1 /* 2 * xfrm algorithm interface 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the Free 8 * Software Foundation; either version 2 of the License, or (at your option) 9 * any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/kernel.h> 14 #include <linux/pfkeyv2.h> 15 #include <linux/crypto.h> 16 #include <linux/scatterlist.h> 17 #include <net/xfrm.h> 18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE) 19 #include <net/ah.h> 20 #endif 21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 22 #include <net/esp.h> 23 #endif 24 25 /* 26 * Algorithms supported by IPsec. These entries contain properties which 27 * are used in key negotiation and xfrm processing, and are used to verify 28 * that instantiated crypto transforms have correct parameters for IPsec 29 * purposes. 30 */ 31 static struct xfrm_algo_desc aead_list[] = { 32 { 33 .name = "rfc4106(gcm(aes))", 34 35 .uinfo = { 36 .aead = { 37 .icv_truncbits = 64, 38 } 39 }, 40 41 .desc = { 42 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8, 43 .sadb_alg_ivlen = 8, 44 .sadb_alg_minbits = 128, 45 .sadb_alg_maxbits = 256 46 } 47 }, 48 { 49 .name = "rfc4106(gcm(aes))", 50 51 .uinfo = { 52 .aead = { 53 .icv_truncbits = 96, 54 } 55 }, 56 57 .desc = { 58 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12, 59 .sadb_alg_ivlen = 8, 60 .sadb_alg_minbits = 128, 61 .sadb_alg_maxbits = 256 62 } 63 }, 64 { 65 .name = "rfc4106(gcm(aes))", 66 67 .uinfo = { 68 .aead = { 69 .icv_truncbits = 128, 70 } 71 }, 72 73 .desc = { 74 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16, 75 .sadb_alg_ivlen = 8, 76 .sadb_alg_minbits = 128, 77 .sadb_alg_maxbits = 256 78 } 79 }, 80 { 81 .name = "rfc4309(ccm(aes))", 82 83 .uinfo = { 84 .aead = { 85 .icv_truncbits = 64, 86 } 87 }, 88 89 .desc = { 90 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8, 91 .sadb_alg_ivlen = 8, 92 .sadb_alg_minbits = 128, 93 .sadb_alg_maxbits = 256 94 } 95 }, 96 { 97 .name = "rfc4309(ccm(aes))", 98 99 .uinfo = { 100 .aead = { 101 .icv_truncbits = 96, 102 } 103 }, 104 105 .desc = { 106 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12, 107 .sadb_alg_ivlen = 8, 108 .sadb_alg_minbits = 128, 109 .sadb_alg_maxbits = 256 110 } 111 }, 112 { 113 .name = "rfc4309(ccm(aes))", 114 115 .uinfo = { 116 .aead = { 117 .icv_truncbits = 128, 118 } 119 }, 120 121 .desc = { 122 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16, 123 .sadb_alg_ivlen = 8, 124 .sadb_alg_minbits = 128, 125 .sadb_alg_maxbits = 256 126 } 127 }, 128 }; 129 130 static struct xfrm_algo_desc aalg_list[] = { 131 { 132 .name = "hmac(digest_null)", 133 .compat = "digest_null", 134 135 .uinfo = { 136 .auth = { 137 .icv_truncbits = 0, 138 .icv_fullbits = 0, 139 } 140 }, 141 142 .desc = { 143 .sadb_alg_id = SADB_X_AALG_NULL, 144 .sadb_alg_ivlen = 0, 145 .sadb_alg_minbits = 0, 146 .sadb_alg_maxbits = 0 147 } 148 }, 149 { 150 .name = "hmac(md5)", 151 .compat = "md5", 152 153 .uinfo = { 154 .auth = { 155 .icv_truncbits = 96, 156 .icv_fullbits = 128, 157 } 158 }, 159 160 .desc = { 161 .sadb_alg_id = SADB_AALG_MD5HMAC, 162 .sadb_alg_ivlen = 0, 163 .sadb_alg_minbits = 128, 164 .sadb_alg_maxbits = 128 165 } 166 }, 167 { 168 .name = "hmac(sha1)", 169 .compat = "sha1", 170 171 .uinfo = { 172 .auth = { 173 .icv_truncbits = 96, 174 .icv_fullbits = 160, 175 } 176 }, 177 178 .desc = { 179 .sadb_alg_id = SADB_AALG_SHA1HMAC, 180 .sadb_alg_ivlen = 0, 181 .sadb_alg_minbits = 160, 182 .sadb_alg_maxbits = 160 183 } 184 }, 185 { 186 .name = "hmac(sha256)", 187 .compat = "sha256", 188 189 .uinfo = { 190 .auth = { 191 .icv_truncbits = 96, 192 .icv_fullbits = 256, 193 } 194 }, 195 196 .desc = { 197 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC, 198 .sadb_alg_ivlen = 0, 199 .sadb_alg_minbits = 256, 200 .sadb_alg_maxbits = 256 201 } 202 }, 203 { 204 .name = "hmac(ripemd160)", 205 .compat = "ripemd160", 206 207 .uinfo = { 208 .auth = { 209 .icv_truncbits = 96, 210 .icv_fullbits = 160, 211 } 212 }, 213 214 .desc = { 215 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, 216 .sadb_alg_ivlen = 0, 217 .sadb_alg_minbits = 160, 218 .sadb_alg_maxbits = 160 219 } 220 }, 221 { 222 .name = "xcbc(aes)", 223 224 .uinfo = { 225 .auth = { 226 .icv_truncbits = 96, 227 .icv_fullbits = 128, 228 } 229 }, 230 231 .desc = { 232 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC, 233 .sadb_alg_ivlen = 0, 234 .sadb_alg_minbits = 128, 235 .sadb_alg_maxbits = 128 236 } 237 }, 238 }; 239 240 static struct xfrm_algo_desc ealg_list[] = { 241 { 242 .name = "ecb(cipher_null)", 243 .compat = "cipher_null", 244 245 .uinfo = { 246 .encr = { 247 .blockbits = 8, 248 .defkeybits = 0, 249 } 250 }, 251 252 .desc = { 253 .sadb_alg_id = SADB_EALG_NULL, 254 .sadb_alg_ivlen = 0, 255 .sadb_alg_minbits = 0, 256 .sadb_alg_maxbits = 0 257 } 258 }, 259 { 260 .name = "cbc(des)", 261 .compat = "des", 262 263 .uinfo = { 264 .encr = { 265 .blockbits = 64, 266 .defkeybits = 64, 267 } 268 }, 269 270 .desc = { 271 .sadb_alg_id = SADB_EALG_DESCBC, 272 .sadb_alg_ivlen = 8, 273 .sadb_alg_minbits = 64, 274 .sadb_alg_maxbits = 64 275 } 276 }, 277 { 278 .name = "cbc(des3_ede)", 279 .compat = "des3_ede", 280 281 .uinfo = { 282 .encr = { 283 .blockbits = 64, 284 .defkeybits = 192, 285 } 286 }, 287 288 .desc = { 289 .sadb_alg_id = SADB_EALG_3DESCBC, 290 .sadb_alg_ivlen = 8, 291 .sadb_alg_minbits = 192, 292 .sadb_alg_maxbits = 192 293 } 294 }, 295 { 296 .name = "cbc(cast128)", 297 .compat = "cast128", 298 299 .uinfo = { 300 .encr = { 301 .blockbits = 64, 302 .defkeybits = 128, 303 } 304 }, 305 306 .desc = { 307 .sadb_alg_id = SADB_X_EALG_CASTCBC, 308 .sadb_alg_ivlen = 8, 309 .sadb_alg_minbits = 40, 310 .sadb_alg_maxbits = 128 311 } 312 }, 313 { 314 .name = "cbc(blowfish)", 315 .compat = "blowfish", 316 317 .uinfo = { 318 .encr = { 319 .blockbits = 64, 320 .defkeybits = 128, 321 } 322 }, 323 324 .desc = { 325 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC, 326 .sadb_alg_ivlen = 8, 327 .sadb_alg_minbits = 40, 328 .sadb_alg_maxbits = 448 329 } 330 }, 331 { 332 .name = "cbc(aes)", 333 .compat = "aes", 334 335 .uinfo = { 336 .encr = { 337 .blockbits = 128, 338 .defkeybits = 128, 339 } 340 }, 341 342 .desc = { 343 .sadb_alg_id = SADB_X_EALG_AESCBC, 344 .sadb_alg_ivlen = 8, 345 .sadb_alg_minbits = 128, 346 .sadb_alg_maxbits = 256 347 } 348 }, 349 { 350 .name = "cbc(serpent)", 351 .compat = "serpent", 352 353 .uinfo = { 354 .encr = { 355 .blockbits = 128, 356 .defkeybits = 128, 357 } 358 }, 359 360 .desc = { 361 .sadb_alg_id = SADB_X_EALG_SERPENTCBC, 362 .sadb_alg_ivlen = 8, 363 .sadb_alg_minbits = 128, 364 .sadb_alg_maxbits = 256, 365 } 366 }, 367 { 368 .name = "cbc(camellia)", 369 370 .uinfo = { 371 .encr = { 372 .blockbits = 128, 373 .defkeybits = 128, 374 } 375 }, 376 377 .desc = { 378 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC, 379 .sadb_alg_ivlen = 8, 380 .sadb_alg_minbits = 128, 381 .sadb_alg_maxbits = 256 382 } 383 }, 384 { 385 .name = "cbc(twofish)", 386 .compat = "twofish", 387 388 .uinfo = { 389 .encr = { 390 .blockbits = 128, 391 .defkeybits = 128, 392 } 393 }, 394 395 .desc = { 396 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC, 397 .sadb_alg_ivlen = 8, 398 .sadb_alg_minbits = 128, 399 .sadb_alg_maxbits = 256 400 } 401 }, 402 }; 403 404 static struct xfrm_algo_desc calg_list[] = { 405 { 406 .name = "deflate", 407 .uinfo = { 408 .comp = { 409 .threshold = 90, 410 } 411 }, 412 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE } 413 }, 414 { 415 .name = "lzs", 416 .uinfo = { 417 .comp = { 418 .threshold = 90, 419 } 420 }, 421 .desc = { .sadb_alg_id = SADB_X_CALG_LZS } 422 }, 423 { 424 .name = "lzjh", 425 .uinfo = { 426 .comp = { 427 .threshold = 50, 428 } 429 }, 430 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH } 431 }, 432 }; 433 434 static inline int aead_entries(void) 435 { 436 return ARRAY_SIZE(aead_list); 437 } 438 439 static inline int aalg_entries(void) 440 { 441 return ARRAY_SIZE(aalg_list); 442 } 443 444 static inline int ealg_entries(void) 445 { 446 return ARRAY_SIZE(ealg_list); 447 } 448 449 static inline int calg_entries(void) 450 { 451 return ARRAY_SIZE(calg_list); 452 } 453 454 struct xfrm_algo_list { 455 struct xfrm_algo_desc *algs; 456 int entries; 457 u32 type; 458 u32 mask; 459 }; 460 461 static const struct xfrm_algo_list xfrm_aead_list = { 462 .algs = aead_list, 463 .entries = ARRAY_SIZE(aead_list), 464 .type = CRYPTO_ALG_TYPE_AEAD, 465 .mask = CRYPTO_ALG_TYPE_MASK, 466 }; 467 468 static const struct xfrm_algo_list xfrm_aalg_list = { 469 .algs = aalg_list, 470 .entries = ARRAY_SIZE(aalg_list), 471 .type = CRYPTO_ALG_TYPE_HASH, 472 .mask = CRYPTO_ALG_TYPE_HASH_MASK, 473 }; 474 475 static const struct xfrm_algo_list xfrm_ealg_list = { 476 .algs = ealg_list, 477 .entries = ARRAY_SIZE(ealg_list), 478 .type = CRYPTO_ALG_TYPE_BLKCIPHER, 479 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK, 480 }; 481 482 static const struct xfrm_algo_list xfrm_calg_list = { 483 .algs = calg_list, 484 .entries = ARRAY_SIZE(calg_list), 485 .type = CRYPTO_ALG_TYPE_COMPRESS, 486 .mask = CRYPTO_ALG_TYPE_MASK, 487 }; 488 489 static struct xfrm_algo_desc *xfrm_find_algo( 490 const struct xfrm_algo_list *algo_list, 491 int match(const struct xfrm_algo_desc *entry, const void *data), 492 const void *data, int probe) 493 { 494 struct xfrm_algo_desc *list = algo_list->algs; 495 int i, status; 496 497 for (i = 0; i < algo_list->entries; i++) { 498 if (!match(list + i, data)) 499 continue; 500 501 if (list[i].available) 502 return &list[i]; 503 504 if (!probe) 505 break; 506 507 status = crypto_has_alg(list[i].name, algo_list->type, 508 algo_list->mask); 509 if (!status) 510 break; 511 512 list[i].available = status; 513 return &list[i]; 514 } 515 return NULL; 516 } 517 518 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry, 519 const void *data) 520 { 521 return entry->desc.sadb_alg_id == (unsigned long)data; 522 } 523 524 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id) 525 { 526 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match, 527 (void *)(unsigned long)alg_id, 1); 528 } 529 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid); 530 531 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id) 532 { 533 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match, 534 (void *)(unsigned long)alg_id, 1); 535 } 536 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid); 537 538 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id) 539 { 540 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match, 541 (void *)(unsigned long)alg_id, 1); 542 } 543 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid); 544 545 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry, 546 const void *data) 547 { 548 const char *name = data; 549 550 return name && (!strcmp(name, entry->name) || 551 (entry->compat && !strcmp(name, entry->compat))); 552 } 553 554 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe) 555 { 556 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name, 557 probe); 558 } 559 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname); 560 561 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe) 562 { 563 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name, 564 probe); 565 } 566 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname); 567 568 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe) 569 { 570 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name, 571 probe); 572 } 573 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname); 574 575 struct xfrm_aead_name { 576 const char *name; 577 int icvbits; 578 }; 579 580 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry, 581 const void *data) 582 { 583 const struct xfrm_aead_name *aead = data; 584 const char *name = aead->name; 585 586 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name && 587 !strcmp(name, entry->name); 588 } 589 590 struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe) 591 { 592 struct xfrm_aead_name data = { 593 .name = name, 594 .icvbits = icv_len, 595 }; 596 597 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data, 598 probe); 599 } 600 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname); 601 602 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx) 603 { 604 if (idx >= aalg_entries()) 605 return NULL; 606 607 return &aalg_list[idx]; 608 } 609 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx); 610 611 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx) 612 { 613 if (idx >= ealg_entries()) 614 return NULL; 615 616 return &ealg_list[idx]; 617 } 618 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx); 619 620 /* 621 * Probe for the availability of crypto algorithms, and set the available 622 * flag for any algorithms found on the system. This is typically called by 623 * pfkey during userspace SA add, update or register. 624 */ 625 void xfrm_probe_algs(void) 626 { 627 int i, status; 628 629 BUG_ON(in_softirq()); 630 631 for (i = 0; i < aalg_entries(); i++) { 632 status = crypto_has_hash(aalg_list[i].name, 0, 633 CRYPTO_ALG_ASYNC); 634 if (aalg_list[i].available != status) 635 aalg_list[i].available = status; 636 } 637 638 for (i = 0; i < ealg_entries(); i++) { 639 status = crypto_has_blkcipher(ealg_list[i].name, 0, 640 CRYPTO_ALG_ASYNC); 641 if (ealg_list[i].available != status) 642 ealg_list[i].available = status; 643 } 644 645 for (i = 0; i < calg_entries(); i++) { 646 status = crypto_has_comp(calg_list[i].name, 0, 647 CRYPTO_ALG_ASYNC); 648 if (calg_list[i].available != status) 649 calg_list[i].available = status; 650 } 651 } 652 EXPORT_SYMBOL_GPL(xfrm_probe_algs); 653 654 int xfrm_count_auth_supported(void) 655 { 656 int i, n; 657 658 for (i = 0, n = 0; i < aalg_entries(); i++) 659 if (aalg_list[i].available) 660 n++; 661 return n; 662 } 663 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported); 664 665 int xfrm_count_enc_supported(void) 666 { 667 int i, n; 668 669 for (i = 0, n = 0; i < ealg_entries(); i++) 670 if (ealg_list[i].available) 671 n++; 672 return n; 673 } 674 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported); 675 676 /* Move to common area: it is shared with AH. */ 677 678 int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc, 679 int offset, int len, icv_update_fn_t icv_update) 680 { 681 int start = skb_headlen(skb); 682 int i, copy = start - offset; 683 int err; 684 struct scatterlist sg; 685 686 /* Checksum header. */ 687 if (copy > 0) { 688 if (copy > len) 689 copy = len; 690 691 sg_init_one(&sg, skb->data + offset, copy); 692 693 err = icv_update(desc, &sg, copy); 694 if (unlikely(err)) 695 return err; 696 697 if ((len -= copy) == 0) 698 return 0; 699 offset += copy; 700 } 701 702 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 703 int end; 704 705 BUG_TRAP(start <= offset + len); 706 707 end = start + skb_shinfo(skb)->frags[i].size; 708 if ((copy = end - offset) > 0) { 709 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 710 711 if (copy > len) 712 copy = len; 713 714 sg_init_table(&sg, 1); 715 sg_set_page(&sg, frag->page, copy, 716 frag->page_offset + offset-start); 717 718 err = icv_update(desc, &sg, copy); 719 if (unlikely(err)) 720 return err; 721 722 if (!(len -= copy)) 723 return 0; 724 offset += copy; 725 } 726 start = end; 727 } 728 729 if (skb_shinfo(skb)->frag_list) { 730 struct sk_buff *list = skb_shinfo(skb)->frag_list; 731 732 for (; list; list = list->next) { 733 int end; 734 735 BUG_TRAP(start <= offset + len); 736 737 end = start + list->len; 738 if ((copy = end - offset) > 0) { 739 if (copy > len) 740 copy = len; 741 err = skb_icv_walk(list, desc, offset-start, 742 copy, icv_update); 743 if (unlikely(err)) 744 return err; 745 if ((len -= copy) == 0) 746 return 0; 747 offset += copy; 748 } 749 start = end; 750 } 751 } 752 BUG_ON(len); 753 return 0; 754 } 755 EXPORT_SYMBOL_GPL(skb_icv_walk); 756 757 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 758 759 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len) 760 { 761 if (tail != skb) { 762 skb->data_len += len; 763 skb->len += len; 764 } 765 return skb_put(tail, len); 766 } 767 EXPORT_SYMBOL_GPL(pskb_put); 768 #endif 769