net/tcp: Add TCP-AO config and structures

Introduce new kernel config option and common structures as well as helpers to be used by TCP-AO code. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Dmitry Safonov <dima@arista.com> 2023-10-23 20:21:54 +0100
committer: David S. Miller <davem@davemloft.net> 2023-10-27 10:35:44 +0100
commit: c845f5f3590ef4669fe5464f8a42be6442cd174b (patch)
tree: 214c44c94438c63ad11bb6b1c4c7442b83416dc0 /net/ipv4
parent: 8c73b26315aadb82218360d0a9a05e515f6e4118 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 89e2ab023272..8e94ed7c56a0 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -744,6 +744,19 @@ config DEFAULT_TCP_CONG
 config TCP_SIGPOOL
 	tristate
 
+config TCP_AO
+	bool "TCP: Authentication Option (RFC5925)"
+	select CRYPTO
+	select TCP_SIGPOOL
+	depends on 64BIT && IPV6 != m # seq-number extension needs WRITE_ONCE(u64)
+	help
+	  TCP-AO specifies the use of stronger Message Authentication Codes (MACs),
+	  protects against replays for long-lived TCP connections, and
+	  provides more details on the association of security with TCP
+	  connections than TCP MD5 (See RFC5925)
+
+	  If unsure, say N.
+
 config TCP_MD5SIG
 	bool "TCP: MD5 Signature Option support (RFC2385)"
 	select CRYPTO
author	Dmitry Safonov <dima@arista.com>	2023-10-23 20:21:54 +0100
committer	David S. Miller <davem@davemloft.net>	2023-10-27 10:35:44 +0100
commit	c845f5f3590ef4669fe5464f8a42be6442cd174b (patch)
tree	214c44c94438c63ad11bb6b1c4c7442b83416dc0 /net/ipv4
parent	8c73b26315aadb82218360d0a9a05e515f6e4118 (diff)