net/sctp/auth.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /* SCTP kernel implementation
0003  * (C) Copyright 2007 Hewlett-Packard Development Company, L.P.
0004  *
0005  * This file is part of the SCTP kernel implementation
0006  *
0007  * Please send any bug reports or fixes you make to the
0008  * email address(es):
0009  *    lksctp developers <linux-sctp@vger.kernel.org>
0010  *
0011  * Written or modified by:
0012  *   Vlad Yasevich     <vladislav.yasevich@hp.com>
0013  */
0014
0015 #ifndef __sctp_auth_h__
0016 #define __sctp_auth_h__
0017
0018 #include <linux/list.h>
0019 #include <linux/refcount.h>
0020
0021 struct sctp_endpoint;
0022 struct sctp_association;
0023 struct sctp_authkey;
0024 struct sctp_hmacalgo;
0025 struct crypto_shash;
0026
0027 /*
0028  * Define a generic struct that will hold all the info
0029  * necessary for an HMAC transform
0030  */
0031 struct sctp_hmac {
0032     __u16 hmac_id;      /* one of the above ids */
0033     char *hmac_name;    /* name for loading */
0034     __u16 hmac_len;     /* length of the signature */
0035 };
0036
0037 /* This is generic structure that containst authentication bytes used
0038  * as keying material.  It's a what is referred to as byte-vector all
0039  * over SCTP-AUTH
0040  */
0041 struct sctp_auth_bytes {
0042     refcount_t refcnt;
0043     __u32 len;
0044     __u8  data[];
0045 };
0046
0047 /* Definition for a shared key, weather endpoint or association */
0048 struct sctp_shared_key {
0049     struct list_head key_list;
0050     struct sctp_auth_bytes *key;
0051     refcount_t refcnt;
0052     __u16 key_id;
0053     __u8 deactivated;
0054 };
0055
0056 #define key_for_each(__key, __list_head) \
0057     list_for_each_entry(__key, __list_head, key_list)
0058
0059 #define key_for_each_safe(__key, __tmp, __list_head) \
0060     list_for_each_entry_safe(__key, __tmp, __list_head, key_list)
0061
0062 static inline void sctp_auth_key_hold(struct sctp_auth_bytes *key)
0063 {
0064     if (!key)
0065         return;
0066
0067     refcount_inc(&key->refcnt);
0068 }
0069
0070 void sctp_auth_key_put(struct sctp_auth_bytes *key);
0071 struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp);
0072 void sctp_auth_destroy_keys(struct list_head *keys);
0073 int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp);
0074 struct sctp_shared_key *sctp_auth_get_shkey(
0075                 const struct sctp_association *asoc,
0076                 __u16 key_id);
0077 int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
0078                 struct sctp_association *asoc,
0079                 gfp_t gfp);
0080 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
0081 void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
0082 struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
0083 struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
0084 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
0085                      struct sctp_hmac_algo_param *hmacs);
0086 int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
0087                     __be16 hmac_id);
0088 int sctp_auth_send_cid(enum sctp_cid chunk,
0089                const struct sctp_association *asoc);
0090 int sctp_auth_recv_cid(enum sctp_cid chunk,
0091                const struct sctp_association *asoc);
0092 void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
0093                   struct sk_buff *skb, struct sctp_auth_chunk *auth,
0094                   struct sctp_shared_key *ep_key, gfp_t gfp);
0095 void sctp_auth_shkey_release(struct sctp_shared_key *sh_key);
0096 void sctp_auth_shkey_hold(struct sctp_shared_key *sh_key);
0097
0098 /* API Helpers */
0099 int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id);
0100 int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
0101                 struct sctp_hmacalgo *hmacs);
0102 int sctp_auth_set_key(struct sctp_endpoint *ep, struct sctp_association *asoc,
0103               struct sctp_authkey *auth_key);
0104 int sctp_auth_set_active_key(struct sctp_endpoint *ep,
0105                  struct sctp_association *asoc, __u16 key_id);
0106 int sctp_auth_del_key_id(struct sctp_endpoint *ep,
0107              struct sctp_association *asoc, __u16 key_id);
0108 int sctp_auth_deact_key_id(struct sctp_endpoint *ep,
0109                struct sctp_association *asoc, __u16 key_id);
0110 int sctp_auth_init(struct sctp_endpoint *ep, gfp_t gfp);
0111 void sctp_auth_free(struct sctp_endpoint *ep);
0112
0113 #endif