1 /* 2 * xfrm algorithm interface 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the Free 8 * Software Foundation; either version 2 of the License, or (at your option) 9 * any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/kernel.h> 14 #include <linux/pfkeyv2.h> 15 #include <linux/crypto.h> 16 #include <linux/scatterlist.h> 17 #include <net/xfrm.h> 18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE) 19 #include <net/ah.h> 20 #endif 21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 22 #include <net/esp.h> 23 #endif 24 25 /* 26 * Algorithms supported by IPsec. These entries contain properties which 27 * are used in key negotiation and xfrm processing, and are used to verify 28 * that instantiated crypto transforms have correct parameters for IPsec 29 * purposes. 30 */ 31 static struct xfrm_algo_desc aead_list[] = { 32 { 33 .name = "rfc4106(gcm(aes))", 34 35 .uinfo = { 36 .aead = { 37 .icv_truncbits = 64, 38 } 39 }, 40 41 .desc = { 42 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8, 43 .sadb_alg_ivlen = 8, 44 .sadb_alg_minbits = 128, 45 .sadb_alg_maxbits = 256 46 } 47 }, 48 { 49 .name = "rfc4106(gcm(aes))", 50 51 .uinfo = { 52 .aead = { 53 .icv_truncbits = 96, 54 } 55 }, 56 57 .desc = { 58 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12, 59 .sadb_alg_ivlen = 8, 60 .sadb_alg_minbits = 128, 61 .sadb_alg_maxbits = 256 62 } 63 }, 64 { 65 .name = "rfc4106(gcm(aes))", 66 67 .uinfo = { 68 .aead = { 69 .icv_truncbits = 128, 70 } 71 }, 72 73 .desc = { 74 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16, 75 .sadb_alg_ivlen = 8, 76 .sadb_alg_minbits = 128, 77 .sadb_alg_maxbits = 256 78 } 79 }, 80 { 81 .name = "rfc4309(ccm(aes))", 82 83 .uinfo = { 84 .aead = { 85 .icv_truncbits = 64, 86 } 87 }, 88 89 .desc = { 90 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8, 91 .sadb_alg_ivlen = 8, 92 .sadb_alg_minbits = 128, 93 .sadb_alg_maxbits = 256 94 } 95 }, 96 { 97 .name = "rfc4309(ccm(aes))", 98 99 .uinfo = { 100 .aead = { 101 .icv_truncbits = 96, 102 } 103 }, 104 105 .desc = { 106 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12, 107 .sadb_alg_ivlen = 8, 108 .sadb_alg_minbits = 128, 109 .sadb_alg_maxbits = 256 110 } 111 }, 112 { 113 .name = "rfc4309(ccm(aes))", 114 115 .uinfo = { 116 .aead = { 117 .icv_truncbits = 128, 118 } 119 }, 120 121 .desc = { 122 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16, 123 .sadb_alg_ivlen = 8, 124 .sadb_alg_minbits = 128, 125 .sadb_alg_maxbits = 256 126 } 127 }, 128 }; 129 130 static struct xfrm_algo_desc aalg_list[] = { 131 { 132 .name = "digest_null", 133 134 .uinfo = { 135 .auth = { 136 .icv_truncbits = 0, 137 .icv_fullbits = 0, 138 } 139 }, 140 141 .desc = { 142 .sadb_alg_id = SADB_X_AALG_NULL, 143 .sadb_alg_ivlen = 0, 144 .sadb_alg_minbits = 0, 145 .sadb_alg_maxbits = 0 146 } 147 }, 148 { 149 .name = "hmac(md5)", 150 .compat = "md5", 151 152 .uinfo = { 153 .auth = { 154 .icv_truncbits = 96, 155 .icv_fullbits = 128, 156 } 157 }, 158 159 .desc = { 160 .sadb_alg_id = SADB_AALG_MD5HMAC, 161 .sadb_alg_ivlen = 0, 162 .sadb_alg_minbits = 128, 163 .sadb_alg_maxbits = 128 164 } 165 }, 166 { 167 .name = "hmac(sha1)", 168 .compat = "sha1", 169 170 .uinfo = { 171 .auth = { 172 .icv_truncbits = 96, 173 .icv_fullbits = 160, 174 } 175 }, 176 177 .desc = { 178 .sadb_alg_id = SADB_AALG_SHA1HMAC, 179 .sadb_alg_ivlen = 0, 180 .sadb_alg_minbits = 160, 181 .sadb_alg_maxbits = 160 182 } 183 }, 184 { 185 .name = "hmac(sha256)", 186 .compat = "sha256", 187 188 .uinfo = { 189 .auth = { 190 .icv_truncbits = 96, 191 .icv_fullbits = 256, 192 } 193 }, 194 195 .desc = { 196 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC, 197 .sadb_alg_ivlen = 0, 198 .sadb_alg_minbits = 256, 199 .sadb_alg_maxbits = 256 200 } 201 }, 202 { 203 .name = "hmac(sha384)", 204 205 .uinfo = { 206 .auth = { 207 .icv_truncbits = 192, 208 .icv_fullbits = 384, 209 } 210 }, 211 212 .desc = { 213 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC, 214 .sadb_alg_ivlen = 0, 215 .sadb_alg_minbits = 384, 216 .sadb_alg_maxbits = 384 217 } 218 }, 219 { 220 .name = "hmac(sha512)", 221 222 .uinfo = { 223 .auth = { 224 .icv_truncbits = 256, 225 .icv_fullbits = 512, 226 } 227 }, 228 229 .desc = { 230 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC, 231 .sadb_alg_ivlen = 0, 232 .sadb_alg_minbits = 512, 233 .sadb_alg_maxbits = 512 234 } 235 }, 236 { 237 .name = "hmac(rmd160)", 238 .compat = "rmd160", 239 240 .uinfo = { 241 .auth = { 242 .icv_truncbits = 96, 243 .icv_fullbits = 160, 244 } 245 }, 246 247 .desc = { 248 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, 249 .sadb_alg_ivlen = 0, 250 .sadb_alg_minbits = 160, 251 .sadb_alg_maxbits = 160 252 } 253 }, 254 { 255 .name = "xcbc(aes)", 256 257 .uinfo = { 258 .auth = { 259 .icv_truncbits = 96, 260 .icv_fullbits = 128, 261 } 262 }, 263 264 .desc = { 265 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC, 266 .sadb_alg_ivlen = 0, 267 .sadb_alg_minbits = 128, 268 .sadb_alg_maxbits = 128 269 } 270 }, 271 }; 272 273 static struct xfrm_algo_desc ealg_list[] = { 274 { 275 .name = "ecb(cipher_null)", 276 .compat = "cipher_null", 277 278 .uinfo = { 279 .encr = { 280 .blockbits = 8, 281 .defkeybits = 0, 282 } 283 }, 284 285 .desc = { 286 .sadb_alg_id = SADB_EALG_NULL, 287 .sadb_alg_ivlen = 0, 288 .sadb_alg_minbits = 0, 289 .sadb_alg_maxbits = 0 290 } 291 }, 292 { 293 .name = "cbc(des)", 294 .compat = "des", 295 296 .uinfo = { 297 .encr = { 298 .blockbits = 64, 299 .defkeybits = 64, 300 } 301 }, 302 303 .desc = { 304 .sadb_alg_id = SADB_EALG_DESCBC, 305 .sadb_alg_ivlen = 8, 306 .sadb_alg_minbits = 64, 307 .sadb_alg_maxbits = 64 308 } 309 }, 310 { 311 .name = "cbc(des3_ede)", 312 .compat = "des3_ede", 313 314 .uinfo = { 315 .encr = { 316 .blockbits = 64, 317 .defkeybits = 192, 318 } 319 }, 320 321 .desc = { 322 .sadb_alg_id = SADB_EALG_3DESCBC, 323 .sadb_alg_ivlen = 8, 324 .sadb_alg_minbits = 192, 325 .sadb_alg_maxbits = 192 326 } 327 }, 328 { 329 .name = "cbc(cast5)", 330 .compat = "cast5", 331 332 .uinfo = { 333 .encr = { 334 .blockbits = 64, 335 .defkeybits = 128, 336 } 337 }, 338 339 .desc = { 340 .sadb_alg_id = SADB_X_EALG_CASTCBC, 341 .sadb_alg_ivlen = 8, 342 .sadb_alg_minbits = 40, 343 .sadb_alg_maxbits = 128 344 } 345 }, 346 { 347 .name = "cbc(blowfish)", 348 .compat = "blowfish", 349 350 .uinfo = { 351 .encr = { 352 .blockbits = 64, 353 .defkeybits = 128, 354 } 355 }, 356 357 .desc = { 358 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC, 359 .sadb_alg_ivlen = 8, 360 .sadb_alg_minbits = 40, 361 .sadb_alg_maxbits = 448 362 } 363 }, 364 { 365 .name = "cbc(aes)", 366 .compat = "aes", 367 368 .uinfo = { 369 .encr = { 370 .blockbits = 128, 371 .defkeybits = 128, 372 } 373 }, 374 375 .desc = { 376 .sadb_alg_id = SADB_X_EALG_AESCBC, 377 .sadb_alg_ivlen = 8, 378 .sadb_alg_minbits = 128, 379 .sadb_alg_maxbits = 256 380 } 381 }, 382 { 383 .name = "cbc(serpent)", 384 .compat = "serpent", 385 386 .uinfo = { 387 .encr = { 388 .blockbits = 128, 389 .defkeybits = 128, 390 } 391 }, 392 393 .desc = { 394 .sadb_alg_id = SADB_X_EALG_SERPENTCBC, 395 .sadb_alg_ivlen = 8, 396 .sadb_alg_minbits = 128, 397 .sadb_alg_maxbits = 256, 398 } 399 }, 400 { 401 .name = "cbc(camellia)", 402 .compat = "camellia", 403 404 .uinfo = { 405 .encr = { 406 .blockbits = 128, 407 .defkeybits = 128, 408 } 409 }, 410 411 .desc = { 412 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC, 413 .sadb_alg_ivlen = 8, 414 .sadb_alg_minbits = 128, 415 .sadb_alg_maxbits = 256 416 } 417 }, 418 { 419 .name = "cbc(twofish)", 420 .compat = "twofish", 421 422 .uinfo = { 423 .encr = { 424 .blockbits = 128, 425 .defkeybits = 128, 426 } 427 }, 428 429 .desc = { 430 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC, 431 .sadb_alg_ivlen = 8, 432 .sadb_alg_minbits = 128, 433 .sadb_alg_maxbits = 256 434 } 435 }, 436 { 437 .name = "rfc3686(ctr(aes))", 438 439 .uinfo = { 440 .encr = { 441 .blockbits = 128, 442 .defkeybits = 160, /* 128-bit key + 32-bit nonce */ 443 } 444 }, 445 446 .desc = { 447 .sadb_alg_id = SADB_X_EALG_AESCTR, 448 .sadb_alg_ivlen = 8, 449 .sadb_alg_minbits = 128, 450 .sadb_alg_maxbits = 256 451 } 452 }, 453 }; 454 455 static struct xfrm_algo_desc calg_list[] = { 456 { 457 .name = "deflate", 458 .uinfo = { 459 .comp = { 460 .threshold = 90, 461 } 462 }, 463 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE } 464 }, 465 { 466 .name = "lzs", 467 .uinfo = { 468 .comp = { 469 .threshold = 90, 470 } 471 }, 472 .desc = { .sadb_alg_id = SADB_X_CALG_LZS } 473 }, 474 { 475 .name = "lzjh", 476 .uinfo = { 477 .comp = { 478 .threshold = 50, 479 } 480 }, 481 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH } 482 }, 483 }; 484 485 static inline int aead_entries(void) 486 { 487 return ARRAY_SIZE(aead_list); 488 } 489 490 static inline int aalg_entries(void) 491 { 492 return ARRAY_SIZE(aalg_list); 493 } 494 495 static inline int ealg_entries(void) 496 { 497 return ARRAY_SIZE(ealg_list); 498 } 499 500 static inline int calg_entries(void) 501 { 502 return ARRAY_SIZE(calg_list); 503 } 504 505 struct xfrm_algo_list { 506 struct xfrm_algo_desc *algs; 507 int entries; 508 u32 type; 509 u32 mask; 510 }; 511 512 static const struct xfrm_algo_list xfrm_aead_list = { 513 .algs = aead_list, 514 .entries = ARRAY_SIZE(aead_list), 515 .type = CRYPTO_ALG_TYPE_AEAD, 516 .mask = CRYPTO_ALG_TYPE_MASK, 517 }; 518 519 static const struct xfrm_algo_list xfrm_aalg_list = { 520 .algs = aalg_list, 521 .entries = ARRAY_SIZE(aalg_list), 522 .type = CRYPTO_ALG_TYPE_HASH, 523 .mask = CRYPTO_ALG_TYPE_HASH_MASK, 524 }; 525 526 static const struct xfrm_algo_list xfrm_ealg_list = { 527 .algs = ealg_list, 528 .entries = ARRAY_SIZE(ealg_list), 529 .type = CRYPTO_ALG_TYPE_BLKCIPHER, 530 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK, 531 }; 532 533 static const struct xfrm_algo_list xfrm_calg_list = { 534 .algs = calg_list, 535 .entries = ARRAY_SIZE(calg_list), 536 .type = CRYPTO_ALG_TYPE_COMPRESS, 537 .mask = CRYPTO_ALG_TYPE_MASK, 538 }; 539 540 static struct xfrm_algo_desc *xfrm_find_algo( 541 const struct xfrm_algo_list *algo_list, 542 int match(const struct xfrm_algo_desc *entry, const void *data), 543 const void *data, int probe) 544 { 545 struct xfrm_algo_desc *list = algo_list->algs; 546 int i, status; 547 548 for (i = 0; i < algo_list->entries; i++) { 549 if (!match(list + i, data)) 550 continue; 551 552 if (list[i].available) 553 return &list[i]; 554 555 if (!probe) 556 break; 557 558 status = crypto_has_alg(list[i].name, algo_list->type, 559 algo_list->mask); 560 if (!status) 561 break; 562 563 list[i].available = status; 564 return &list[i]; 565 } 566 return NULL; 567 } 568 569 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry, 570 const void *data) 571 { 572 return entry->desc.sadb_alg_id == (unsigned long)data; 573 } 574 575 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id) 576 { 577 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match, 578 (void *)(unsigned long)alg_id, 1); 579 } 580 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid); 581 582 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id) 583 { 584 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match, 585 (void *)(unsigned long)alg_id, 1); 586 } 587 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid); 588 589 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id) 590 { 591 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match, 592 (void *)(unsigned long)alg_id, 1); 593 } 594 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid); 595 596 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry, 597 const void *data) 598 { 599 const char *name = data; 600 601 return name && (!strcmp(name, entry->name) || 602 (entry->compat && !strcmp(name, entry->compat))); 603 } 604 605 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe) 606 { 607 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name, 608 probe); 609 } 610 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname); 611 612 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe) 613 { 614 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name, 615 probe); 616 } 617 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname); 618 619 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe) 620 { 621 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name, 622 probe); 623 } 624 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname); 625 626 struct xfrm_aead_name { 627 const char *name; 628 int icvbits; 629 }; 630 631 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry, 632 const void *data) 633 { 634 const struct xfrm_aead_name *aead = data; 635 const char *name = aead->name; 636 637 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name && 638 !strcmp(name, entry->name); 639 } 640 641 struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe) 642 { 643 struct xfrm_aead_name data = { 644 .name = name, 645 .icvbits = icv_len, 646 }; 647 648 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data, 649 probe); 650 } 651 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname); 652 653 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx) 654 { 655 if (idx >= aalg_entries()) 656 return NULL; 657 658 return &aalg_list[idx]; 659 } 660 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx); 661 662 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx) 663 { 664 if (idx >= ealg_entries()) 665 return NULL; 666 667 return &ealg_list[idx]; 668 } 669 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx); 670 671 /* 672 * Probe for the availability of crypto algorithms, and set the available 673 * flag for any algorithms found on the system. This is typically called by 674 * pfkey during userspace SA add, update or register. 675 */ 676 void xfrm_probe_algs(void) 677 { 678 int i, status; 679 680 BUG_ON(in_softirq()); 681 682 for (i = 0; i < aalg_entries(); i++) { 683 status = crypto_has_hash(aalg_list[i].name, 0, 684 CRYPTO_ALG_ASYNC); 685 if (aalg_list[i].available != status) 686 aalg_list[i].available = status; 687 } 688 689 for (i = 0; i < ealg_entries(); i++) { 690 status = crypto_has_blkcipher(ealg_list[i].name, 0, 691 CRYPTO_ALG_ASYNC); 692 if (ealg_list[i].available != status) 693 ealg_list[i].available = status; 694 } 695 696 for (i = 0; i < calg_entries(); i++) { 697 status = crypto_has_comp(calg_list[i].name, 0, 698 CRYPTO_ALG_ASYNC); 699 if (calg_list[i].available != status) 700 calg_list[i].available = status; 701 } 702 } 703 EXPORT_SYMBOL_GPL(xfrm_probe_algs); 704 705 int xfrm_count_auth_supported(void) 706 { 707 int i, n; 708 709 for (i = 0, n = 0; i < aalg_entries(); i++) 710 if (aalg_list[i].available) 711 n++; 712 return n; 713 } 714 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported); 715 716 int xfrm_count_enc_supported(void) 717 { 718 int i, n; 719 720 for (i = 0, n = 0; i < ealg_entries(); i++) 721 if (ealg_list[i].available) 722 n++; 723 return n; 724 } 725 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported); 726 727 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 728 729 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len) 730 { 731 if (tail != skb) { 732 skb->data_len += len; 733 skb->len += len; 734 } 735 return skb_put(tail, len); 736 } 737 EXPORT_SYMBOL_GPL(pskb_put); 738 #endif 739