1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/pfkeyv2.h>
15#include <linux/crypto.h>
16#include <linux/scatterlist.h>
17#include <net/xfrm.h>
18#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19#include <net/ah.h>
20#endif
21#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22#include <net/esp.h>
23#endif
24
25
26
27
28
29
30
31static struct xfrm_algo_desc aead_list[] = {
32{
33 .name = "rfc4106(gcm(aes))",
34
35 .uinfo = {
36 .aead = {
37 .icv_truncbits = 64,
38 }
39 },
40
41 .desc = {
42 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 .sadb_alg_ivlen = 8,
44 .sadb_alg_minbits = 128,
45 .sadb_alg_maxbits = 256
46 }
47},
48{
49 .name = "rfc4106(gcm(aes))",
50
51 .uinfo = {
52 .aead = {
53 .icv_truncbits = 96,
54 }
55 },
56
57 .desc = {
58 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59 .sadb_alg_ivlen = 8,
60 .sadb_alg_minbits = 128,
61 .sadb_alg_maxbits = 256
62 }
63},
64{
65 .name = "rfc4106(gcm(aes))",
66
67 .uinfo = {
68 .aead = {
69 .icv_truncbits = 128,
70 }
71 },
72
73 .desc = {
74 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75 .sadb_alg_ivlen = 8,
76 .sadb_alg_minbits = 128,
77 .sadb_alg_maxbits = 256
78 }
79},
80{
81 .name = "rfc4309(ccm(aes))",
82
83 .uinfo = {
84 .aead = {
85 .icv_truncbits = 64,
86 }
87 },
88
89 .desc = {
90 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91 .sadb_alg_ivlen = 8,
92 .sadb_alg_minbits = 128,
93 .sadb_alg_maxbits = 256
94 }
95},
96{
97 .name = "rfc4309(ccm(aes))",
98
99 .uinfo = {
100 .aead = {
101 .icv_truncbits = 96,
102 }
103 },
104
105 .desc = {
106 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107 .sadb_alg_ivlen = 8,
108 .sadb_alg_minbits = 128,
109 .sadb_alg_maxbits = 256
110 }
111},
112{
113 .name = "rfc4309(ccm(aes))",
114
115 .uinfo = {
116 .aead = {
117 .icv_truncbits = 128,
118 }
119 },
120
121 .desc = {
122 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123 .sadb_alg_ivlen = 8,
124 .sadb_alg_minbits = 128,
125 .sadb_alg_maxbits = 256
126 }
127},
128};
129
130static struct xfrm_algo_desc aalg_list[] = {
131{
132 .name = "digest_null",
133
134 .uinfo = {
135 .auth = {
136 .icv_truncbits = 0,
137 .icv_fullbits = 0,
138 }
139 },
140
141 .desc = {
142 .sadb_alg_id = SADB_X_AALG_NULL,
143 .sadb_alg_ivlen = 0,
144 .sadb_alg_minbits = 0,
145 .sadb_alg_maxbits = 0
146 }
147},
148{
149 .name = "hmac(md5)",
150 .compat = "md5",
151
152 .uinfo = {
153 .auth = {
154 .icv_truncbits = 96,
155 .icv_fullbits = 128,
156 }
157 },
158
159 .desc = {
160 .sadb_alg_id = SADB_AALG_MD5HMAC,
161 .sadb_alg_ivlen = 0,
162 .sadb_alg_minbits = 128,
163 .sadb_alg_maxbits = 128
164 }
165},
166{
167 .name = "hmac(sha1)",
168 .compat = "sha1",
169
170 .uinfo = {
171 .auth = {
172 .icv_truncbits = 96,
173 .icv_fullbits = 160,
174 }
175 },
176
177 .desc = {
178 .sadb_alg_id = SADB_AALG_SHA1HMAC,
179 .sadb_alg_ivlen = 0,
180 .sadb_alg_minbits = 160,
181 .sadb_alg_maxbits = 160
182 }
183},
184{
185 .name = "hmac(sha256)",
186 .compat = "sha256",
187
188 .uinfo = {
189 .auth = {
190 .icv_truncbits = 96,
191 .icv_fullbits = 256,
192 }
193 },
194
195 .desc = {
196 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
197 .sadb_alg_ivlen = 0,
198 .sadb_alg_minbits = 256,
199 .sadb_alg_maxbits = 256
200 }
201},
202{
203 .name = "hmac(rmd160)",
204 .compat = "rmd160",
205
206 .uinfo = {
207 .auth = {
208 .icv_truncbits = 96,
209 .icv_fullbits = 160,
210 }
211 },
212
213 .desc = {
214 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
215 .sadb_alg_ivlen = 0,
216 .sadb_alg_minbits = 160,
217 .sadb_alg_maxbits = 160
218 }
219},
220{
221 .name = "xcbc(aes)",
222
223 .uinfo = {
224 .auth = {
225 .icv_truncbits = 96,
226 .icv_fullbits = 128,
227 }
228 },
229
230 .desc = {
231 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
232 .sadb_alg_ivlen = 0,
233 .sadb_alg_minbits = 128,
234 .sadb_alg_maxbits = 128
235 }
236},
237};
238
239static struct xfrm_algo_desc ealg_list[] = {
240{
241 .name = "ecb(cipher_null)",
242 .compat = "cipher_null",
243
244 .uinfo = {
245 .encr = {
246 .blockbits = 8,
247 .defkeybits = 0,
248 }
249 },
250
251 .desc = {
252 .sadb_alg_id = SADB_EALG_NULL,
253 .sadb_alg_ivlen = 0,
254 .sadb_alg_minbits = 0,
255 .sadb_alg_maxbits = 0
256 }
257},
258{
259 .name = "cbc(des)",
260 .compat = "des",
261
262 .uinfo = {
263 .encr = {
264 .blockbits = 64,
265 .defkeybits = 64,
266 }
267 },
268
269 .desc = {
270 .sadb_alg_id = SADB_EALG_DESCBC,
271 .sadb_alg_ivlen = 8,
272 .sadb_alg_minbits = 64,
273 .sadb_alg_maxbits = 64
274 }
275},
276{
277 .name = "cbc(des3_ede)",
278 .compat = "des3_ede",
279
280 .uinfo = {
281 .encr = {
282 .blockbits = 64,
283 .defkeybits = 192,
284 }
285 },
286
287 .desc = {
288 .sadb_alg_id = SADB_EALG_3DESCBC,
289 .sadb_alg_ivlen = 8,
290 .sadb_alg_minbits = 192,
291 .sadb_alg_maxbits = 192
292 }
293},
294{
295 .name = "cbc(cast5)",
296 .compat = "cast5",
297
298 .uinfo = {
299 .encr = {
300 .blockbits = 64,
301 .defkeybits = 128,
302 }
303 },
304
305 .desc = {
306 .sadb_alg_id = SADB_X_EALG_CASTCBC,
307 .sadb_alg_ivlen = 8,
308 .sadb_alg_minbits = 40,
309 .sadb_alg_maxbits = 128
310 }
311},
312{
313 .name = "cbc(blowfish)",
314 .compat = "blowfish",
315
316 .uinfo = {
317 .encr = {
318 .blockbits = 64,
319 .defkeybits = 128,
320 }
321 },
322
323 .desc = {
324 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
325 .sadb_alg_ivlen = 8,
326 .sadb_alg_minbits = 40,
327 .sadb_alg_maxbits = 448
328 }
329},
330{
331 .name = "cbc(aes)",
332 .compat = "aes",
333
334 .uinfo = {
335 .encr = {
336 .blockbits = 128,
337 .defkeybits = 128,
338 }
339 },
340
341 .desc = {
342 .sadb_alg_id = SADB_X_EALG_AESCBC,
343 .sadb_alg_ivlen = 8,
344 .sadb_alg_minbits = 128,
345 .sadb_alg_maxbits = 256
346 }
347},
348{
349 .name = "cbc(serpent)",
350 .compat = "serpent",
351
352 .uinfo = {
353 .encr = {
354 .blockbits = 128,
355 .defkeybits = 128,
356 }
357 },
358
359 .desc = {
360 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
361 .sadb_alg_ivlen = 8,
362 .sadb_alg_minbits = 128,
363 .sadb_alg_maxbits = 256,
364 }
365},
366{
367 .name = "cbc(camellia)",
368
369 .uinfo = {
370 .encr = {
371 .blockbits = 128,
372 .defkeybits = 128,
373 }
374 },
375
376 .desc = {
377 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
378 .sadb_alg_ivlen = 8,
379 .sadb_alg_minbits = 128,
380 .sadb_alg_maxbits = 256
381 }
382},
383{
384 .name = "cbc(twofish)",
385 .compat = "twofish",
386
387 .uinfo = {
388 .encr = {
389 .blockbits = 128,
390 .defkeybits = 128,
391 }
392 },
393
394 .desc = {
395 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
396 .sadb_alg_ivlen = 8,
397 .sadb_alg_minbits = 128,
398 .sadb_alg_maxbits = 256
399 }
400},
401{
402 .name = "rfc3686(ctr(aes))",
403
404 .uinfo = {
405 .encr = {
406 .blockbits = 128,
407 .defkeybits = 160,
408 }
409 },
410
411 .desc = {
412 .sadb_alg_id = SADB_X_EALG_AESCTR,
413 .sadb_alg_ivlen = 8,
414 .sadb_alg_minbits = 128,
415 .sadb_alg_maxbits = 256
416 }
417},
418};
419
420static struct xfrm_algo_desc calg_list[] = {
421{
422 .name = "deflate",
423 .uinfo = {
424 .comp = {
425 .threshold = 90,
426 }
427 },
428 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
429},
430{
431 .name = "lzs",
432 .uinfo = {
433 .comp = {
434 .threshold = 90,
435 }
436 },
437 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
438},
439{
440 .name = "lzjh",
441 .uinfo = {
442 .comp = {
443 .threshold = 50,
444 }
445 },
446 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
447},
448};
449
450static inline int aead_entries(void)
451{
452 return ARRAY_SIZE(aead_list);
453}
454
455static inline int aalg_entries(void)
456{
457 return ARRAY_SIZE(aalg_list);
458}
459
460static inline int ealg_entries(void)
461{
462 return ARRAY_SIZE(ealg_list);
463}
464
465static inline int calg_entries(void)
466{
467 return ARRAY_SIZE(calg_list);
468}
469
470struct xfrm_algo_list {
471 struct xfrm_algo_desc *algs;
472 int entries;
473 u32 type;
474 u32 mask;
475};
476
477static const struct xfrm_algo_list xfrm_aead_list = {
478 .algs = aead_list,
479 .entries = ARRAY_SIZE(aead_list),
480 .type = CRYPTO_ALG_TYPE_AEAD,
481 .mask = CRYPTO_ALG_TYPE_MASK,
482};
483
484static const struct xfrm_algo_list xfrm_aalg_list = {
485 .algs = aalg_list,
486 .entries = ARRAY_SIZE(aalg_list),
487 .type = CRYPTO_ALG_TYPE_HASH,
488 .mask = CRYPTO_ALG_TYPE_HASH_MASK,
489};
490
491static const struct xfrm_algo_list xfrm_ealg_list = {
492 .algs = ealg_list,
493 .entries = ARRAY_SIZE(ealg_list),
494 .type = CRYPTO_ALG_TYPE_BLKCIPHER,
495 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
496};
497
498static const struct xfrm_algo_list xfrm_calg_list = {
499 .algs = calg_list,
500 .entries = ARRAY_SIZE(calg_list),
501 .type = CRYPTO_ALG_TYPE_COMPRESS,
502 .mask = CRYPTO_ALG_TYPE_MASK,
503};
504
505static struct xfrm_algo_desc *xfrm_find_algo(
506 const struct xfrm_algo_list *algo_list,
507 int match(const struct xfrm_algo_desc *entry, const void *data),
508 const void *data, int probe)
509{
510 struct xfrm_algo_desc *list = algo_list->algs;
511 int i, status;
512
513 for (i = 0; i < algo_list->entries; i++) {
514 if (!match(list + i, data))
515 continue;
516
517 if (list[i].available)
518 return &list[i];
519
520 if (!probe)
521 break;
522
523 status = crypto_has_alg(list[i].name, algo_list->type,
524 algo_list->mask);
525 if (!status)
526 break;
527
528 list[i].available = status;
529 return &list[i];
530 }
531 return NULL;
532}
533
534static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
535 const void *data)
536{
537 return entry->desc.sadb_alg_id == (unsigned long)data;
538}
539
540struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
541{
542 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
543 (void *)(unsigned long)alg_id, 1);
544}
545EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
546
547struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
548{
549 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
550 (void *)(unsigned long)alg_id, 1);
551}
552EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
553
554struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
555{
556 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
557 (void *)(unsigned long)alg_id, 1);
558}
559EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
560
561static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
562 const void *data)
563{
564 const char *name = data;
565
566 return name && (!strcmp(name, entry->name) ||
567 (entry->compat && !strcmp(name, entry->compat)));
568}
569
570struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
571{
572 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
573 probe);
574}
575EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
576
577struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
578{
579 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
580 probe);
581}
582EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
583
584struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
585{
586 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
587 probe);
588}
589EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
590
591struct xfrm_aead_name {
592 const char *name;
593 int icvbits;
594};
595
596static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
597 const void *data)
598{
599 const struct xfrm_aead_name *aead = data;
600 const char *name = aead->name;
601
602 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
603 !strcmp(name, entry->name);
604}
605
606struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe)
607{
608 struct xfrm_aead_name data = {
609 .name = name,
610 .icvbits = icv_len,
611 };
612
613 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
614 probe);
615}
616EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
617
618struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
619{
620 if (idx >= aalg_entries())
621 return NULL;
622
623 return &aalg_list[idx];
624}
625EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
626
627struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
628{
629 if (idx >= ealg_entries())
630 return NULL;
631
632 return &ealg_list[idx];
633}
634EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
635
636
637
638
639
640
641void xfrm_probe_algs(void)
642{
643 int i, status;
644
645 BUG_ON(in_softirq());
646
647 for (i = 0; i < aalg_entries(); i++) {
648 status = crypto_has_hash(aalg_list[i].name, 0,
649 CRYPTO_ALG_ASYNC);
650 if (aalg_list[i].available != status)
651 aalg_list[i].available = status;
652 }
653
654 for (i = 0; i < ealg_entries(); i++) {
655 status = crypto_has_blkcipher(ealg_list[i].name, 0,
656 CRYPTO_ALG_ASYNC);
657 if (ealg_list[i].available != status)
658 ealg_list[i].available = status;
659 }
660
661 for (i = 0; i < calg_entries(); i++) {
662 status = crypto_has_comp(calg_list[i].name, 0,
663 CRYPTO_ALG_ASYNC);
664 if (calg_list[i].available != status)
665 calg_list[i].available = status;
666 }
667}
668EXPORT_SYMBOL_GPL(xfrm_probe_algs);
669
670int xfrm_count_auth_supported(void)
671{
672 int i, n;
673
674 for (i = 0, n = 0; i < aalg_entries(); i++)
675 if (aalg_list[i].available)
676 n++;
677 return n;
678}
679EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
680
681int xfrm_count_enc_supported(void)
682{
683 int i, n;
684
685 for (i = 0, n = 0; i < ealg_entries(); i++)
686 if (ealg_list[i].available)
687 n++;
688 return n;
689}
690EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
691
692
693
694int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
695 int offset, int len, icv_update_fn_t icv_update)
696{
697 int start = skb_headlen(skb);
698 int i, copy = start - offset;
699 struct sk_buff *frag_iter;
700 struct scatterlist sg;
701 int err;
702
703
704 if (copy > 0) {
705 if (copy > len)
706 copy = len;
707
708 sg_init_one(&sg, skb->data + offset, copy);
709
710 err = icv_update(desc, &sg, copy);
711 if (unlikely(err))
712 return err;
713
714 if ((len -= copy) == 0)
715 return 0;
716 offset += copy;
717 }
718
719 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
720 int end;
721
722 WARN_ON(start > offset + len);
723
724 end = start + skb_shinfo(skb)->frags[i].size;
725 if ((copy = end - offset) > 0) {
726 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
727
728 if (copy > len)
729 copy = len;
730
731 sg_init_table(&sg, 1);
732 sg_set_page(&sg, frag->page, copy,
733 frag->page_offset + offset-start);
734
735 err = icv_update(desc, &sg, copy);
736 if (unlikely(err))
737 return err;
738
739 if (!(len -= copy))
740 return 0;
741 offset += copy;
742 }
743 start = end;
744 }
745
746 skb_walk_frags(skb, frag_iter) {
747 int end;
748
749 WARN_ON(start > offset + len);
750
751 end = start + frag_iter->len;
752 if ((copy = end - offset) > 0) {
753 if (copy > len)
754 copy = len;
755 err = skb_icv_walk(frag_iter, desc, offset-start,
756 copy, icv_update);
757 if (unlikely(err))
758 return err;
759 if ((len -= copy) == 0)
760 return 0;
761 offset += copy;
762 }
763 start = end;
764 }
765 BUG_ON(len);
766 return 0;
767}
768EXPORT_SYMBOL_GPL(skb_icv_walk);
769
770#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
771
772void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
773{
774 if (tail != skb) {
775 skb->data_len += len;
776 skb->len += len;
777 }
778 return skb_put(tail, len);
779}
780EXPORT_SYMBOL_GPL(pskb_put);
781#endif
782