xref: /openbmc/linux/net/xfrm/xfrm_algo.c (revision 643d1f7f)
1 /*
2  * xfrm algorithm interface
3  *
4  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
17 #include <net/xfrm.h>
18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19 #include <net/ah.h>
20 #endif
21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22 #include <net/esp.h>
23 #endif
24 
25 /*
26  * Algorithms supported by IPsec.  These entries contain properties which
27  * are used in key negotiation and xfrm processing, and are used to verify
28  * that instantiated crypto transforms have correct parameters for IPsec
29  * purposes.
30  */
31 static struct xfrm_algo_desc aead_list[] = {
32 {
33 	.name = "rfc4106(gcm(aes))",
34 
35 	.uinfo = {
36 		.aead = {
37 			.icv_truncbits = 64,
38 		}
39 	},
40 
41 	.desc = {
42 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 		.sadb_alg_ivlen = 8,
44 		.sadb_alg_minbits = 128,
45 		.sadb_alg_maxbits = 256
46 	}
47 },
48 {
49 	.name = "rfc4106(gcm(aes))",
50 
51 	.uinfo = {
52 		.aead = {
53 			.icv_truncbits = 96,
54 		}
55 	},
56 
57 	.desc = {
58 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59 		.sadb_alg_ivlen = 8,
60 		.sadb_alg_minbits = 128,
61 		.sadb_alg_maxbits = 256
62 	}
63 },
64 {
65 	.name = "rfc4106(gcm(aes))",
66 
67 	.uinfo = {
68 		.aead = {
69 			.icv_truncbits = 128,
70 		}
71 	},
72 
73 	.desc = {
74 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75 		.sadb_alg_ivlen = 8,
76 		.sadb_alg_minbits = 128,
77 		.sadb_alg_maxbits = 256
78 	}
79 },
80 {
81 	.name = "rfc4309(ccm(aes))",
82 
83 	.uinfo = {
84 		.aead = {
85 			.icv_truncbits = 64,
86 		}
87 	},
88 
89 	.desc = {
90 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91 		.sadb_alg_ivlen = 8,
92 		.sadb_alg_minbits = 128,
93 		.sadb_alg_maxbits = 256
94 	}
95 },
96 {
97 	.name = "rfc4309(ccm(aes))",
98 
99 	.uinfo = {
100 		.aead = {
101 			.icv_truncbits = 96,
102 		}
103 	},
104 
105 	.desc = {
106 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107 		.sadb_alg_ivlen = 8,
108 		.sadb_alg_minbits = 128,
109 		.sadb_alg_maxbits = 256
110 	}
111 },
112 {
113 	.name = "rfc4309(ccm(aes))",
114 
115 	.uinfo = {
116 		.aead = {
117 			.icv_truncbits = 128,
118 		}
119 	},
120 
121 	.desc = {
122 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123 		.sadb_alg_ivlen = 8,
124 		.sadb_alg_minbits = 128,
125 		.sadb_alg_maxbits = 256
126 	}
127 },
128 };
129 
130 static struct xfrm_algo_desc aalg_list[] = {
131 {
132 	.name = "hmac(digest_null)",
133 	.compat = "digest_null",
134 
135 	.uinfo = {
136 		.auth = {
137 			.icv_truncbits = 0,
138 			.icv_fullbits = 0,
139 		}
140 	},
141 
142 	.desc = {
143 		.sadb_alg_id = SADB_X_AALG_NULL,
144 		.sadb_alg_ivlen = 0,
145 		.sadb_alg_minbits = 0,
146 		.sadb_alg_maxbits = 0
147 	}
148 },
149 {
150 	.name = "hmac(md5)",
151 	.compat = "md5",
152 
153 	.uinfo = {
154 		.auth = {
155 			.icv_truncbits = 96,
156 			.icv_fullbits = 128,
157 		}
158 	},
159 
160 	.desc = {
161 		.sadb_alg_id = SADB_AALG_MD5HMAC,
162 		.sadb_alg_ivlen = 0,
163 		.sadb_alg_minbits = 128,
164 		.sadb_alg_maxbits = 128
165 	}
166 },
167 {
168 	.name = "hmac(sha1)",
169 	.compat = "sha1",
170 
171 	.uinfo = {
172 		.auth = {
173 			.icv_truncbits = 96,
174 			.icv_fullbits = 160,
175 		}
176 	},
177 
178 	.desc = {
179 		.sadb_alg_id = SADB_AALG_SHA1HMAC,
180 		.sadb_alg_ivlen = 0,
181 		.sadb_alg_minbits = 160,
182 		.sadb_alg_maxbits = 160
183 	}
184 },
185 {
186 	.name = "hmac(sha256)",
187 	.compat = "sha256",
188 
189 	.uinfo = {
190 		.auth = {
191 			.icv_truncbits = 96,
192 			.icv_fullbits = 256,
193 		}
194 	},
195 
196 	.desc = {
197 		.sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
198 		.sadb_alg_ivlen = 0,
199 		.sadb_alg_minbits = 256,
200 		.sadb_alg_maxbits = 256
201 	}
202 },
203 {
204 	.name = "hmac(ripemd160)",
205 	.compat = "ripemd160",
206 
207 	.uinfo = {
208 		.auth = {
209 			.icv_truncbits = 96,
210 			.icv_fullbits = 160,
211 		}
212 	},
213 
214 	.desc = {
215 		.sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
216 		.sadb_alg_ivlen = 0,
217 		.sadb_alg_minbits = 160,
218 		.sadb_alg_maxbits = 160
219 	}
220 },
221 {
222 	.name = "xcbc(aes)",
223 
224 	.uinfo = {
225 		.auth = {
226 			.icv_truncbits = 96,
227 			.icv_fullbits = 128,
228 		}
229 	},
230 
231 	.desc = {
232 		.sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
233 		.sadb_alg_ivlen = 0,
234 		.sadb_alg_minbits = 128,
235 		.sadb_alg_maxbits = 128
236 	}
237 },
238 };
239 
240 static struct xfrm_algo_desc ealg_list[] = {
241 {
242 	.name = "ecb(cipher_null)",
243 	.compat = "cipher_null",
244 
245 	.uinfo = {
246 		.encr = {
247 			.blockbits = 8,
248 			.defkeybits = 0,
249 		}
250 	},
251 
252 	.desc = {
253 		.sadb_alg_id =	SADB_EALG_NULL,
254 		.sadb_alg_ivlen = 0,
255 		.sadb_alg_minbits = 0,
256 		.sadb_alg_maxbits = 0
257 	}
258 },
259 {
260 	.name = "cbc(des)",
261 	.compat = "des",
262 
263 	.uinfo = {
264 		.encr = {
265 			.blockbits = 64,
266 			.defkeybits = 64,
267 		}
268 	},
269 
270 	.desc = {
271 		.sadb_alg_id = SADB_EALG_DESCBC,
272 		.sadb_alg_ivlen = 8,
273 		.sadb_alg_minbits = 64,
274 		.sadb_alg_maxbits = 64
275 	}
276 },
277 {
278 	.name = "cbc(des3_ede)",
279 	.compat = "des3_ede",
280 
281 	.uinfo = {
282 		.encr = {
283 			.blockbits = 64,
284 			.defkeybits = 192,
285 		}
286 	},
287 
288 	.desc = {
289 		.sadb_alg_id = SADB_EALG_3DESCBC,
290 		.sadb_alg_ivlen = 8,
291 		.sadb_alg_minbits = 192,
292 		.sadb_alg_maxbits = 192
293 	}
294 },
295 {
296 	.name = "cbc(cast128)",
297 	.compat = "cast128",
298 
299 	.uinfo = {
300 		.encr = {
301 			.blockbits = 64,
302 			.defkeybits = 128,
303 		}
304 	},
305 
306 	.desc = {
307 		.sadb_alg_id = SADB_X_EALG_CASTCBC,
308 		.sadb_alg_ivlen = 8,
309 		.sadb_alg_minbits = 40,
310 		.sadb_alg_maxbits = 128
311 	}
312 },
313 {
314 	.name = "cbc(blowfish)",
315 	.compat = "blowfish",
316 
317 	.uinfo = {
318 		.encr = {
319 			.blockbits = 64,
320 			.defkeybits = 128,
321 		}
322 	},
323 
324 	.desc = {
325 		.sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
326 		.sadb_alg_ivlen = 8,
327 		.sadb_alg_minbits = 40,
328 		.sadb_alg_maxbits = 448
329 	}
330 },
331 {
332 	.name = "cbc(aes)",
333 	.compat = "aes",
334 
335 	.uinfo = {
336 		.encr = {
337 			.blockbits = 128,
338 			.defkeybits = 128,
339 		}
340 	},
341 
342 	.desc = {
343 		.sadb_alg_id = SADB_X_EALG_AESCBC,
344 		.sadb_alg_ivlen = 8,
345 		.sadb_alg_minbits = 128,
346 		.sadb_alg_maxbits = 256
347 	}
348 },
349 {
350 	.name = "cbc(serpent)",
351 	.compat = "serpent",
352 
353 	.uinfo = {
354 		.encr = {
355 			.blockbits = 128,
356 			.defkeybits = 128,
357 		}
358 	},
359 
360 	.desc = {
361 		.sadb_alg_id = SADB_X_EALG_SERPENTCBC,
362 		.sadb_alg_ivlen = 8,
363 		.sadb_alg_minbits = 128,
364 		.sadb_alg_maxbits = 256,
365 	}
366 },
367 {
368 	.name = "cbc(camellia)",
369 
370 	.uinfo = {
371 		.encr = {
372 			.blockbits = 128,
373 			.defkeybits = 128,
374 		}
375 	},
376 
377 	.desc = {
378 		.sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
379 		.sadb_alg_ivlen = 8,
380 		.sadb_alg_minbits = 128,
381 		.sadb_alg_maxbits = 256
382 	}
383 },
384 {
385 	.name = "cbc(twofish)",
386 	.compat = "twofish",
387 
388 	.uinfo = {
389 		.encr = {
390 			.blockbits = 128,
391 			.defkeybits = 128,
392 		}
393 	},
394 
395 	.desc = {
396 		.sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
397 		.sadb_alg_ivlen = 8,
398 		.sadb_alg_minbits = 128,
399 		.sadb_alg_maxbits = 256
400 	}
401 },
402 };
403 
404 static struct xfrm_algo_desc calg_list[] = {
405 {
406 	.name = "deflate",
407 	.uinfo = {
408 		.comp = {
409 			.threshold = 90,
410 		}
411 	},
412 	.desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
413 },
414 {
415 	.name = "lzs",
416 	.uinfo = {
417 		.comp = {
418 			.threshold = 90,
419 		}
420 	},
421 	.desc = { .sadb_alg_id = SADB_X_CALG_LZS }
422 },
423 {
424 	.name = "lzjh",
425 	.uinfo = {
426 		.comp = {
427 			.threshold = 50,
428 		}
429 	},
430 	.desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
431 },
432 };
433 
434 static inline int aead_entries(void)
435 {
436 	return ARRAY_SIZE(aead_list);
437 }
438 
439 static inline int aalg_entries(void)
440 {
441 	return ARRAY_SIZE(aalg_list);
442 }
443 
444 static inline int ealg_entries(void)
445 {
446 	return ARRAY_SIZE(ealg_list);
447 }
448 
449 static inline int calg_entries(void)
450 {
451 	return ARRAY_SIZE(calg_list);
452 }
453 
454 struct xfrm_algo_list {
455 	struct xfrm_algo_desc *algs;
456 	int entries;
457 	u32 type;
458 	u32 mask;
459 };
460 
461 static const struct xfrm_algo_list xfrm_aead_list = {
462 	.algs = aead_list,
463 	.entries = ARRAY_SIZE(aead_list),
464 	.type = CRYPTO_ALG_TYPE_AEAD,
465 	.mask = CRYPTO_ALG_TYPE_MASK,
466 };
467 
468 static const struct xfrm_algo_list xfrm_aalg_list = {
469 	.algs = aalg_list,
470 	.entries = ARRAY_SIZE(aalg_list),
471 	.type = CRYPTO_ALG_TYPE_HASH,
472 	.mask = CRYPTO_ALG_TYPE_HASH_MASK,
473 };
474 
475 static const struct xfrm_algo_list xfrm_ealg_list = {
476 	.algs = ealg_list,
477 	.entries = ARRAY_SIZE(ealg_list),
478 	.type = CRYPTO_ALG_TYPE_BLKCIPHER,
479 	.mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
480 };
481 
482 static const struct xfrm_algo_list xfrm_calg_list = {
483 	.algs = calg_list,
484 	.entries = ARRAY_SIZE(calg_list),
485 	.type = CRYPTO_ALG_TYPE_COMPRESS,
486 	.mask = CRYPTO_ALG_TYPE_MASK,
487 };
488 
489 static struct xfrm_algo_desc *xfrm_find_algo(
490 	const struct xfrm_algo_list *algo_list,
491 	int match(const struct xfrm_algo_desc *entry, const void *data),
492 	const void *data, int probe)
493 {
494 	struct xfrm_algo_desc *list = algo_list->algs;
495 	int i, status;
496 
497 	for (i = 0; i < algo_list->entries; i++) {
498 		if (!match(list + i, data))
499 			continue;
500 
501 		if (list[i].available)
502 			return &list[i];
503 
504 		if (!probe)
505 			break;
506 
507 		status = crypto_has_alg(list[i].name, algo_list->type,
508 					algo_list->mask);
509 		if (!status)
510 			break;
511 
512 		list[i].available = status;
513 		return &list[i];
514 	}
515 	return NULL;
516 }
517 
518 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
519 			     const void *data)
520 {
521 	return entry->desc.sadb_alg_id == (unsigned long)data;
522 }
523 
524 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
525 {
526 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
527 			      (void *)(unsigned long)alg_id, 1);
528 }
529 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
530 
531 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
532 {
533 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
534 			      (void *)(unsigned long)alg_id, 1);
535 }
536 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
537 
538 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
539 {
540 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
541 			      (void *)(unsigned long)alg_id, 1);
542 }
543 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
544 
545 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
546 			       const void *data)
547 {
548 	const char *name = data;
549 
550 	return name && (!strcmp(name, entry->name) ||
551 			(entry->compat && !strcmp(name, entry->compat)));
552 }
553 
554 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
555 {
556 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
557 			      probe);
558 }
559 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
560 
561 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
562 {
563 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
564 			      probe);
565 }
566 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
567 
568 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
569 {
570 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
571 			      probe);
572 }
573 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
574 
575 struct xfrm_aead_name {
576 	const char *name;
577 	int icvbits;
578 };
579 
580 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
581 				const void *data)
582 {
583 	const struct xfrm_aead_name *aead = data;
584 	const char *name = aead->name;
585 
586 	return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
587 	       !strcmp(name, entry->name);
588 }
589 
590 struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe)
591 {
592 	struct xfrm_aead_name data = {
593 		.name = name,
594 		.icvbits = icv_len,
595 	};
596 
597 	return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
598 			      probe);
599 }
600 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
601 
602 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
603 {
604 	if (idx >= aalg_entries())
605 		return NULL;
606 
607 	return &aalg_list[idx];
608 }
609 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
610 
611 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
612 {
613 	if (idx >= ealg_entries())
614 		return NULL;
615 
616 	return &ealg_list[idx];
617 }
618 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
619 
620 /*
621  * Probe for the availability of crypto algorithms, and set the available
622  * flag for any algorithms found on the system.  This is typically called by
623  * pfkey during userspace SA add, update or register.
624  */
625 void xfrm_probe_algs(void)
626 {
627 	int i, status;
628 
629 	BUG_ON(in_softirq());
630 
631 	for (i = 0; i < aalg_entries(); i++) {
632 		status = crypto_has_hash(aalg_list[i].name, 0,
633 					 CRYPTO_ALG_ASYNC);
634 		if (aalg_list[i].available != status)
635 			aalg_list[i].available = status;
636 	}
637 
638 	for (i = 0; i < ealg_entries(); i++) {
639 		status = crypto_has_blkcipher(ealg_list[i].name, 0,
640 					      CRYPTO_ALG_ASYNC);
641 		if (ealg_list[i].available != status)
642 			ealg_list[i].available = status;
643 	}
644 
645 	for (i = 0; i < calg_entries(); i++) {
646 		status = crypto_has_comp(calg_list[i].name, 0,
647 					 CRYPTO_ALG_ASYNC);
648 		if (calg_list[i].available != status)
649 			calg_list[i].available = status;
650 	}
651 }
652 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
653 
654 int xfrm_count_auth_supported(void)
655 {
656 	int i, n;
657 
658 	for (i = 0, n = 0; i < aalg_entries(); i++)
659 		if (aalg_list[i].available)
660 			n++;
661 	return n;
662 }
663 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
664 
665 int xfrm_count_enc_supported(void)
666 {
667 	int i, n;
668 
669 	for (i = 0, n = 0; i < ealg_entries(); i++)
670 		if (ealg_list[i].available)
671 			n++;
672 	return n;
673 }
674 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
675 
676 /* Move to common area: it is shared with AH. */
677 
678 int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
679 		 int offset, int len, icv_update_fn_t icv_update)
680 {
681 	int start = skb_headlen(skb);
682 	int i, copy = start - offset;
683 	int err;
684 	struct scatterlist sg;
685 
686 	/* Checksum header. */
687 	if (copy > 0) {
688 		if (copy > len)
689 			copy = len;
690 
691 		sg_init_one(&sg, skb->data + offset, copy);
692 
693 		err = icv_update(desc, &sg, copy);
694 		if (unlikely(err))
695 			return err;
696 
697 		if ((len -= copy) == 0)
698 			return 0;
699 		offset += copy;
700 	}
701 
702 	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
703 		int end;
704 
705 		BUG_TRAP(start <= offset + len);
706 
707 		end = start + skb_shinfo(skb)->frags[i].size;
708 		if ((copy = end - offset) > 0) {
709 			skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
710 
711 			if (copy > len)
712 				copy = len;
713 
714 			sg_init_table(&sg, 1);
715 			sg_set_page(&sg, frag->page, copy,
716 				    frag->page_offset + offset-start);
717 
718 			err = icv_update(desc, &sg, copy);
719 			if (unlikely(err))
720 				return err;
721 
722 			if (!(len -= copy))
723 				return 0;
724 			offset += copy;
725 		}
726 		start = end;
727 	}
728 
729 	if (skb_shinfo(skb)->frag_list) {
730 		struct sk_buff *list = skb_shinfo(skb)->frag_list;
731 
732 		for (; list; list = list->next) {
733 			int end;
734 
735 			BUG_TRAP(start <= offset + len);
736 
737 			end = start + list->len;
738 			if ((copy = end - offset) > 0) {
739 				if (copy > len)
740 					copy = len;
741 				err = skb_icv_walk(list, desc, offset-start,
742 						   copy, icv_update);
743 				if (unlikely(err))
744 					return err;
745 				if ((len -= copy) == 0)
746 					return 0;
747 				offset += copy;
748 			}
749 			start = end;
750 		}
751 	}
752 	BUG_ON(len);
753 	return 0;
754 }
755 EXPORT_SYMBOL_GPL(skb_icv_walk);
756 
757 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
758 
759 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
760 {
761 	if (tail != skb) {
762 		skb->data_len += len;
763 		skb->len += len;
764 	}
765 	return skb_put(tail, len);
766 }
767 EXPORT_SYMBOL_GPL(pskb_put);
768 #endif
769