4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _INET_SADB_H
27 #define _INET_SADB_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 #include <inet/ipsec_info.h>
34 #include <sys/crypto/common.h>
35 #include <sys/crypto/api.h>
36 #include <sys/note.h>
37
38 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */
39
40 #define MAXSALTSIZE 8
41
42 /*
43 * For combined mode ciphers, store the crypto_mechanism_t in the
558 * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
559 */
560
561 typedef struct sadb_s
562 {
563 isaf_t *sdb_of;
564 isaf_t *sdb_if;
565 iacqf_t *sdb_acq;
566 int sdb_hashsize;
567 } sadb_t;
568
569 /*
570 * A pair of SADB's (one for v4, one for v6), and related state (including
571 * acquire callbacks).
572 */
573
574 typedef struct sadbp_s
575 {
576 uint32_t s_satype;
577 uint32_t *s_acquire_timeout;
578 void (*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *);
579 sadb_t s_v4;
580 sadb_t s_v6;
581 uint32_t s_addflags;
582 uint32_t s_updateflags;
583 } sadbp_t;
584
585 /*
586 * A pair of SA's for a single connection, the structure contains a
587 * pointer to a SA and the SA its paired with (opposite direction) as well
588 * as the SA's respective hash buckets.
589 */
590 typedef struct ipsap_s
591 {
592 boolean_t in_inbound_table;
593 isaf_t *ipsap_bucket;
594 ipsa_t *ipsap_sa_ptr;
595 isaf_t *ipsap_pbucket;
596 ipsa_t *ipsap_psa_ptr;
597 } ipsap_t;
598
898 extern void alg_flag_check(ipsec_alginfo_t *);
899 extern void ipsec_alg_free(ipsec_alginfo_t *);
900 extern void ipsec_register_prov_update(void);
901 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, netstack_t *);
902
903 extern int sadb_sens_len_from_label(ts_label_t *);
904 extern void sadb_sens_from_label(sadb_sens_t *, int, ts_label_t *, int);
905
906 /*
907 * Context templates management.
908 */
909
910 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
911 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \
912 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \
913 mutex_enter(&assoc->ipsa_lock); \
914 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \
915 ipsec_stack_t *ipss; \
916 \
917 ipss = assoc->ipsa_netstack->netstack_ipsec; \
918 mutex_enter(&ipss->ipsec_alg_lock); \
919 (void) ipsec_create_ctx_tmpl(_sa, _type); \
920 mutex_exit(&ipss->ipsec_alg_lock); \
921 } \
922 mutex_exit(&assoc->ipsa_lock); \
923 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \
924 _tmpl = NULL; \
925 } \
926 }
927
928 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
929 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
930
931 /* key checking */
932 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
933
934 typedef struct ipsec_kstats_s {
935 kstat_named_t esp_stat_in_requests;
936 kstat_named_t esp_stat_in_discards;
937 kstat_named_t esp_stat_lookup_failure;
938 kstat_named_t ah_stat_in_requests;
939 kstat_named_t ah_stat_in_discards;
940 kstat_named_t ah_stat_lookup_failure;
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 */
26
27 #ifndef _INET_SADB_H
28 #define _INET_SADB_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 #include <inet/ipsec_info.h>
35 #include <sys/crypto/common.h>
36 #include <sys/crypto/api.h>
37 #include <sys/note.h>
38
39 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */
40
41 #define MAXSALTSIZE 8
42
43 /*
44 * For combined mode ciphers, store the crypto_mechanism_t in the
559 * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
560 */
561
562 typedef struct sadb_s
563 {
564 isaf_t *sdb_of;
565 isaf_t *sdb_if;
566 iacqf_t *sdb_acq;
567 int sdb_hashsize;
568 } sadb_t;
569
570 /*
571 * A pair of SADB's (one for v4, one for v6), and related state (including
572 * acquire callbacks).
573 */
574
575 typedef struct sadbp_s
576 {
577 uint32_t s_satype;
578 uint32_t *s_acquire_timeout;
579 sadb_t s_v4;
580 sadb_t s_v6;
581 uint32_t s_addflags;
582 uint32_t s_updateflags;
583 } sadbp_t;
584
585 /*
586 * A pair of SA's for a single connection, the structure contains a
587 * pointer to a SA and the SA its paired with (opposite direction) as well
588 * as the SA's respective hash buckets.
589 */
590 typedef struct ipsap_s
591 {
592 boolean_t in_inbound_table;
593 isaf_t *ipsap_bucket;
594 ipsa_t *ipsap_sa_ptr;
595 isaf_t *ipsap_pbucket;
596 ipsa_t *ipsap_psa_ptr;
597 } ipsap_t;
598
898 extern void alg_flag_check(ipsec_alginfo_t *);
899 extern void ipsec_alg_free(ipsec_alginfo_t *);
900 extern void ipsec_register_prov_update(void);
901 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, netstack_t *);
902
903 extern int sadb_sens_len_from_label(ts_label_t *);
904 extern void sadb_sens_from_label(sadb_sens_t *, int, ts_label_t *, int);
905
906 /*
907 * Context templates management.
908 */
909
910 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
911 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \
912 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \
913 mutex_enter(&assoc->ipsa_lock); \
914 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \
915 ipsec_stack_t *ipss; \
916 \
917 ipss = assoc->ipsa_netstack->netstack_ipsec; \
918 rw_enter(&ipss->ipsec_alg_lock, RW_READER); \
919 (void) ipsec_create_ctx_tmpl(_sa, _type); \
920 rw_exit(&ipss->ipsec_alg_lock); \
921 } \
922 mutex_exit(&assoc->ipsa_lock); \
923 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \
924 _tmpl = NULL; \
925 } \
926 }
927
928 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
929 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
930
931 /* key checking */
932 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
933
934 typedef struct ipsec_kstats_s {
935 kstat_named_t esp_stat_in_requests;
936 kstat_named_t esp_stat_in_discards;
937 kstat_named_t esp_stat_lookup_failure;
938 kstat_named_t ah_stat_in_requests;
939 kstat_named_t ah_stat_in_discards;
940 kstat_named_t ah_stat_lookup_failure;
|