 160 | struct xfrm_algo *ealg; |
| 161 | struct xfrm_algo *calg; | 161 | struct xfrm_algo *calg; |
| 162 | struct xfrm_algo_aead *aead; | ||
| 162 | 163 | ||
| 163 | /* Data for encapsulator */ | 164 | /* Data for encapsulator */ |
| 164 | struct xfrm_encap_tmpl *encap; | 165 | struct xfrm_encap_tmpl *encap; |
| @@ -1108,6 +1109,10 @@ static inline int xfrm_id_proto_match(u8 proto, u8 userproto) | |||
| 1108 | /* | 1109 | /* |
| 1109 | * xfrm algorithm information | 1110 | * xfrm algorithm information |
| 1110 | */ | 1111 | */ |
| 1112 | struct xfrm_algo_aead_info { | ||
| 1113 | u16 icv_truncbits; | ||
| 1114 | }; | ||
| 1115 | |||
| 1111 | struct xfrm_algo_auth_info { | 1116 | struct xfrm_algo_auth_info { |
| 1112 | u16 icv_truncbits; | 1117 | u16 icv_truncbits; |
| 1113 | u16 icv_fullbits; | 1118 | u16 icv_fullbits; |
| @@ -1127,6 +1132,7 @@ struct xfrm_algo_desc { | |||
| 1127 | char *compat; | 1132 | char *compat; |
| 1128 | u8 available:1; | 1133 | u8 available:1; |
| 1129 | union { | 1134 | union { |
| 1135 | struct xfrm_algo_aead_info aead; | ||
| 1130 | struct xfrm_algo_auth_info auth; | 1136 | struct xfrm_algo_auth_info auth; |
| 1131 | struct xfrm_algo_encr_info encr; | 1137 | struct xfrm_algo_encr_info encr; |
| 1132 | struct xfrm_algo_comp_info comp; | 1138 | struct xfrm_algo_comp_info comp; |
| @@ -1343,6 +1349,8 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id); | |||
| 1343 | extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); | 1349 | extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); |
| 1344 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); | 1350 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); |
| 1345 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); | 1351 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); |
| 1352 | extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, | ||
| 1353 | int probe); | ||
| 1346 | 1354 | ||
| 1347 | struct hash_desc; | 1355 | struct hash_desc; |
| 1348 | struct scatterlist; | 1356 | struct scatterlist; |