mirror of https://github.com/apache/cloudstack.git
216 lines
5.1 KiB
C
216 lines
5.1 KiB
C
/*
|
|
* Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free software Foundation, Inc.,
|
|
* 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
*/
|
|
#ifndef __VNET_SA_H__
|
|
#define __VNET_SA_H__
|
|
|
|
#ifdef __KERNEL__
|
|
#include <linux/types.h>
|
|
#include <linux/crypto.h>
|
|
|
|
#else
|
|
|
|
#include "sys_kernel.h"
|
|
|
|
#endif
|
|
|
|
struct Vnet;
|
|
struct VarpAddr;
|
|
struct Tunnel;
|
|
|
|
#ifndef CRYPTO_MAX_KEY_BYTES
|
|
#define CRYPTO_MAX_KEY_BYTES 64
|
|
#define CRYPTO_MAX_KEY_BITS (CRYPTO_MAX_KEY_BYTES * 8)
|
|
#endif
|
|
|
|
#ifndef CRYPTO_MAX_ALG_NAME
|
|
#define CRYPTO_MAX_ALG_NAME 64
|
|
#endif
|
|
|
|
typedef struct SALimits {
|
|
u64 bytes_soft;
|
|
u64 bytes_hard;
|
|
u64 packets_soft;
|
|
u64 packets_hard;
|
|
} SALimits;
|
|
|
|
typedef struct SACounts {
|
|
u64 bytes;
|
|
u64 packets;
|
|
u32 integrity_failures;
|
|
} SACounts;
|
|
|
|
typedef struct SAReplay {
|
|
int replay;
|
|
u32 send_seq;
|
|
u32 recv_seq;
|
|
u32 bitmap;
|
|
u32 replay_window;
|
|
} SAReplay;
|
|
|
|
typedef struct SAKey {
|
|
char name[CRYPTO_MAX_ALG_NAME];
|
|
int bits;
|
|
char key[CRYPTO_MAX_KEY_BYTES];
|
|
} SAKey;
|
|
|
|
typedef struct SAKeying {
|
|
u8 state;
|
|
u8 dying;
|
|
} SAKeying;
|
|
|
|
typedef struct SAIdent {
|
|
u32 id;
|
|
u32 spi;
|
|
u32 addr;
|
|
u32 protocol;
|
|
} SAIdent;
|
|
|
|
struct SAType;
|
|
|
|
/** Security assocation (SA). */
|
|
typedef struct SAState {
|
|
atomic_t refcount;
|
|
spinlock_t lock;
|
|
/** Identifier. */
|
|
struct SAIdent ident;
|
|
/** Security flags. */
|
|
int security;
|
|
/** Keying state. */
|
|
struct SAKeying keying;
|
|
/** Byte counts etc. */
|
|
struct SACounts counts;
|
|
/** Byte limits etc. */
|
|
struct SALimits limits;
|
|
/** Replay protection. */
|
|
struct SAReplay replay;
|
|
/** Digest algorithm. */
|
|
struct SAKey digest;
|
|
/** Cipher algorithm. */
|
|
struct SAKey cipher;
|
|
/** Compress algorith. */
|
|
struct SAKey compress;
|
|
/** SA type (ESP, AH). */
|
|
struct SAType *type;
|
|
/** Data for the SA type to use. */
|
|
void *data;
|
|
} SAState;
|
|
|
|
typedef struct SAType {
|
|
char *name;
|
|
int protocol;
|
|
int (*init)(SAState *state, void *args);
|
|
void (*fini)(SAState *state);
|
|
int (*recv)(SAState *state, struct sk_buff *skb);
|
|
int (*send)(SAState *state, struct sk_buff *skb, struct Tunnel *tunnel);
|
|
u32 (*size)(SAState *state, int size);
|
|
} SAType;
|
|
|
|
/** Information needed to create an SA.
|
|
* Unused algorithms have zero key size.
|
|
*/
|
|
typedef struct SAInfo {
|
|
/** Identifier. */
|
|
SAIdent ident;
|
|
/** Security flags. */
|
|
int security;
|
|
/** Digest algorithm and key. */
|
|
SAKey digest;
|
|
/** Cipher algorithm and key. */
|
|
SAKey cipher;
|
|
/** Compress algorithm and key. */
|
|
SAKey compress;
|
|
/** SA lifetime limits. */
|
|
SALimits limits;
|
|
/** Replay protection window. */
|
|
int replay_window;
|
|
} SAInfo;
|
|
|
|
enum sa_alg_type {
|
|
SA_ALG_DIGEST = 1,
|
|
SA_ALG_CIPHER = 2,
|
|
SA_ALG_COMPRESS = 3,
|
|
};
|
|
|
|
extern int SAType_add(SAType *type);
|
|
extern int SAType_del(SAType *type);
|
|
extern int SAType_get(int protocol, SAType **type);
|
|
|
|
extern int sa_table_init(void);
|
|
extern void sa_table_exit(void);
|
|
extern int sa_table_delete(SAState *state);
|
|
extern int sa_table_add(SAState *state);
|
|
extern SAState * sa_table_lookup_spi(u32 spi, u32 protocol, u32 addr);
|
|
extern SAState * sa_table_lookup_id(u32 id);
|
|
|
|
/** Increment reference count.
|
|
*
|
|
* @param sa security association (may be null)
|
|
*/
|
|
static inline void SAState_incref(SAState *sa){
|
|
if(!sa) return;
|
|
atomic_inc(&sa->refcount);
|
|
}
|
|
|
|
/** Decrement reference count, freeing if zero.
|
|
*
|
|
* @param sa security association (may be null)
|
|
*/
|
|
static inline void SAState_decref(SAState *sa){
|
|
if(!sa) return;
|
|
if(atomic_dec_and_test(&sa->refcount)){
|
|
sa->type->fini(sa);
|
|
kfree(sa);
|
|
}
|
|
}
|
|
|
|
extern SAState *SAState_alloc(void);
|
|
extern int SAState_init(SAIdent *id, SAState **statep);
|
|
extern int SAState_create(SAInfo *info, SAState **statep);
|
|
|
|
static inline int SAState_send(SAState *sa, struct sk_buff *skb, struct Tunnel *tunnel){
|
|
return sa->type->send(sa, skb, tunnel);
|
|
}
|
|
|
|
static inline int SAState_recv(SAState *sa, struct sk_buff *skb){
|
|
return sa->type->recv(sa, skb);
|
|
}
|
|
|
|
static inline int SAState_size(SAState *sa, int n){
|
|
return sa->type->size(sa, n);
|
|
}
|
|
|
|
extern int sa_create(int security, u32 spi, u32 protocol, u32 addr, SAState **sa);
|
|
extern int sa_set(SAInfo *info, int update, SAState **val);
|
|
extern int sa_delete(int id);
|
|
|
|
enum {
|
|
SA_AUTH = 1,
|
|
SA_CONF = 2
|
|
};
|
|
|
|
enum {
|
|
SA_STATE_ACQUIRE = 1,
|
|
SA_STATE_VALID = 2,
|
|
};
|
|
|
|
extern int sa_tunnel_create(struct Vnet *info, struct VarpAddr *addr,
|
|
struct Tunnel *base, struct Tunnel **tunnel);
|
|
|
|
#endif /* !__VNET_SA_H__ */
|