2017-11-01 14:09:13 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
|
2010-10-19 13:12:39 +00:00
|
|
|
/*
|
|
|
|
* if_alg: User-space algorithm interface
|
|
|
|
*
|
|
|
|
* Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
|
|
* any later version.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _LINUX_IF_ALG_H
|
|
|
|
#define _LINUX_IF_ALG_H
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
|
|
|
struct sockaddr_alg {
|
|
|
|
__u16 salg_family;
|
|
|
|
__u8 salg_type[14];
|
|
|
|
__u32 salg_feat;
|
|
|
|
__u32 salg_mask;
|
|
|
|
__u8 salg_name[64];
|
|
|
|
};
|
|
|
|
|
2020-10-26 20:07:15 +00:00
|
|
|
/*
|
|
|
|
* Linux v4.12 and later removed the 64-byte limit on salg_name[]; it's now an
|
|
|
|
* arbitrary-length field. We had to keep the original struct above for source
|
|
|
|
* compatibility with existing userspace programs, though. Use the new struct
|
|
|
|
* below if support for very long algorithm names is needed. To do this,
|
|
|
|
* allocate 'sizeof(struct sockaddr_alg_new) + strlen(algname) + 1' bytes, and
|
|
|
|
* copy algname (including the null terminator) into salg_name.
|
|
|
|
*/
|
|
|
|
struct sockaddr_alg_new {
|
|
|
|
__u16 salg_family;
|
|
|
|
__u8 salg_type[14];
|
|
|
|
__u32 salg_feat;
|
|
|
|
__u32 salg_mask;
|
|
|
|
__u8 salg_name[];
|
|
|
|
};
|
|
|
|
|
2010-10-19 13:12:39 +00:00
|
|
|
struct af_alg_iv {
|
|
|
|
__u32 ivlen;
|
2022-04-07 00:36:51 +00:00
|
|
|
__u8 iv[];
|
2010-10-19 13:12:39 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* Socket options */
|
|
|
|
#define ALG_SET_KEY 1
|
|
|
|
#define ALG_SET_IV 2
|
|
|
|
#define ALG_SET_OP 3
|
2014-12-03 19:55:42 +00:00
|
|
|
#define ALG_SET_AEAD_ASSOCLEN 4
|
|
|
|
#define ALG_SET_AEAD_AUTHSIZE 5
|
2020-09-18 15:42:16 +00:00
|
|
|
#define ALG_SET_DRBG_ENTROPY 6
|
crypto: af_alg - Support symmetric encryption via keyring keys
We want to leverage keyring to store sensitive keys, and then use those
keys for symmetric encryption via the crypto API. Among the key types we
wish to support are: user, logon, encrypted, and trusted.
User key types are already able to have their data copied to user space,
but logon does not support this. Further, trusted and encrypted keys will
return their encrypted data back to user space on read, which does not
make them ideal for symmetric encryption.
To support symmetric encryption for these key types, add a new
ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This
allows users to pass a key_serial_t to the crypto API to perform
symmetric encryption. The behavior is the same as ALG_SET_KEY, but
the crypto key data is copied in kernel space from a keyring key,
which allows for the support of logon, encrypted, and trusted key types.
Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set
to leverage this feature. This follows the asymmetric_key type where key
lookup calls eventually lead to keyring_search_rcu() without the
KEYRING_SEARCH_NO_CHECK_PERM flag set.
Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-10-17 19:25:00 +00:00
|
|
|
#define ALG_SET_KEY_BY_KEY_SERIAL 7
|
2010-10-19 13:12:39 +00:00
|
|
|
|
|
|
|
/* Operations */
|
|
|
|
#define ALG_OP_DECRYPT 0
|
|
|
|
#define ALG_OP_ENCRYPT 1
|
|
|
|
|
|
|
|
#endif /* _LINUX_IF_ALG_H */
|