]>
git.ipfire.org Git - people/ms/strongswan.git/blob - linux/include/freeswan/ipsec_alg.h
2 * Modular extensions service and registration functions interface
4 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
6 * $Id: ipsec_alg.h,v 1.2 2004/03/22 21:53:18 as Exp $
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the
12 * Free Software Foundation; either version 2 of the License, or (at your
13 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25 * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__
26 * *BUT* its a compiler variable.
30 #define __FUNCTION__ __func__
35 #define IPSEC_ALG_VERSION 0x00080100
37 #include <linux/types.h>
38 #include <linux/list.h>
39 #include <asm/atomic.h>
41 * The following structs are used via pointers in ipsec_alg object to
42 * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying
48 /**************************************
50 * Main registration object
52 *************************************/
53 #define IPSEC_ALG_VERSION_QUAD(v) \
54 (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff)
56 * Main ipsec_alg objects: "OOPrograming wannabe"
57 * Hierachy (carefully handled with _minimal_ cast'ing):
60 * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT)
61 * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH)
64 /***************************************************************
66 * INTERFACE object: struct ipsec_alg
68 ***************************************************************/
71 * common part for every struct ipsec_alg_*
72 * (sortof poor's man OOP)
74 #define IPSEC_ALG_STRUCT_COMMON \
75 unsigned ixt_version; /* only allow this version (or 'near')*/ \
76 struct list_head ixt_list; /* dlinked list */ \
77 struct module *ixt_module; /* THIS_MODULE */ \
78 unsigned ixt_state; /* state flags */ \
79 atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \
80 char ixt_name[16]; /* descriptive short name, eg. "3des" */ \
81 void *ixt_data; /* private for algo implementation */ \
82 uint8_t ixt_blocksize; /* blocksize in bytes */ \
84 /* THIS IS A COPY of struct supported (lib/pfkey.h) \
85 * please keep in sync until we migrate 'supported' stuff \
88 uint16_t ixt_alg_type; /* correspond to IPSEC_ALG_{ENCRYPT,AUTH} */ \
89 uint8_t ixt_alg_id; /* enc. alg. number, eg. ESP_3DES */ \
90 uint8_t ixt_ivlen; /* ivlen in bits, expected to be multiple of 8! */ \
91 uint16_t ixt_keyminbits;/* min. keybits (of entropy) */ \
92 uint16_t ixt_keymaxbits;/* max. keybits (of entropy) */
94 #define ixt_support ixt_alg_type
96 #define IPSEC_ALG_ST_SUPP 0x01
97 #define IPSEC_ALG_ST_REGISTERED 0x02
98 #define IPSEC_ALG_ST_EXCL 0x04
100 IPSEC_ALG_STRUCT_COMMON
103 * Note the const in cbc_encrypt IV arg:
104 * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy
106 struct ipsec_alg_enc
{
107 IPSEC_ALG_STRUCT_COMMON
108 unsigned ixt_e_keylen
; /* raw key length in bytes */
109 unsigned ixt_e_ctx_size
; /* sa_p->key_e_size */
110 int (*ixt_e_set_key
)(struct ipsec_alg_enc
*alg
, __u8
*key_e
, const __u8
*key
, size_t keysize
);
111 __u8
*(*ixt_e_new_key
)(struct ipsec_alg_enc
*alg
, const __u8
*key
, size_t keysize
);
112 void (*ixt_e_destroy_key
)(struct ipsec_alg_enc
*alg
, __u8
*key_e
);
113 int (*ixt_e_cbc_encrypt
)(struct ipsec_alg_enc
*alg
, __u8
*key_e
, __u8
*in
, int ilen
, const __u8
*iv
, int encrypt
);
115 struct ipsec_alg_auth
{
116 IPSEC_ALG_STRUCT_COMMON
117 unsigned ixt_a_keylen
; /* raw key length in bytes */
118 unsigned ixt_a_ctx_size
; /* sa_p->key_a_size */
119 unsigned ixt_a_authlen
; /* 'natural' auth. hash len (bytes) */
120 int (*ixt_a_hmac_set_key
)(struct ipsec_alg_auth
*alg
, __u8
*key_a
, const __u8
*key
, int keylen
);
121 int (*ixt_a_hmac_hash
)(struct ipsec_alg_auth
*alg
, __u8
*key_a
, const __u8
*dat
, int len
, __u8
*hash
, int hashlen
);
124 * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT},
125 * to avoid header coupling for true constants
126 * about headers ... "cp is your friend" --Linus
128 #define IPSEC_ALG_TYPE_AUTH 14
129 #define IPSEC_ALG_TYPE_ENCRYPT 15
131 /***************************************************************
133 * INTERFACE for module loading,testing, and unloading
135 ***************************************************************/
136 /* - registration calls */
137 int register_ipsec_alg(struct ipsec_alg
*);
138 int unregister_ipsec_alg(struct ipsec_alg
*);
139 /* - optional (simple test) for algos */
140 int ipsec_alg_test(unsigned alg_type
, unsigned alg_id
, int testparm
);
141 /* inline wrappers (usefull for type validation */
142 static inline int register_ipsec_alg_enc(struct ipsec_alg_enc
*ixt
) {
143 return register_ipsec_alg((struct ipsec_alg
*)ixt
);
145 static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc
*ixt
) {
146 return unregister_ipsec_alg((struct ipsec_alg
*)ixt
);
148 static inline int register_ipsec_alg_auth(struct ipsec_alg_auth
*ixt
) {
149 return register_ipsec_alg((struct ipsec_alg
*)ixt
);
151 static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth
*ixt
) {
152 return unregister_ipsec_alg((struct ipsec_alg
*)ixt
);
155 /*****************************************************************
157 * INTERFACE for ENC services: key creation, encrypt function
159 *****************************************************************/
161 #define IPSEC_ALG_ENCRYPT 1
162 #define IPSEC_ALG_DECRYPT 0
164 /* encryption key context creation function */
165 int ipsec_alg_enc_key_create(struct ipsec_sa
*sa_p
);
167 * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns
170 int ipsec_alg_esp_encrypt(struct ipsec_sa
*sa_p
, __u8
*idat
, int ilen
, const __u8
*iv
, int action
);
172 /***************************************************************
174 * INTERFACE for AUTH services: key creation, hash functions
176 ***************************************************************/
177 int ipsec_alg_auth_key_create(struct ipsec_sa
*sa_p
);
178 int ipsec_alg_sa_esp_hash(const struct ipsec_sa
*sa_p
, const __u8
*espp
, int len
, __u8
*hash
, int hashlen
) ;
179 #define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0)
181 /* only called from ipsec_init.c */
182 int ipsec_alg_init(void);
184 /* algo module glue for static algos */
185 void ipsec_alg_static_init(void);
186 typedef int (*ipsec_alg_init_func_t
) (void);
188 /**********************************************
190 * INTERFACE for ipsec_sa init and wipe
192 **********************************************/
194 /* returns true if ipsec_sa has ipsec_alg obj attached */
196 * Initializes ipsec_sa's ipsec_alg object, using already loaded
197 * proto, authalg, encalg.; links ipsec_alg objects (enc, auth)
199 int ipsec_alg_sa_init(struct ipsec_sa
*sa_p
);
201 * Destroys ipsec_sa's ipsec_alg object
202 * unlinking ipsec_alg objects
204 int ipsec_alg_sa_wipe(struct ipsec_sa
*sa_p
);
206 /**********************************************
208 * 2.2 backport for some 2.4 useful module stuff
210 **********************************************/
213 #define THIS_MODULE (&__this_module)
216 typedef int (*__init_module_func_t
)(void);
217 typedef void (*__cleanup_module_func_t
)(void);
219 #define module_init(x) \
220 int init_module(void) __attribute__((alias(#x))); \
221 static inline __init_module_func_t __init_module_inline(void) \
223 #define module_exit(x) \
224 void cleanup_module(void) __attribute__((alias(#x))); \
225 static inline __cleanup_module_func_t __cleanup_module_inline(void) \
229 #define IPSEC_ALG_MODULE_INIT( func_name ) \
230 static int func_name(void); \
231 module_init(func_name); \
232 static int __init func_name(void)
233 #define IPSEC_ALG_MODULE_EXIT( func_name ) \
234 static void func_name(void); \
235 module_exit(func_name); \
236 static void __exit func_name(void)
237 #else /* not MODULE */
239 #define THIS_MODULE NULL
242 * I only want module_init() magic
243 * when algo.c file *is THE MODULE*, in all other
244 * cases, initialization is called explicitely from ipsec_alg_init()
246 #define IPSEC_ALG_MODULE_INIT( func_name ) \
247 extern int func_name(void); \
249 #define IPSEC_ALG_MODULE_EXIT( func_name ) \
250 extern void func_name(void); \
254 #endif /* IPSEC_ALG_H */