xref: /openbmc/linux/net/ipv4/esp4.c (revision d5cb9783536a41df9f9cba5b0a1d78047ed787f7)
1 #include <linux/config.h>
2 #include <linux/module.h>
3 #include <net/ip.h>
4 #include <net/xfrm.h>
5 #include <net/esp.h>
6 #include <asm/scatterlist.h>
7 #include <linux/crypto.h>
8 #include <linux/kernel.h>
9 #include <linux/pfkeyv2.h>
10 #include <linux/random.h>
11 #include <net/icmp.h>
12 #include <net/udp.h>
13 
14 /* decapsulation data for use when post-processing */
15 struct esp_decap_data {
16 	xfrm_address_t	saddr;
17 	__u16		sport;
18 	__u8		proto;
19 };
20 
21 static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
22 {
23 	int err;
24 	struct iphdr *top_iph;
25 	struct ip_esp_hdr *esph;
26 	struct crypto_tfm *tfm;
27 	struct esp_data *esp;
28 	struct sk_buff *trailer;
29 	int blksize;
30 	int clen;
31 	int alen;
32 	int nfrags;
33 
34 	/* Strip IP+ESP header. */
35 	__skb_pull(skb, skb->h.raw - skb->data);
36 	/* Now skb is pure payload to encrypt */
37 
38 	err = -ENOMEM;
39 
40 	/* Round to block size */
41 	clen = skb->len;
42 
43 	esp = x->data;
44 	alen = esp->auth.icv_trunc_len;
45 	tfm = esp->conf.tfm;
46 	blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4);
47 	clen = ALIGN(clen + 2, blksize);
48 	if (esp->conf.padlen)
49 		clen = ALIGN(clen, esp->conf.padlen);
50 
51 	if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0)
52 		goto error;
53 
54 	/* Fill padding... */
55 	do {
56 		int i;
57 		for (i=0; i<clen-skb->len - 2; i++)
58 			*(u8*)(trailer->tail + i) = i+1;
59 	} while (0);
60 	*(u8*)(trailer->tail + clen-skb->len - 2) = (clen - skb->len)-2;
61 	pskb_put(skb, trailer, clen - skb->len);
62 
63 	__skb_push(skb, skb->data - skb->nh.raw);
64 	top_iph = skb->nh.iph;
65 	esph = (struct ip_esp_hdr *)(skb->nh.raw + top_iph->ihl*4);
66 	top_iph->tot_len = htons(skb->len + alen);
67 	*(u8*)(trailer->tail - 1) = top_iph->protocol;
68 
69 	/* this is non-NULL only with UDP Encapsulation */
70 	if (x->encap) {
71 		struct xfrm_encap_tmpl *encap = x->encap;
72 		struct udphdr *uh;
73 		u32 *udpdata32;
74 
75 		uh = (struct udphdr *)esph;
76 		uh->source = encap->encap_sport;
77 		uh->dest = encap->encap_dport;
78 		uh->len = htons(skb->len + alen - top_iph->ihl*4);
79 		uh->check = 0;
80 
81 		switch (encap->encap_type) {
82 		default:
83 		case UDP_ENCAP_ESPINUDP:
84 			esph = (struct ip_esp_hdr *)(uh + 1);
85 			break;
86 		case UDP_ENCAP_ESPINUDP_NON_IKE:
87 			udpdata32 = (u32 *)(uh + 1);
88 			udpdata32[0] = udpdata32[1] = 0;
89 			esph = (struct ip_esp_hdr *)(udpdata32 + 2);
90 			break;
91 		}
92 
93 		top_iph->protocol = IPPROTO_UDP;
94 	} else
95 		top_iph->protocol = IPPROTO_ESP;
96 
97 	esph->spi = x->id.spi;
98 	esph->seq_no = htonl(++x->replay.oseq);
99 
100 	if (esp->conf.ivlen)
101 		crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
102 
103 	do {
104 		struct scatterlist *sg = &esp->sgbuf[0];
105 
106 		if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
107 			sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
108 			if (!sg)
109 				goto error;
110 		}
111 		skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
112 		crypto_cipher_encrypt(tfm, sg, sg, clen);
113 		if (unlikely(sg != &esp->sgbuf[0]))
114 			kfree(sg);
115 	} while (0);
116 
117 	if (esp->conf.ivlen) {
118 		memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
119 		crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
120 	}
121 
122 	if (esp->auth.icv_full_len) {
123 		esp->auth.icv(esp, skb, (u8*)esph-skb->data,
124 		              sizeof(struct ip_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);
125 		pskb_put(skb, trailer, alen);
126 	}
127 
128 	ip_send_check(top_iph);
129 
130 	err = 0;
131 
132 error:
133 	return err;
134 }
135 
136 /*
137  * Note: detecting truncated vs. non-truncated authentication data is very
138  * expensive, so we only support truncated data, which is the recommended
139  * and common case.
140  */
141 static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb)
142 {
143 	struct iphdr *iph;
144 	struct ip_esp_hdr *esph;
145 	struct esp_data *esp = x->data;
146 	struct sk_buff *trailer;
147 	int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
148 	int alen = esp->auth.icv_trunc_len;
149 	int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
150 	int nfrags;
151 	int encap_len = 0;
152 
153 	if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
154 		goto out;
155 
156 	if (elen <= 0 || (elen & (blksize-1)))
157 		goto out;
158 
159 	/* If integrity check is required, do this. */
160 	if (esp->auth.icv_full_len) {
161 		u8 sum[esp->auth.icv_full_len];
162 		u8 sum1[alen];
163 
164 		esp->auth.icv(esp, skb, 0, skb->len-alen, sum);
165 
166 		if (skb_copy_bits(skb, skb->len-alen, sum1, alen))
167 			BUG();
168 
169 		if (unlikely(memcmp(sum, sum1, alen))) {
170 			x->stats.integrity_failed++;
171 			goto out;
172 		}
173 	}
174 
175 	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0)
176 		goto out;
177 
178 	skb->ip_summed = CHECKSUM_NONE;
179 
180 	esph = (struct ip_esp_hdr*)skb->data;
181 	iph = skb->nh.iph;
182 
183 	/* Get ivec. This can be wrong, check against another impls. */
184 	if (esp->conf.ivlen)
185 		crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm));
186 
187         {
188 		u8 nexthdr[2];
189 		struct scatterlist *sg = &esp->sgbuf[0];
190 		u8 workbuf[60];
191 		int padlen;
192 
193 		if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
194 			sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
195 			if (!sg)
196 				goto out;
197 		}
198 		skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
199 		crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
200 		if (unlikely(sg != &esp->sgbuf[0]))
201 			kfree(sg);
202 
203 		if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
204 			BUG();
205 
206 		padlen = nexthdr[0];
207 		if (padlen+2 >= elen)
208 			goto out;
209 
210 		/* ... check padding bits here. Silly. :-) */
211 
212 		if (x->encap && decap && decap->decap_type) {
213 			struct esp_decap_data *encap_data;
214 			struct udphdr *uh = (struct udphdr *) (iph+1);
215 
216 			encap_data = (struct esp_decap_data *) (decap->decap_data);
217 			encap_data->proto = 0;
218 
219 			switch (decap->decap_type) {
220 			case UDP_ENCAP_ESPINUDP:
221 			case UDP_ENCAP_ESPINUDP_NON_IKE:
222 				encap_data->proto = AF_INET;
223 				encap_data->saddr.a4 = iph->saddr;
224 				encap_data->sport = uh->source;
225 				encap_len = (void*)esph - (void*)uh;
226 				break;
227 
228 			default:
229 				goto out;
230 			}
231 		}
232 
233 		iph->protocol = nexthdr[1];
234 		pskb_trim(skb, skb->len - alen - padlen - 2);
235 		memcpy(workbuf, skb->nh.raw, iph->ihl*4);
236 		skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen);
237 		skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
238 		memcpy(skb->nh.raw, workbuf, iph->ihl*4);
239 		skb->nh.iph->tot_len = htons(skb->len);
240 	}
241 
242 	return 0;
243 
244 out:
245 	return -EINVAL;
246 }
247 
248 static int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb)
249 {
250 
251 	if (x->encap) {
252 		struct xfrm_encap_tmpl *encap;
253 		struct esp_decap_data *decap_data;
254 
255 		encap = x->encap;
256 		decap_data = (struct esp_decap_data *)(decap->decap_data);
257 
258 		/* first, make sure that the decap type == the encap type */
259 		if (encap->encap_type != decap->decap_type)
260 			return -EINVAL;
261 
262 		switch (encap->encap_type) {
263 		default:
264 		case UDP_ENCAP_ESPINUDP:
265 		case UDP_ENCAP_ESPINUDP_NON_IKE:
266 			/*
267 			 * 1) if the NAT-T peer's IP or port changed then
268 			 *    advertize the change to the keying daemon.
269 			 *    This is an inbound SA, so just compare
270 			 *    SRC ports.
271 			 */
272 			if (decap_data->proto == AF_INET &&
273 			    (decap_data->saddr.a4 != x->props.saddr.a4 ||
274 			     decap_data->sport != encap->encap_sport)) {
275 				xfrm_address_t ipaddr;
276 
277 				ipaddr.a4 = decap_data->saddr.a4;
278 				km_new_mapping(x, &ipaddr, decap_data->sport);
279 
280 				/* XXX: perhaps add an extra
281 				 * policy check here, to see
282 				 * if we should allow or
283 				 * reject a packet from a
284 				 * different source
285 				 * address/port.
286 				 */
287 			}
288 
289 			/*
290 			 * 2) ignore UDP/TCP checksums in case
291 			 *    of NAT-T in Transport Mode, or
292 			 *    perform other post-processing fixes
293 			 *    as per * draft-ietf-ipsec-udp-encaps-06,
294 			 *    section 3.1.2
295 			 */
296 			if (!x->props.mode)
297 				skb->ip_summed = CHECKSUM_UNNECESSARY;
298 
299 			break;
300 		}
301 	}
302 	return 0;
303 }
304 
305 static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
306 {
307 	struct esp_data *esp = x->data;
308 	u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
309 
310 	if (x->props.mode) {
311 		mtu = ALIGN(mtu + 2, blksize);
312 	} else {
313 		/* The worst case. */
314 		mtu = ALIGN(mtu + 2, 4) + blksize - 4;
315 	}
316 	if (esp->conf.padlen)
317 		mtu = ALIGN(mtu, esp->conf.padlen);
318 
319 	return mtu + x->props.header_len + esp->auth.icv_trunc_len;
320 }
321 
322 static void esp4_err(struct sk_buff *skb, u32 info)
323 {
324 	struct iphdr *iph = (struct iphdr*)skb->data;
325 	struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2));
326 	struct xfrm_state *x;
327 
328 	if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
329 	    skb->h.icmph->code != ICMP_FRAG_NEEDED)
330 		return;
331 
332 	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
333 	if (!x)
334 		return;
335 	NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
336 		 ntohl(esph->spi), ntohl(iph->daddr));
337 	xfrm_state_put(x);
338 }
339 
340 static void esp_destroy(struct xfrm_state *x)
341 {
342 	struct esp_data *esp = x->data;
343 
344 	if (!esp)
345 		return;
346 
347 	crypto_free_tfm(esp->conf.tfm);
348 	esp->conf.tfm = NULL;
349 	kfree(esp->conf.ivec);
350 	esp->conf.ivec = NULL;
351 	crypto_free_tfm(esp->auth.tfm);
352 	esp->auth.tfm = NULL;
353 	kfree(esp->auth.work_icv);
354 	esp->auth.work_icv = NULL;
355 	kfree(esp);
356 }
357 
358 static int esp_init_state(struct xfrm_state *x)
359 {
360 	struct esp_data *esp = NULL;
361 
362 	/* null auth and encryption can have zero length keys */
363 	if (x->aalg) {
364 		if (x->aalg->alg_key_len > 512)
365 			goto error;
366 	}
367 	if (x->ealg == NULL)
368 		goto error;
369 
370 	esp = kmalloc(sizeof(*esp), GFP_KERNEL);
371 	if (esp == NULL)
372 		return -ENOMEM;
373 
374 	memset(esp, 0, sizeof(*esp));
375 
376 	if (x->aalg) {
377 		struct xfrm_algo_desc *aalg_desc;
378 
379 		esp->auth.key = x->aalg->alg_key;
380 		esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
381 		esp->auth.tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
382 		if (esp->auth.tfm == NULL)
383 			goto error;
384 		esp->auth.icv = esp_hmac_digest;
385 
386 		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
387 		BUG_ON(!aalg_desc);
388 
389 		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
390 		    crypto_tfm_alg_digestsize(esp->auth.tfm)) {
391 			NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",
392 				 x->aalg->alg_name,
393 				 crypto_tfm_alg_digestsize(esp->auth.tfm),
394 				 aalg_desc->uinfo.auth.icv_fullbits/8);
395 			goto error;
396 		}
397 
398 		esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
399 		esp->auth.icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
400 
401 		esp->auth.work_icv = kmalloc(esp->auth.icv_full_len, GFP_KERNEL);
402 		if (!esp->auth.work_icv)
403 			goto error;
404 	}
405 	esp->conf.key = x->ealg->alg_key;
406 	esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
407 	if (x->props.ealgo == SADB_EALG_NULL)
408 		esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB);
409 	else
410 		esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC);
411 	if (esp->conf.tfm == NULL)
412 		goto error;
413 	esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm);
414 	esp->conf.padlen = 0;
415 	if (esp->conf.ivlen) {
416 		esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
417 		if (unlikely(esp->conf.ivec == NULL))
418 			goto error;
419 		get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
420 	}
421 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
422 		goto error;
423 	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
424 	if (x->props.mode)
425 		x->props.header_len += sizeof(struct iphdr);
426 	if (x->encap) {
427 		struct xfrm_encap_tmpl *encap = x->encap;
428 
429 		switch (encap->encap_type) {
430 		default:
431 			goto error;
432 		case UDP_ENCAP_ESPINUDP:
433 			x->props.header_len += sizeof(struct udphdr);
434 			break;
435 		case UDP_ENCAP_ESPINUDP_NON_IKE:
436 			x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
437 			break;
438 		}
439 	}
440 	x->data = esp;
441 	x->props.trailer_len = esp4_get_max_size(x, 0) - x->props.header_len;
442 	return 0;
443 
444 error:
445 	x->data = esp;
446 	esp_destroy(x);
447 	x->data = NULL;
448 	return -EINVAL;
449 }
450 
451 static struct xfrm_type esp_type =
452 {
453 	.description	= "ESP4",
454 	.owner		= THIS_MODULE,
455 	.proto	     	= IPPROTO_ESP,
456 	.init_state	= esp_init_state,
457 	.destructor	= esp_destroy,
458 	.get_max_size	= esp4_get_max_size,
459 	.input		= esp_input,
460 	.post_input	= esp_post_input,
461 	.output		= esp_output
462 };
463 
464 static struct net_protocol esp4_protocol = {
465 	.handler	=	xfrm4_rcv,
466 	.err_handler	=	esp4_err,
467 	.no_policy	=	1,
468 };
469 
470 static int __init esp4_init(void)
471 {
472 	struct xfrm_decap_state decap;
473 
474 	if (sizeof(struct esp_decap_data)  >
475 	    sizeof(decap.decap_data)) {
476 		extern void decap_data_too_small(void);
477 
478 		decap_data_too_small();
479 	}
480 
481 	if (xfrm_register_type(&esp_type, AF_INET) < 0) {
482 		printk(KERN_INFO "ip esp init: can't add xfrm type\n");
483 		return -EAGAIN;
484 	}
485 	if (inet_add_protocol(&esp4_protocol, IPPROTO_ESP) < 0) {
486 		printk(KERN_INFO "ip esp init: can't add protocol\n");
487 		xfrm_unregister_type(&esp_type, AF_INET);
488 		return -EAGAIN;
489 	}
490 	return 0;
491 }
492 
493 static void __exit esp4_fini(void)
494 {
495 	if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0)
496 		printk(KERN_INFO "ip esp close: can't remove protocol\n");
497 	if (xfrm_unregister_type(&esp_type, AF_INET) < 0)
498 		printk(KERN_INFO "ip esp close: can't remove xfrm type\n");
499 }
500 
501 module_init(esp4_init);
502 module_exit(esp4_fini);
503 MODULE_LICENSE("GPL");
504