4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _INET_SADB_H
27 #define _INET_SADB_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 #include <inet/ipsec_info.h>
34 #include <sys/crypto/common.h>
35 #include <sys/crypto/api.h>
36 #include <sys/note.h>
37
38 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */
39
40 #define MAXSALTSIZE 8
41
42 /*
43 * For combined mode ciphers, store the crypto_mechanism_t in the
898 extern void alg_flag_check(ipsec_alginfo_t *);
899 extern void ipsec_alg_free(ipsec_alginfo_t *);
900 extern void ipsec_register_prov_update(void);
901 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, netstack_t *);
902
903 extern int sadb_sens_len_from_label(ts_label_t *);
904 extern void sadb_sens_from_label(sadb_sens_t *, int, ts_label_t *, int);
905
906 /*
907 * Context templates management.
908 */
909
910 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
911 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \
912 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \
913 mutex_enter(&assoc->ipsa_lock); \
914 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \
915 ipsec_stack_t *ipss; \
916 \
917 ipss = assoc->ipsa_netstack->netstack_ipsec; \
918 mutex_enter(&ipss->ipsec_alg_lock); \
919 (void) ipsec_create_ctx_tmpl(_sa, _type); \
920 mutex_exit(&ipss->ipsec_alg_lock); \
921 } \
922 mutex_exit(&assoc->ipsa_lock); \
923 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \
924 _tmpl = NULL; \
925 } \
926 }
927
928 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
929 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
930
931 /* key checking */
932 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
933
934 typedef struct ipsec_kstats_s {
935 kstat_named_t esp_stat_in_requests;
936 kstat_named_t esp_stat_in_discards;
937 kstat_named_t esp_stat_lookup_failure;
938 kstat_named_t ah_stat_in_requests;
939 kstat_named_t ah_stat_in_discards;
940 kstat_named_t ah_stat_lookup_failure;
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 */
26
27 #ifndef _INET_SADB_H
28 #define _INET_SADB_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 #include <inet/ipsec_info.h>
35 #include <sys/crypto/common.h>
36 #include <sys/crypto/api.h>
37 #include <sys/note.h>
38
39 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */
40
41 #define MAXSALTSIZE 8
42
43 /*
44 * For combined mode ciphers, store the crypto_mechanism_t in the
899 extern void alg_flag_check(ipsec_alginfo_t *);
900 extern void ipsec_alg_free(ipsec_alginfo_t *);
901 extern void ipsec_register_prov_update(void);
902 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, netstack_t *);
903
904 extern int sadb_sens_len_from_label(ts_label_t *);
905 extern void sadb_sens_from_label(sadb_sens_t *, int, ts_label_t *, int);
906
907 /*
908 * Context templates management.
909 */
910
911 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
912 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \
913 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \
914 mutex_enter(&assoc->ipsa_lock); \
915 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \
916 ipsec_stack_t *ipss; \
917 \
918 ipss = assoc->ipsa_netstack->netstack_ipsec; \
919 rw_enter(&ipss->ipsec_alg_lock, RW_READER); \
920 (void) ipsec_create_ctx_tmpl(_sa, _type); \
921 rw_exit(&ipss->ipsec_alg_lock); \
922 } \
923 mutex_exit(&assoc->ipsa_lock); \
924 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \
925 _tmpl = NULL; \
926 } \
927 }
928
929 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
930 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
931
932 /* key checking */
933 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
934
935 typedef struct ipsec_kstats_s {
936 kstat_named_t esp_stat_in_requests;
937 kstat_named_t esp_stat_in_discards;
938 kstat_named_t esp_stat_lookup_failure;
939 kstat_named_t ah_stat_in_requests;
940 kstat_named_t ah_stat_in_discards;
941 kstat_named_t ah_stat_lookup_failure;
|