Changeset View
Changeset View
Standalone View
Standalone View
netipsec/keydb.h
Show All 29 Lines | |||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
*/ | */ | ||||
#ifndef _NETIPSEC_KEYDB_H_ | #ifndef _NETIPSEC_KEYDB_H_ | ||||
#define _NETIPSEC_KEYDB_H_ | #define _NETIPSEC_KEYDB_H_ | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
#include <sys/mutex.h> | |||||
#include <netipsec/key_var.h> | #include <netipsec/key_var.h> | ||||
#ifndef _SOCKADDR_UNION_DEFINED | #ifndef _SOCKADDR_UNION_DEFINED | ||||
#define _SOCKADDR_UNION_DEFINED | #define _SOCKADDR_UNION_DEFINED | ||||
/* | /* | ||||
* The union of all possible address formats we handle. | * The union of all possible address formats we handle. | ||||
*/ | */ | ||||
union sockaddr_union { | union sockaddr_union { | ||||
▲ Show 20 Lines • Show All 55 Lines • ▼ Show 20 Lines | LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; | ||||
/* The first of this list is newer SA */ | /* The first of this list is newer SA */ | ||||
}; | }; | ||||
struct xformsw; | struct xformsw; | ||||
struct enc_xform; | struct enc_xform; | ||||
struct auth_hash; | struct auth_hash; | ||||
struct comp_algo; | struct comp_algo; | ||||
/* Security Association */ | /* Security Association | ||||
* (m) locked by mtx | |||||
* (c) read only except during creation / free | |||||
*/ | |||||
struct secasvar { | struct secasvar { | ||||
LIST_ENTRY(secasvar) chain; | LIST_ENTRY(secasvar) chain; | ||||
struct mtx lock; /* update/access lock */ | struct mtx lock; /* update/access lock */ | ||||
u_int refcnt; /* reference count */ | u_int refcnt; /* reference count */ | ||||
u_int8_t state; /* Status of this Association */ | u_int8_t state; /* Status of this Association */ | ||||
u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ | u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ | ||||
u_int8_t alg_enc; /* Cipher Algorithm Identifier */ | u_int8_t alg_enc; /* Cipher Algorithm Identifier */ | ||||
u_int8_t alg_comp; /* Compression Algorithm Identifier */ | u_int8_t alg_comp; /* Compression Algorithm Identifier */ | ||||
u_int32_t spi; /* SPI Value, network byte order */ | u_int32_t spi; /* SPI Value, network byte order */ | ||||
u_int32_t flags; /* holder for SADB_KEY_FLAGS */ | u_int32_t flags; /* holder for SADB_KEY_FLAGS */ | ||||
struct seckey *key_auth; /* Key for Authentication */ | struct seckey *key_auth; /* Key for Authentication */ | ||||
struct seckey *key_enc; /* Key for Encryption */ | struct seckey *key_enc; /* Key for Encryption */ | ||||
u_int ivlen; /* length of IV */ | u_int ivlen; /* length of IV */ | ||||
void *sched; /* intermediate encryption key */ | void *sched; /* intermediate encryption key */ | ||||
size_t schedlen; | size_t schedlen; | ||||
uint64_t cntr; /* counter for GCM and CTR */ | uint64_t cntr; /* counter for GCM and CTR */ | ||||
struct secreplay *replay; /* replay prevention */ | struct secreplay *replay; /* (m) replay prevention */ | ||||
time_t created; /* for lifetime */ | time_t created; /* for lifetime */ | ||||
struct seclifetime *lft_c; /* CURRENT lifetime, it's constant. */ | struct seclifetime *lft_c; /* CURRENT lifetime, it's constant. */ | ||||
struct seclifetime *lft_h; /* HARD lifetime */ | struct seclifetime *lft_h; /* HARD lifetime */ | ||||
struct seclifetime *lft_s; /* SOFT lifetime */ | struct seclifetime *lft_s; /* SOFT lifetime */ | ||||
u_int32_t seq; /* sequence number */ | u_int32_t seq; /* sequence number */ | ||||
pid_t pid; /* message's pid */ | pid_t pid; /* message's pid */ | ||||
Show All 27 Lines | |||||
#define SAV_ISGCM(_sav) \ | #define SAV_ISGCM(_sav) \ | ||||
((_sav)->alg_enc == SADB_X_EALG_AESGCM8 || \ | ((_sav)->alg_enc == SADB_X_EALG_AESGCM8 || \ | ||||
(_sav)->alg_enc == SADB_X_EALG_AESGCM12 || \ | (_sav)->alg_enc == SADB_X_EALG_AESGCM12 || \ | ||||
(_sav)->alg_enc == SADB_X_EALG_AESGCM16) | (_sav)->alg_enc == SADB_X_EALG_AESGCM16) | ||||
#define SAV_ISCTR(_sav) ((_sav)->alg_enc == SADB_X_EALG_AESCTR) | #define SAV_ISCTR(_sav) ((_sav)->alg_enc == SADB_X_EALG_AESCTR) | ||||
#define SAV_ISCTRORGCM(_sav) (SAV_ISCTR((_sav)) || SAV_ISGCM((_sav))) | #define SAV_ISCTRORGCM(_sav) (SAV_ISCTR((_sav)) || SAV_ISGCM((_sav))) | ||||
/* replay prevention */ | /* replay prevention */ | ||||
#define IPSEC_MAX_REPLAY_WSIZE 536870908 /* (UINT32_MAX+1 - 32)/8 */ | |||||
struct secreplay { | struct secreplay { | ||||
u_int32_t count; | u_int32_t count; | ||||
u_int wsize; /* window size, i.g. 4 bytes */ | u_int wsize; /* window size, i.g. 4 bytes */ | ||||
u_int32_t seq; /* used by sender */ | u_int32_t seq; /* used by sender */ | ||||
u_int32_t lastseq; /* used by receiver */ | u_int32_t lastseq; /* used by receiver */ | ||||
caddr_t bitmap; /* used by receiver */ | u_int32_t *bitmap; /* used by receiver */ | ||||
u_int bitmap_size; /* size of the bitmap array */ | |||||
int overflow; /* overflow flag */ | int overflow; /* overflow flag */ | ||||
}; | }; | ||||
/* socket table due to send PF_KEY messages. */ | /* socket table due to send PF_KEY messages. */ | ||||
struct secreg { | struct secreg { | ||||
LIST_ENTRY(secreg) chain; | LIST_ENTRY(secreg) chain; | ||||
struct socket *so; | struct socket *so; | ||||
Show All 38 Lines |