linux/net/ipv4/esp4.c
<<
>>
Prefs
   1#define pr_fmt(fmt) "IPsec: " fmt
   2
   3#include <crypto/aead.h>
   4#include <crypto/authenc.h>
   5#include <linux/err.h>
   6#include <linux/module.h>
   7#include <net/ip.h>
   8#include <net/xfrm.h>
   9#include <net/esp.h>
  10#include <linux/scatterlist.h>
  11#include <linux/kernel.h>
  12#include <linux/pfkeyv2.h>
  13#include <linux/rtnetlink.h>
  14#include <linux/slab.h>
  15#include <linux/spinlock.h>
  16#include <linux/in6.h>
  17#include <net/icmp.h>
  18#include <net/protocol.h>
  19#include <net/udp.h>
  20
  21#include <linux/highmem.h>
  22
  23struct esp_skb_cb {
  24        struct xfrm_skb_cb xfrm;
  25        void *tmp;
  26};
  27
  28struct esp_output_extra {
  29        __be32 seqhi;
  30        u32 esphoff;
  31};
  32
  33#define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
  34
  35static u32 esp4_get_mtu(struct xfrm_state *x, int mtu);
  36
  37/*
  38 * Allocate an AEAD request structure with extra space for SG and IV.
  39 *
  40 * For alignment considerations the IV is placed at the front, followed
  41 * by the request and finally the SG list.
  42 *
  43 * TODO: Use spare space in skb for this where possible.
  44 */
  45static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int extralen)
  46{
  47        unsigned int len;
  48
  49        len = extralen;
  50
  51        len += crypto_aead_ivsize(aead);
  52
  53        if (len) {
  54                len += crypto_aead_alignmask(aead) &
  55                       ~(crypto_tfm_ctx_alignment() - 1);
  56                len = ALIGN(len, crypto_tfm_ctx_alignment());
  57        }
  58
  59        len += sizeof(struct aead_request) + crypto_aead_reqsize(aead);
  60        len = ALIGN(len, __alignof__(struct scatterlist));
  61
  62        len += sizeof(struct scatterlist) * nfrags;
  63
  64        return kmalloc(len, GFP_ATOMIC);
  65}
  66
  67static inline void *esp_tmp_extra(void *tmp)
  68{
  69        return PTR_ALIGN(tmp, __alignof__(struct esp_output_extra));
  70}
  71
  72static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int extralen)
  73{
  74        return crypto_aead_ivsize(aead) ?
  75               PTR_ALIGN((u8 *)tmp + extralen,
  76                         crypto_aead_alignmask(aead) + 1) : tmp + extralen;
  77}
  78
  79static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
  80{
  81        struct aead_request *req;
  82
  83        req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
  84                                crypto_tfm_ctx_alignment());
  85        aead_request_set_tfm(req, aead);
  86        return req;
  87}
  88
  89static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
  90                                             struct aead_request *req)
  91{
  92        return (void *)ALIGN((unsigned long)(req + 1) +
  93                             crypto_aead_reqsize(aead),
  94                             __alignof__(struct scatterlist));
  95}
  96
  97static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
  98{
  99        struct esp_output_extra *extra = esp_tmp_extra(tmp);
 100        struct crypto_aead *aead = x->data;
 101        int extralen = 0;
 102        u8 *iv;
 103        struct aead_request *req;
 104        struct scatterlist *sg;
 105
 106        if (x->props.flags & XFRM_STATE_ESN)
 107                extralen += sizeof(*extra);
 108
 109        extra = esp_tmp_extra(tmp);
 110        iv = esp_tmp_iv(aead, tmp, extralen);
 111        req = esp_tmp_req(aead, iv);
 112
 113        /* Unref skb_frag_pages in the src scatterlist if necessary.
 114         * Skip the first sg which comes from skb->data.
 115         */
 116        if (req->src != req->dst)
 117                for (sg = sg_next(req->src); sg; sg = sg_next(sg))
 118                        put_page(sg_page(sg));
 119}
 120
 121static void esp_output_done(struct crypto_async_request *base, int err)
 122{
 123        struct sk_buff *skb = base->data;
 124        void *tmp;
 125        struct dst_entry *dst = skb_dst(skb);
 126        struct xfrm_state *x = dst->xfrm;
 127
 128        tmp = ESP_SKB_CB(skb)->tmp;
 129        esp_ssg_unref(x, tmp);
 130        kfree(tmp);
 131        xfrm_output_resume(skb, err);
 132}
 133
 134/* Move ESP header back into place. */
 135static void esp_restore_header(struct sk_buff *skb, unsigned int offset)
 136{
 137        struct ip_esp_hdr *esph = (void *)(skb->data + offset);
 138        void *tmp = ESP_SKB_CB(skb)->tmp;
 139        __be32 *seqhi = esp_tmp_extra(tmp);
 140
 141        esph->seq_no = esph->spi;
 142        esph->spi = *seqhi;
 143}
 144
 145static void esp_output_restore_header(struct sk_buff *skb)
 146{
 147        void *tmp = ESP_SKB_CB(skb)->tmp;
 148        struct esp_output_extra *extra = esp_tmp_extra(tmp);
 149
 150        esp_restore_header(skb, skb_transport_offset(skb) + extra->esphoff -
 151                                sizeof(__be32));
 152}
 153
 154static struct ip_esp_hdr *esp_output_set_extra(struct sk_buff *skb,
 155                                               struct xfrm_state *x,
 156                                               struct ip_esp_hdr *esph,
 157                                               struct esp_output_extra *extra)
 158{
 159        /* For ESN we move the header forward by 4 bytes to
 160         * accomodate the high bits.  We will move it back after
 161         * encryption.
 162         */
 163        if ((x->props.flags & XFRM_STATE_ESN)) {
 164                __u32 seqhi;
 165                struct xfrm_offload *xo = xfrm_offload(skb);
 166
 167                if (xo)
 168                        seqhi = xo->seq.hi;
 169                else
 170                        seqhi = XFRM_SKB_CB(skb)->seq.output.hi;
 171
 172                extra->esphoff = (unsigned char *)esph -
 173                                 skb_transport_header(skb);
 174                esph = (struct ip_esp_hdr *)((unsigned char *)esph - 4);
 175                extra->seqhi = esph->spi;
 176                esph->seq_no = htonl(seqhi);
 177        }
 178
 179        esph->spi = x->id.spi;
 180
 181        return esph;
 182}
 183
 184static void esp_output_done_esn(struct crypto_async_request *base, int err)
 185{
 186        struct sk_buff *skb = base->data;
 187
 188        esp_output_restore_header(skb);
 189        esp_output_done(base, err);
 190}
 191
 192static void esp_output_fill_trailer(u8 *tail, int tfclen, int plen, __u8 proto)
 193{
 194        /* Fill padding... */
 195        if (tfclen) {
 196                memset(tail, 0, tfclen);
 197                tail += tfclen;
 198        }
 199        do {
 200                int i;
 201                for (i = 0; i < plen - 2; i++)
 202                        tail[i] = i + 1;
 203        } while (0);
 204        tail[plen - 2] = plen - 2;
 205        tail[plen - 1] = proto;
 206}
 207
 208static void esp_output_udp_encap(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
 209{
 210        int encap_type;
 211        struct udphdr *uh;
 212        __be32 *udpdata32;
 213        __be16 sport, dport;
 214        struct xfrm_encap_tmpl *encap = x->encap;
 215        struct ip_esp_hdr *esph = esp->esph;
 216
 217        spin_lock_bh(&x->lock);
 218        sport = encap->encap_sport;
 219        dport = encap->encap_dport;
 220        encap_type = encap->encap_type;
 221        spin_unlock_bh(&x->lock);
 222
 223        uh = (struct udphdr *)esph;
 224        uh->source = sport;
 225        uh->dest = dport;
 226        uh->len = htons(skb->len + esp->tailen
 227                  - skb_transport_offset(skb));
 228        uh->check = 0;
 229
 230        switch (encap_type) {
 231        default:
 232        case UDP_ENCAP_ESPINUDP:
 233                esph = (struct ip_esp_hdr *)(uh + 1);
 234                break;
 235        case UDP_ENCAP_ESPINUDP_NON_IKE:
 236                udpdata32 = (__be32 *)(uh + 1);
 237                udpdata32[0] = udpdata32[1] = 0;
 238                esph = (struct ip_esp_hdr *)(udpdata32 + 2);
 239                break;
 240        }
 241
 242        *skb_mac_header(skb) = IPPROTO_UDP;
 243        esp->esph = esph;
 244}
 245
 246int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
 247{
 248        u8 *tail;
 249        u8 *vaddr;
 250        int nfrags;
 251        int esph_offset;
 252        struct page *page;
 253        struct sk_buff *trailer;
 254        int tailen = esp->tailen;
 255
 256        /* this is non-NULL only with UDP Encapsulation */
 257        if (x->encap)
 258                esp_output_udp_encap(x, skb, esp);
 259
 260        if (!skb_cloned(skb)) {
 261                if (tailen <= skb_tailroom(skb)) {
 262                        nfrags = 1;
 263                        trailer = skb;
 264                        tail = skb_tail_pointer(trailer);
 265
 266                        goto skip_cow;
 267                } else if ((skb_shinfo(skb)->nr_frags < MAX_SKB_FRAGS)
 268                           && !skb_has_frag_list(skb)) {
 269                        int allocsize;
 270                        struct sock *sk = skb->sk;
 271                        struct page_frag *pfrag = &x->xfrag;
 272
 273                        esp->inplace = false;
 274
 275                        allocsize = ALIGN(tailen, L1_CACHE_BYTES);
 276
 277                        spin_lock_bh(&x->lock);
 278
 279                        if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
 280                                spin_unlock_bh(&x->lock);
 281                                goto cow;
 282                        }
 283
 284                        page = pfrag->page;
 285                        get_page(page);
 286
 287                        vaddr = kmap_atomic(page);
 288
 289                        tail = vaddr + pfrag->offset;
 290
 291                        esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
 292
 293                        kunmap_atomic(vaddr);
 294
 295                        nfrags = skb_shinfo(skb)->nr_frags;
 296
 297                        __skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
 298                                             tailen);
 299                        skb_shinfo(skb)->nr_frags = ++nfrags;
 300
 301                        pfrag->offset = pfrag->offset + allocsize;
 302
 303                        spin_unlock_bh(&x->lock);
 304
 305                        nfrags++;
 306
 307                        skb->len += tailen;
 308                        skb->data_len += tailen;
 309                        skb->truesize += tailen;
 310                        if (sk)
 311                                refcount_add(tailen, &sk->sk_wmem_alloc);
 312
 313                        goto out;
 314                }
 315        }
 316
 317cow:
 318        esph_offset = (unsigned char *)esp->esph - skb_transport_header(skb);
 319
 320        nfrags = skb_cow_data(skb, tailen, &trailer);
 321        if (nfrags < 0)
 322                goto out;
 323        tail = skb_tail_pointer(trailer);
 324        esp->esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esph_offset);
 325
 326skip_cow:
 327        esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
 328        pskb_put(skb, trailer, tailen);
 329
 330out:
 331        return nfrags;
 332}
 333EXPORT_SYMBOL_GPL(esp_output_head);
 334
 335int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
 336{
 337        u8 *iv;
 338        int alen;
 339        void *tmp;
 340        int ivlen;
 341        int assoclen;
 342        int extralen;
 343        struct page *page;
 344        struct ip_esp_hdr *esph;
 345        struct crypto_aead *aead;
 346        struct aead_request *req;
 347        struct scatterlist *sg, *dsg;
 348        struct esp_output_extra *extra;
 349        int err = -ENOMEM;
 350
 351        assoclen = sizeof(struct ip_esp_hdr);
 352        extralen = 0;
 353
 354        if (x->props.flags & XFRM_STATE_ESN) {
 355                extralen += sizeof(*extra);
 356                assoclen += sizeof(__be32);
 357        }
 358
 359        aead = x->data;
 360        alen = crypto_aead_authsize(aead);
 361        ivlen = crypto_aead_ivsize(aead);
 362
 363        tmp = esp_alloc_tmp(aead, esp->nfrags + 2, extralen);
 364        if (!tmp)
 365                goto error;
 366
 367        extra = esp_tmp_extra(tmp);
 368        iv = esp_tmp_iv(aead, tmp, extralen);
 369        req = esp_tmp_req(aead, iv);
 370        sg = esp_req_sg(aead, req);
 371
 372        if (esp->inplace)
 373                dsg = sg;
 374        else
 375                dsg = &sg[esp->nfrags];
 376
 377        esph = esp_output_set_extra(skb, x, esp->esph, extra);
 378        esp->esph = esph;
 379
 380        sg_init_table(sg, esp->nfrags);
 381        err = skb_to_sgvec(skb, sg,
 382                           (unsigned char *)esph - skb->data,
 383                           assoclen + ivlen + esp->clen + alen);
 384        if (unlikely(err < 0))
 385                goto error_free;
 386
 387        if (!esp->inplace) {
 388                int allocsize;
 389                struct page_frag *pfrag = &x->xfrag;
 390
 391                allocsize = ALIGN(skb->data_len, L1_CACHE_BYTES);
 392
 393                spin_lock_bh(&x->lock);
 394                if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
 395                        spin_unlock_bh(&x->lock);
 396                        goto error_free;
 397                }
 398
 399                skb_shinfo(skb)->nr_frags = 1;
 400
 401                page = pfrag->page;
 402                get_page(page);
 403                /* replace page frags in skb with new page */
 404                __skb_fill_page_desc(skb, 0, page, pfrag->offset, skb->data_len);
 405                pfrag->offset = pfrag->offset + allocsize;
 406                spin_unlock_bh(&x->lock);
 407
 408                sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
 409                err = skb_to_sgvec(skb, dsg,
 410                                   (unsigned char *)esph - skb->data,
 411                                   assoclen + ivlen + esp->clen + alen);
 412                if (unlikely(err < 0))
 413                        goto error_free;
 414        }
 415
 416        if ((x->props.flags & XFRM_STATE_ESN))
 417                aead_request_set_callback(req, 0, esp_output_done_esn, skb);
 418        else
 419                aead_request_set_callback(req, 0, esp_output_done, skb);
 420
 421        aead_request_set_crypt(req, sg, dsg, ivlen + esp->clen, iv);
 422        aead_request_set_ad(req, assoclen);
 423
 424        memset(iv, 0, ivlen);
 425        memcpy(iv + ivlen - min(ivlen, 8), (u8 *)&esp->seqno + 8 - min(ivlen, 8),
 426               min(ivlen, 8));
 427
 428        ESP_SKB_CB(skb)->tmp = tmp;
 429        err = crypto_aead_encrypt(req);
 430
 431        switch (err) {
 432        case -EINPROGRESS:
 433                goto error;
 434
 435        case -EBUSY:
 436                err = NET_XMIT_DROP;
 437                break;
 438
 439        case 0:
 440                if ((x->props.flags & XFRM_STATE_ESN))
 441                        esp_output_restore_header(skb);
 442        }
 443
 444        if (sg != dsg)
 445                esp_ssg_unref(x, tmp);
 446
 447error_free:
 448        kfree(tmp);
 449error:
 450        return err;
 451}
 452EXPORT_SYMBOL_GPL(esp_output_tail);
 453
 454static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 455{
 456        int alen;
 457        int blksize;
 458        struct ip_esp_hdr *esph;
 459        struct crypto_aead *aead;
 460        struct esp_info esp;
 461
 462        esp.inplace = true;
 463
 464        esp.proto = *skb_mac_header(skb);
 465        *skb_mac_header(skb) = IPPROTO_ESP;
 466
 467        /* skb is pure payload to encrypt */
 468
 469        aead = x->data;
 470        alen = crypto_aead_authsize(aead);
 471
 472        esp.tfclen = 0;
 473        if (x->tfcpad) {
 474                struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
 475                u32 padto;
 476
 477                padto = min(x->tfcpad, esp4_get_mtu(x, dst->child_mtu_cached));
 478                if (skb->len < padto)
 479                        esp.tfclen = padto - skb->len;
 480        }
 481        blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 482        esp.clen = ALIGN(skb->len + 2 + esp.tfclen, blksize);
 483        esp.plen = esp.clen - skb->len - esp.tfclen;
 484        esp.tailen = esp.tfclen + esp.plen + alen;
 485
 486        esp.esph = ip_esp_hdr(skb);
 487
 488        esp.nfrags = esp_output_head(x, skb, &esp);
 489        if (esp.nfrags < 0)
 490                return esp.nfrags;
 491
 492        esph = esp.esph;
 493        esph->spi = x->id.spi;
 494
 495        esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
 496        esp.seqno = cpu_to_be64(XFRM_SKB_CB(skb)->seq.output.low +
 497                                 ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
 498
 499        skb_push(skb, -skb_network_offset(skb));
 500
 501        return esp_output_tail(x, skb, &esp);
 502}
 503
 504static inline int esp_remove_trailer(struct sk_buff *skb)
 505{
 506        struct xfrm_state *x = xfrm_input_state(skb);
 507        struct xfrm_offload *xo = xfrm_offload(skb);
 508        struct crypto_aead *aead = x->data;
 509        int alen, hlen, elen;
 510        int padlen, trimlen;
 511        __wsum csumdiff;
 512        u8 nexthdr[2];
 513        int ret;
 514
 515        alen = crypto_aead_authsize(aead);
 516        hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
 517        elen = skb->len - hlen;
 518
 519        if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
 520                ret = xo->proto;
 521                goto out;
 522        }
 523
 524        if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
 525                BUG();
 526
 527        ret = -EINVAL;
 528        padlen = nexthdr[0];
 529        if (padlen + 2 + alen >= elen) {
 530                net_dbg_ratelimited("ipsec esp packet is garbage padlen=%d, elen=%d\n",
 531                                    padlen + 2, elen - alen);
 532                goto out;
 533        }
 534
 535        trimlen = alen + padlen + 2;
 536        if (skb->ip_summed == CHECKSUM_COMPLETE) {
 537                csumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);
 538                skb->csum = csum_block_sub(skb->csum, csumdiff,
 539                                           skb->len - trimlen);
 540        }
 541        pskb_trim(skb, skb->len - trimlen);
 542
 543        ret = nexthdr[1];
 544
 545out:
 546        return ret;
 547}
 548
 549int esp_input_done2(struct sk_buff *skb, int err)
 550{
 551        const struct iphdr *iph;
 552        struct xfrm_state *x = xfrm_input_state(skb);
 553        struct xfrm_offload *xo = xfrm_offload(skb);
 554        struct crypto_aead *aead = x->data;
 555        int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
 556        int ihl;
 557
 558        if (!xo || (xo && !(xo->flags & CRYPTO_DONE)))
 559                kfree(ESP_SKB_CB(skb)->tmp);
 560
 561        if (unlikely(err))
 562                goto out;
 563
 564        err = esp_remove_trailer(skb);
 565        if (unlikely(err < 0))
 566                goto out;
 567
 568        iph = ip_hdr(skb);
 569        ihl = iph->ihl * 4;
 570
 571        if (x->encap) {
 572                struct xfrm_encap_tmpl *encap = x->encap;
 573                struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);
 574
 575                /*
 576                 * 1) if the NAT-T peer's IP or port changed then
 577                 *    advertize the change to the keying daemon.
 578                 *    This is an inbound SA, so just compare
 579                 *    SRC ports.
 580                 */
 581                if (iph->saddr != x->props.saddr.a4 ||
 582                    uh->source != encap->encap_sport) {
 583                        xfrm_address_t ipaddr;
 584
 585                        ipaddr.a4 = iph->saddr;
 586                        km_new_mapping(x, &ipaddr, uh->source);
 587
 588                        /* XXX: perhaps add an extra
 589                         * policy check here, to see
 590                         * if we should allow or
 591                         * reject a packet from a
 592                         * different source
 593                         * address/port.
 594                         */
 595                }
 596
 597                /*
 598                 * 2) ignore UDP/TCP checksums in case
 599                 *    of NAT-T in Transport Mode, or
 600                 *    perform other post-processing fixes
 601                 *    as per draft-ietf-ipsec-udp-encaps-06,
 602                 *    section 3.1.2
 603                 */
 604                if (x->props.mode == XFRM_MODE_TRANSPORT)
 605                        skb->ip_summed = CHECKSUM_UNNECESSARY;
 606        }
 607
 608        skb_pull_rcsum(skb, hlen);
 609        if (x->props.mode == XFRM_MODE_TUNNEL)
 610                skb_reset_transport_header(skb);
 611        else
 612                skb_set_transport_header(skb, -ihl);
 613
 614        /* RFC4303: Drop dummy packets without any error */
 615        if (err == IPPROTO_NONE)
 616                err = -EINVAL;
 617
 618out:
 619        return err;
 620}
 621EXPORT_SYMBOL_GPL(esp_input_done2);
 622
 623static void esp_input_done(struct crypto_async_request *base, int err)
 624{
 625        struct sk_buff *skb = base->data;
 626
 627        xfrm_input_resume(skb, esp_input_done2(skb, err));
 628}
 629
 630static void esp_input_restore_header(struct sk_buff *skb)
 631{
 632        esp_restore_header(skb, 0);
 633        __skb_pull(skb, 4);
 634}
 635
 636static void esp_input_set_header(struct sk_buff *skb, __be32 *seqhi)
 637{
 638        struct xfrm_state *x = xfrm_input_state(skb);
 639        struct ip_esp_hdr *esph = (struct ip_esp_hdr *)skb->data;
 640
 641        /* For ESN we move the header forward by 4 bytes to
 642         * accomodate the high bits.  We will move it back after
 643         * decryption.
 644         */
 645        if ((x->props.flags & XFRM_STATE_ESN)) {
 646                esph = skb_push(skb, 4);
 647                *seqhi = esph->spi;
 648                esph->spi = esph->seq_no;
 649                esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
 650        }
 651}
 652
 653static void esp_input_done_esn(struct crypto_async_request *base, int err)
 654{
 655        struct sk_buff *skb = base->data;
 656
 657        esp_input_restore_header(skb);
 658        esp_input_done(base, err);
 659}
 660
 661/*
 662 * Note: detecting truncated vs. non-truncated authentication data is very
 663 * expensive, so we only support truncated data, which is the recommended
 664 * and common case.
 665 */
 666static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
 667{
 668        struct ip_esp_hdr *esph;
 669        struct crypto_aead *aead = x->data;
 670        struct aead_request *req;
 671        struct sk_buff *trailer;
 672        int ivlen = crypto_aead_ivsize(aead);
 673        int elen = skb->len - sizeof(*esph) - ivlen;
 674        int nfrags;
 675        int assoclen;
 676        int seqhilen;
 677        __be32 *seqhi;
 678        void *tmp;
 679        u8 *iv;
 680        struct scatterlist *sg;
 681        int err = -EINVAL;
 682
 683        if (!pskb_may_pull(skb, sizeof(*esph) + ivlen))
 684                goto out;
 685
 686        if (elen <= 0)
 687                goto out;
 688
 689        assoclen = sizeof(*esph);
 690        seqhilen = 0;
 691
 692        if (x->props.flags & XFRM_STATE_ESN) {
 693                seqhilen += sizeof(__be32);
 694                assoclen += seqhilen;
 695        }
 696
 697        if (!skb_cloned(skb)) {
 698                if (!skb_is_nonlinear(skb)) {
 699                        nfrags = 1;
 700
 701                        goto skip_cow;
 702                } else if (!skb_has_frag_list(skb)) {
 703                        nfrags = skb_shinfo(skb)->nr_frags;
 704                        nfrags++;
 705
 706                        goto skip_cow;
 707                }
 708        }
 709
 710        err = skb_cow_data(skb, 0, &trailer);
 711        if (err < 0)
 712                goto out;
 713
 714        nfrags = err;
 715
 716skip_cow:
 717        err = -ENOMEM;
 718        tmp = esp_alloc_tmp(aead, nfrags, seqhilen);
 719        if (!tmp)
 720                goto out;
 721
 722        ESP_SKB_CB(skb)->tmp = tmp;
 723        seqhi = esp_tmp_extra(tmp);
 724        iv = esp_tmp_iv(aead, tmp, seqhilen);
 725        req = esp_tmp_req(aead, iv);
 726        sg = esp_req_sg(aead, req);
 727
 728        esp_input_set_header(skb, seqhi);
 729
 730        sg_init_table(sg, nfrags);
 731        err = skb_to_sgvec(skb, sg, 0, skb->len);
 732        if (unlikely(err < 0)) {
 733                kfree(tmp);
 734                goto out;
 735        }
 736
 737        skb->ip_summed = CHECKSUM_NONE;
 738
 739        if ((x->props.flags & XFRM_STATE_ESN))
 740                aead_request_set_callback(req, 0, esp_input_done_esn, skb);
 741        else
 742                aead_request_set_callback(req, 0, esp_input_done, skb);
 743
 744        aead_request_set_crypt(req, sg, sg, elen + ivlen, iv);
 745        aead_request_set_ad(req, assoclen);
 746
 747        err = crypto_aead_decrypt(req);
 748        if (err == -EINPROGRESS)
 749                goto out;
 750
 751        if ((x->props.flags & XFRM_STATE_ESN))
 752                esp_input_restore_header(skb);
 753
 754        err = esp_input_done2(skb, err);
 755
 756out:
 757        return err;
 758}
 759
 760static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
 761{
 762        struct crypto_aead *aead = x->data;
 763        u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 764        unsigned int net_adj;
 765
 766        switch (x->props.mode) {
 767        case XFRM_MODE_TRANSPORT:
 768        case XFRM_MODE_BEET:
 769                net_adj = sizeof(struct iphdr);
 770                break;
 771        case XFRM_MODE_TUNNEL:
 772                net_adj = 0;
 773                break;
 774        default:
 775                BUG();
 776        }
 777
 778        return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
 779                 net_adj) & ~(blksize - 1)) + net_adj - 2;
 780}
 781
 782static int esp4_err(struct sk_buff *skb, u32 info)
 783{
 784        struct net *net = dev_net(skb->dev);
 785        const struct iphdr *iph = (const struct iphdr *)skb->data;
 786        struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
 787        struct xfrm_state *x;
 788
 789        switch (icmp_hdr(skb)->type) {
 790        case ICMP_DEST_UNREACH:
 791                if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
 792                        return 0;
 793        case ICMP_REDIRECT:
 794                break;
 795        default:
 796                return 0;
 797        }
 798
 799        x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
 800                              esph->spi, IPPROTO_ESP, AF_INET);
 801        if (!x)
 802                return 0;
 803
 804        if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
 805                ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
 806        else
 807                ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0);
 808        xfrm_state_put(x);
 809
 810        return 0;
 811}
 812
 813static void esp_destroy(struct xfrm_state *x)
 814{
 815        struct crypto_aead *aead = x->data;
 816
 817        if (!aead)
 818                return;
 819
 820        crypto_free_aead(aead);
 821}
 822
 823static int esp_init_aead(struct xfrm_state *x)
 824{
 825        char aead_name[CRYPTO_MAX_ALG_NAME];
 826        struct crypto_aead *aead;
 827        int err;
 828        u32 mask = 0;
 829
 830        err = -ENAMETOOLONG;
 831        if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
 832                     x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)
 833                goto error;
 834
 835        if (x->xso.offload_handle)
 836                mask |= CRYPTO_ALG_ASYNC;
 837
 838        aead = crypto_alloc_aead(aead_name, 0, mask);
 839        err = PTR_ERR(aead);
 840        if (IS_ERR(aead))
 841                goto error;
 842
 843        x->data = aead;
 844
 845        err = crypto_aead_setkey(aead, x->aead->alg_key,
 846                                 (x->aead->alg_key_len + 7) / 8);
 847        if (err)
 848                goto error;
 849
 850        err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
 851        if (err)
 852                goto error;
 853
 854error:
 855        return err;
 856}
 857
 858static int esp_init_authenc(struct xfrm_state *x)
 859{
 860        struct crypto_aead *aead;
 861        struct crypto_authenc_key_param *param;
 862        struct rtattr *rta;
 863        char *key;
 864        char *p;
 865        char authenc_name[CRYPTO_MAX_ALG_NAME];
 866        unsigned int keylen;
 867        int err;
 868        u32 mask = 0;
 869
 870        err = -EINVAL;
 871        if (!x->ealg)
 872                goto error;
 873
 874        err = -ENAMETOOLONG;
 875
 876        if ((x->props.flags & XFRM_STATE_ESN)) {
 877                if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
 878                             "%s%sauthencesn(%s,%s)%s",
 879                             x->geniv ?: "", x->geniv ? "(" : "",
 880                             x->aalg ? x->aalg->alg_name : "digest_null",
 881                             x->ealg->alg_name,
 882                             x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
 883                        goto error;
 884        } else {
 885                if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
 886                             "%s%sauthenc(%s,%s)%s",
 887                             x->geniv ?: "", x->geniv ? "(" : "",
 888                             x->aalg ? x->aalg->alg_name : "digest_null",
 889                             x->ealg->alg_name,
 890                             x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
 891                        goto error;
 892        }
 893
 894        if (x->xso.offload_handle)
 895                mask |= CRYPTO_ALG_ASYNC;
 896
 897        aead = crypto_alloc_aead(authenc_name, 0, mask);
 898        err = PTR_ERR(aead);
 899        if (IS_ERR(aead))
 900                goto error;
 901
 902        x->data = aead;
 903
 904        keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
 905                 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
 906        err = -ENOMEM;
 907        key = kmalloc(keylen, GFP_KERNEL);
 908        if (!key)
 909                goto error;
 910
 911        p = key;
 912        rta = (void *)p;
 913        rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
 914        rta->rta_len = RTA_LENGTH(sizeof(*param));
 915        param = RTA_DATA(rta);
 916        p += RTA_SPACE(sizeof(*param));
 917
 918        if (x->aalg) {
 919                struct xfrm_algo_desc *aalg_desc;
 920
 921                memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
 922                p += (x->aalg->alg_key_len + 7) / 8;
 923
 924                aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 925                BUG_ON(!aalg_desc);
 926
 927                err = -EINVAL;
 928                if (aalg_desc->uinfo.auth.icv_fullbits / 8 !=
 929                    crypto_aead_authsize(aead)) {
 930                        pr_info("ESP: %s digestsize %u != %hu\n",
 931                                x->aalg->alg_name,
 932                                crypto_aead_authsize(aead),
 933                                aalg_desc->uinfo.auth.icv_fullbits / 8);
 934                        goto free_key;
 935                }
 936
 937                err = crypto_aead_setauthsize(
 938                        aead, x->aalg->alg_trunc_len / 8);
 939                if (err)
 940                        goto free_key;
 941        }
 942
 943        param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
 944        memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
 945
 946        err = crypto_aead_setkey(aead, key, keylen);
 947
 948free_key:
 949        kfree(key);
 950
 951error:
 952        return err;
 953}
 954
 955static int esp_init_state(struct xfrm_state *x)
 956{
 957        struct crypto_aead *aead;
 958        u32 align;
 959        int err;
 960
 961        x->data = NULL;
 962
 963        if (x->aead)
 964                err = esp_init_aead(x);
 965        else
 966                err = esp_init_authenc(x);
 967
 968        if (err)
 969                goto error;
 970
 971        aead = x->data;
 972
 973        x->props.header_len = sizeof(struct ip_esp_hdr) +
 974                              crypto_aead_ivsize(aead);
 975        if (x->props.mode == XFRM_MODE_TUNNEL)
 976                x->props.header_len += sizeof(struct iphdr);
 977        else if (x->props.mode == XFRM_MODE_BEET && x->sel.family != AF_INET6)
 978                x->props.header_len += IPV4_BEET_PHMAXLEN;
 979        if (x->encap) {
 980                struct xfrm_encap_tmpl *encap = x->encap;
 981
 982                switch (encap->encap_type) {
 983                default:
 984                        goto error;
 985                case UDP_ENCAP_ESPINUDP:
 986                        x->props.header_len += sizeof(struct udphdr);
 987                        break;
 988                case UDP_ENCAP_ESPINUDP_NON_IKE:
 989                        x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
 990                        break;
 991                }
 992        }
 993
 994        align = ALIGN(crypto_aead_blocksize(aead), 4);
 995        x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
 996
 997error:
 998        return err;
 999}
1000
1001static int esp4_rcv_cb(struct sk_buff *skb, int err)
1002{
1003        return 0;
1004}
1005
1006static const struct xfrm_type esp_type =
1007{
1008        .description    = "ESP4",
1009        .owner          = THIS_MODULE,
1010        .proto          = IPPROTO_ESP,
1011        .flags          = XFRM_TYPE_REPLAY_PROT,
1012        .init_state     = esp_init_state,
1013        .destructor     = esp_destroy,
1014        .get_mtu        = esp4_get_mtu,
1015        .input          = esp_input,
1016        .output         = esp_output,
1017};
1018
1019static struct xfrm4_protocol esp4_protocol = {
1020        .handler        =       xfrm4_rcv,
1021        .input_handler  =       xfrm_input,
1022        .cb_handler     =       esp4_rcv_cb,
1023        .err_handler    =       esp4_err,
1024        .priority       =       0,
1025};
1026
1027static int __init esp4_init(void)
1028{
1029        if (xfrm_register_type(&esp_type, AF_INET) < 0) {
1030                pr_info("%s: can't add xfrm type\n", __func__);
1031                return -EAGAIN;
1032        }
1033        if (xfrm4_protocol_register(&esp4_protocol, IPPROTO_ESP) < 0) {
1034                pr_info("%s: can't add protocol\n", __func__);
1035                xfrm_unregister_type(&esp_type, AF_INET);
1036                return -EAGAIN;
1037        }
1038        return 0;
1039}
1040
1041static void __exit esp4_fini(void)
1042{
1043        if (xfrm4_protocol_deregister(&esp4_protocol, IPPROTO_ESP) < 0)
1044                pr_info("%s: can't remove protocol\n", __func__);
1045        if (xfrm_unregister_type(&esp_type, AF_INET) < 0)
1046                pr_info("%s: can't remove xfrm type\n", __func__);
1047}
1048
1049module_init(esp4_init);
1050module_exit(esp4_fini);
1051MODULE_LICENSE("GPL");
1052MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_ESP);
1053