xref: /openbmc/linux/net/xfrm/xfrm_algo.c (revision f42b3800) 
1 /*
2  * xfrm algorithm interface
3  *
4  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
17 #include <net/xfrm.h>
18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19 #include <net/ah.h>
20 #endif
21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22 #include <net/esp.h>
23 #endif
24 
25 /*
26  * Algorithms supported by IPsec.  These entries contain properties which
27  * are used in key negotiation and xfrm processing, and are used to verify
28  * that instantiated crypto transforms have correct parameters for IPsec
29  * purposes.
30  */
31 static struct xfrm_algo_desc aead_list[] = {
32 {
33 	.name = "rfc4106(gcm(aes))",
34 
35 	.uinfo = {
36 		.aead = {
37 			.icv_truncbits = 64,
38 		}
39 	},
40 
41 	.desc = {
42 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 		.sadb_alg_ivlen = 8,
44 		.sadb_alg_minbits = 128,
45 		.sadb_alg_maxbits = 256
46 	}
47 },
48 {
49 	.name = "rfc4106(gcm(aes))",
50 
51 	.uinfo = {
52 		.aead = {
53 			.icv_truncbits = 96,
54 		}
55 	},
56 
57 	.desc = {
58 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59 		.sadb_alg_ivlen = 8,
60 		.sadb_alg_minbits = 128,
61 		.sadb_alg_maxbits = 256
62 	}
63 },
64 {
65 	.name = "rfc4106(gcm(aes))",
66 
67 	.uinfo = {
68 		.aead = {
69 			.icv_truncbits = 128,
70 		}
71 	},
72 
73 	.desc = {
74 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75 		.sadb_alg_ivlen = 8,
76 		.sadb_alg_minbits = 128,
77 		.sadb_alg_maxbits = 256
78 	}
79 },
80 {
81 	.name = "rfc4309(ccm(aes))",
82 
83 	.uinfo = {
84 		.aead = {
85 			.icv_truncbits = 64,
86 		}
87 	},
88 
89 	.desc = {
90 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91 		.sadb_alg_ivlen = 8,
92 		.sadb_alg_minbits = 128,
93 		.sadb_alg_maxbits = 256
94 	}
95 },
96 {
97 	.name = "rfc4309(ccm(aes))",
98 
99 	.uinfo = {
100 		.aead = {
101 			.icv_truncbits = 96,
102 		}
103 	},
104 
105 	.desc = {
106 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107 		.sadb_alg_ivlen = 8,
108 		.sadb_alg_minbits = 128,
109 		.sadb_alg_maxbits = 256
110 	}
111 },
112 {
113 	.name = "rfc4309(ccm(aes))",
114 
115 	.uinfo = {
116 		.aead = {
117 			.icv_truncbits = 128,
118 		}
119 	},
120 
121 	.desc = {
122 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123 		.sadb_alg_ivlen = 8,
124 		.sadb_alg_minbits = 128,
125 		.sadb_alg_maxbits = 256
126 	}
127 },
128 };
129 
130 static struct xfrm_algo_desc aalg_list[] = {
131 {
132 	.name = "hmac(digest_null)",
133 	.compat = "digest_null",
134 
135 	.uinfo = {
136 		.auth = {
137 			.icv_truncbits = 0,
138 			.icv_fullbits = 0,
139 		}
140 	},
141 
142 	.desc = {
143 		.sadb_alg_id = SADB_X_AALG_NULL,
144 		.sadb_alg_ivlen = 0,
145 		.sadb_alg_minbits = 0,
146 		.sadb_alg_maxbits = 0
147 	}
148 },
149 {
150 	.name = "hmac(md5)",
151 	.compat = "md5",
152 
153 	.uinfo = {
154 		.auth = {
155 			.icv_truncbits = 96,
156 			.icv_fullbits = 128,
157 		}
158 	},
159 
160 	.desc = {
161 		.sadb_alg_id = SADB_AALG_MD5HMAC,
162 		.sadb_alg_ivlen = 0,
163 		.sadb_alg_minbits = 128,
164 		.sadb_alg_maxbits = 128
165 	}
166 },
167 {
168 	.name = "hmac(sha1)",
169 	.compat = "sha1",
170 
171 	.uinfo = {
172 		.auth = {
173 			.icv_truncbits = 96,
174 			.icv_fullbits = 160,
175 		}
176 	},
177 
178 	.desc = {
179 		.sadb_alg_id = SADB_AALG_SHA1HMAC,
180 		.sadb_alg_ivlen = 0,
181 		.sadb_alg_minbits = 160,
182 		.sadb_alg_maxbits = 160
183 	}
184 },
185 {
186 	.name = "hmac(sha256)",
187 	.compat = "sha256",
188 
189 	.uinfo = {
190 		.auth = {
191 			.icv_truncbits = 96,
192 			.icv_fullbits = 256,
193 		}
194 	},
195 
196 	.desc = {
197 		.sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
198 		.sadb_alg_ivlen = 0,
199 		.sadb_alg_minbits = 256,
200 		.sadb_alg_maxbits = 256
201 	}
202 },
203 {
204 	.name = "hmac(ripemd160)",
205 	.compat = "ripemd160",
206 
207 	.uinfo = {
208 		.auth = {
209 			.icv_truncbits = 96,
210 			.icv_fullbits = 160,
211 		}
212 	},
213 
214 	.desc = {
215 		.sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
216 		.sadb_alg_ivlen = 0,
217 		.sadb_alg_minbits = 160,
218 		.sadb_alg_maxbits = 160
219 	}
220 },
221 {
222 	.name = "xcbc(aes)",
223 
224 	.uinfo = {
225 		.auth = {
226 			.icv_truncbits = 96,
227 			.icv_fullbits = 128,
228 		}
229 	},
230 
231 	.desc = {
232 		.sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
233 		.sadb_alg_ivlen = 0,
234 		.sadb_alg_minbits = 128,
235 		.sadb_alg_maxbits = 128
236 	}
237 },
238 };
239 
240 static struct xfrm_algo_desc ealg_list[] = {
241 {
242 	.name = "ecb(cipher_null)",
243 	.compat = "cipher_null",
244 
245 	.uinfo = {
246 		.encr = {
247 			.blockbits = 8,
248 			.defkeybits = 0,
249 		}
250 	},
251 
252 	.desc = {
253 		.sadb_alg_id =	SADB_EALG_NULL,
254 		.sadb_alg_ivlen = 0,
255 		.sadb_alg_minbits = 0,
256 		.sadb_alg_maxbits = 0
257 	}
258 },
259 {
260 	.name = "cbc(des)",
261 	.compat = "des",
262 
263 	.uinfo = {
264 		.encr = {
265 			.blockbits = 64,
266 			.defkeybits = 64,
267 		}
268 	},
269 
270 	.desc = {
271 		.sadb_alg_id = SADB_EALG_DESCBC,
272 		.sadb_alg_ivlen = 8,
273 		.sadb_alg_minbits = 64,
274 		.sadb_alg_maxbits = 64
275 	}
276 },
277 {
278 	.name = "cbc(des3_ede)",
279 	.compat = "des3_ede",
280 
281 	.uinfo = {
282 		.encr = {
283 			.blockbits = 64,
284 			.defkeybits = 192,
285 		}
286 	},
287 
288 	.desc = {
289 		.sadb_alg_id = SADB_EALG_3DESCBC,
290 		.sadb_alg_ivlen = 8,
291 		.sadb_alg_minbits = 192,
292 		.sadb_alg_maxbits = 192
293 	}
294 },
295 {
296 	.name = "cbc(cast128)",
297 	.compat = "cast128",
298 
299 	.uinfo = {
300 		.encr = {
301 			.blockbits = 64,
302 			.defkeybits = 128,
303 		}
304 	},
305 
306 	.desc = {
307 		.sadb_alg_id = SADB_X_EALG_CASTCBC,
308 		.sadb_alg_ivlen = 8,
309 		.sadb_alg_minbits = 40,
310 		.sadb_alg_maxbits = 128
311 	}
312 },
313 {
314 	.name = "cbc(blowfish)",
315 	.compat = "blowfish",
316 
317 	.uinfo = {
318 		.encr = {
319 			.blockbits = 64,
320 			.defkeybits = 128,
321 		}
322 	},
323 
324 	.desc = {
325 		.sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
326 		.sadb_alg_ivlen = 8,
327 		.sadb_alg_minbits = 40,
328 		.sadb_alg_maxbits = 448
329 	}
330 },
331 {
332 	.name = "cbc(aes)",
333 	.compat = "aes",
334 
335 	.uinfo = {
336 		.encr = {
337 			.blockbits = 128,
338 			.defkeybits = 128,
339 		}
340 	},
341 
342 	.desc = {
343 		.sadb_alg_id = SADB_X_EALG_AESCBC,
344 		.sadb_alg_ivlen = 8,
345 		.sadb_alg_minbits = 128,
346 		.sadb_alg_maxbits = 256
347 	}
348 },
349 {
350 	.name = "cbc(serpent)",
351 	.compat = "serpent",
352 
353 	.uinfo = {
354 		.encr = {
355 			.blockbits = 128,
356 			.defkeybits = 128,
357 		}
358 	},
359 
360 	.desc = {
361 		.sadb_alg_id = SADB_X_EALG_SERPENTCBC,
362 		.sadb_alg_ivlen = 8,
363 		.sadb_alg_minbits = 128,
364 		.sadb_alg_maxbits = 256,
365 	}
366 },
367 {
368 	.name = "cbc(camellia)",
369 
370 	.uinfo = {
371 		.encr = {
372 			.blockbits = 128,
373 			.defkeybits = 128,
374 		}
375 	},
376 
377 	.desc = {
378 		.sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
379 		.sadb_alg_ivlen = 8,
380 		.sadb_alg_minbits = 128,
381 		.sadb_alg_maxbits = 256
382 	}
383 },
384 {
385 	.name = "cbc(twofish)",
386 	.compat = "twofish",
387 
388 	.uinfo = {
389 		.encr = {
390 			.blockbits = 128,
391 			.defkeybits = 128,
392 		}
393 	},
394 
395 	.desc = {
396 		.sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
397 		.sadb_alg_ivlen = 8,
398 		.sadb_alg_minbits = 128,
399 		.sadb_alg_maxbits = 256
400 	}
401 },
402 {
403 	.name = "rfc3686(ctr(aes))",
404 
405 	.uinfo = {
406 		.encr = {
407 			.blockbits = 128,
408 			.defkeybits = 160, /* 128-bit key + 32-bit nonce */
409 		}
410 	},
411 
412 	.desc = {
413 		.sadb_alg_id = SADB_X_EALG_AESCTR,
414 		.sadb_alg_ivlen	= 8,
415 		.sadb_alg_minbits = 128,
416 		.sadb_alg_maxbits = 256
417 	}
418 },
419 };
420 
421 static struct xfrm_algo_desc calg_list[] = {
422 {
423 	.name = "deflate",
424 	.uinfo = {
425 		.comp = {
426 			.threshold = 90,
427 		}
428 	},
429 	.desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
430 },
431 {
432 	.name = "lzs",
433 	.uinfo = {
434 		.comp = {
435 			.threshold = 90,
436 		}
437 	},
438 	.desc = { .sadb_alg_id = SADB_X_CALG_LZS }
439 },
440 {
441 	.name = "lzjh",
442 	.uinfo = {
443 		.comp = {
444 			.threshold = 50,
445 		}
446 	},
447 	.desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
448 },
449 };
450 
451 static inline int aead_entries(void)
452 {
453 	return ARRAY_SIZE(aead_list);
454 }
455 
456 static inline int aalg_entries(void)
457 {
458 	return ARRAY_SIZE(aalg_list);
459 }
460 
461 static inline int ealg_entries(void)
462 {
463 	return ARRAY_SIZE(ealg_list);
464 }
465 
466 static inline int calg_entries(void)
467 {
468 	return ARRAY_SIZE(calg_list);
469 }
470 
471 struct xfrm_algo_list {
472 	struct xfrm_algo_desc *algs;
473 	int entries;
474 	u32 type;
475 	u32 mask;
476 };
477 
478 static const struct xfrm_algo_list xfrm_aead_list = {
479 	.algs = aead_list,
480 	.entries = ARRAY_SIZE(aead_list),
481 	.type = CRYPTO_ALG_TYPE_AEAD,
482 	.mask = CRYPTO_ALG_TYPE_MASK,
483 };
484 
485 static const struct xfrm_algo_list xfrm_aalg_list = {
486 	.algs = aalg_list,
487 	.entries = ARRAY_SIZE(aalg_list),
488 	.type = CRYPTO_ALG_TYPE_HASH,
489 	.mask = CRYPTO_ALG_TYPE_HASH_MASK,
490 };
491 
492 static const struct xfrm_algo_list xfrm_ealg_list = {
493 	.algs = ealg_list,
494 	.entries = ARRAY_SIZE(ealg_list),
495 	.type = CRYPTO_ALG_TYPE_BLKCIPHER,
496 	.mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
497 };
498 
499 static const struct xfrm_algo_list xfrm_calg_list = {
500 	.algs = calg_list,
501 	.entries = ARRAY_SIZE(calg_list),
502 	.type = CRYPTO_ALG_TYPE_COMPRESS,
503 	.mask = CRYPTO_ALG_TYPE_MASK,
504 };
505 
506 static struct xfrm_algo_desc *xfrm_find_algo(
507 	const struct xfrm_algo_list *algo_list,
508 	int match(const struct xfrm_algo_desc *entry, const void *data),
509 	const void *data, int probe)
510 {
511 	struct xfrm_algo_desc *list = algo_list->algs;
512 	int i, status;
513 
514 	for (i = 0; i < algo_list->entries; i++) {
515 		if (!match(list + i, data))
516 			continue;
517 
518 		if (list[i].available)
519 			return &list[i];
520 
521 		if (!probe)
522 			break;
523 
524 		status = crypto_has_alg(list[i].name, algo_list->type,
525 					algo_list->mask);
526 		if (!status)
527 			break;
528 
529 		list[i].available = status;
530 		return &list[i];
531 	}
532 	return NULL;
533 }
534 
535 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
536 			     const void *data)
537 {
538 	return entry->desc.sadb_alg_id == (unsigned long)data;
539 }
540 
541 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
542 {
543 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
544 			      (void *)(unsigned long)alg_id, 1);
545 }
546 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
547 
548 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
549 {
550 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
551 			      (void *)(unsigned long)alg_id, 1);
552 }
553 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
554 
555 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
556 {
557 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
558 			      (void *)(unsigned long)alg_id, 1);
559 }
560 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
561 
562 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
563 			       const void *data)
564 {
565 	const char *name = data;
566 
567 	return name && (!strcmp(name, entry->name) ||
568 			(entry->compat && !strcmp(name, entry->compat)));
569 }
570 
571 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
572 {
573 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
574 			      probe);
575 }
576 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
577 
578 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
579 {
580 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
581 			      probe);
582 }
583 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
584 
585 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
586 {
587 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
588 			      probe);
589 }
590 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
591 
592 struct xfrm_aead_name {
593 	const char *name;
594 	int icvbits;
595 };
596 
597 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
598 				const void *data)
599 {
600 	const struct xfrm_aead_name *aead = data;
601 	const char *name = aead->name;
602 
603 	return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
604 	       !strcmp(name, entry->name);
605 }
606 
607 struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe)
608 {
609 	struct xfrm_aead_name data = {
610 		.name = name,
611 		.icvbits = icv_len,
612 	};
613 
614 	return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
615 			      probe);
616 }
617 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
618 
619 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
620 {
621 	if (idx >= aalg_entries())
622 		return NULL;
623 
624 	return &aalg_list[idx];
625 }
626 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
627 
628 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
629 {
630 	if (idx >= ealg_entries())
631 		return NULL;
632 
633 	return &ealg_list[idx];
634 }
635 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
636 
637 /*
638  * Probe for the availability of crypto algorithms, and set the available
639  * flag for any algorithms found on the system.  This is typically called by
640  * pfkey during userspace SA add, update or register.
641  */
642 void xfrm_probe_algs(void)
643 {
644 	int i, status;
645 
646 	BUG_ON(in_softirq());
647 
648 	for (i = 0; i < aalg_entries(); i++) {
649 		status = crypto_has_hash(aalg_list[i].name, 0,
650 					 CRYPTO_ALG_ASYNC);
651 		if (aalg_list[i].available != status)
652 			aalg_list[i].available = status;
653 	}
654 
655 	for (i = 0; i < ealg_entries(); i++) {
656 		status = crypto_has_blkcipher(ealg_list[i].name, 0,
657 					      CRYPTO_ALG_ASYNC);
658 		if (ealg_list[i].available != status)
659 			ealg_list[i].available = status;
660 	}
661 
662 	for (i = 0; i < calg_entries(); i++) {
663 		status = crypto_has_comp(calg_list[i].name, 0,
664 					 CRYPTO_ALG_ASYNC);
665 		if (calg_list[i].available != status)
666 			calg_list[i].available = status;
667 	}
668 }
669 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
670 
671 int xfrm_count_auth_supported(void)
672 {
673 	int i, n;
674 
675 	for (i = 0, n = 0; i < aalg_entries(); i++)
676 		if (aalg_list[i].available)
677 			n++;
678 	return n;
679 }
680 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
681 
682 int xfrm_count_enc_supported(void)
683 {
684 	int i, n;
685 
686 	for (i = 0, n = 0; i < ealg_entries(); i++)
687 		if (ealg_list[i].available)
688 			n++;
689 	return n;
690 }
691 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
692 
693 /* Move to common area: it is shared with AH. */
694 
695 int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
696 		 int offset, int len, icv_update_fn_t icv_update)
697 {
698 	int start = skb_headlen(skb);
699 	int i, copy = start - offset;
700 	int err;
701 	struct scatterlist sg;
702 
703 	/* Checksum header. */
704 	if (copy > 0) {
705 		if (copy > len)
706 			copy = len;
707 
708 		sg_init_one(&sg, skb->data + offset, copy);
709 
710 		err = icv_update(desc, &sg, copy);
711 		if (unlikely(err))
712 			return err;
713 
714 		if ((len -= copy) == 0)
715 			return 0;
716 		offset += copy;
717 	}
718 
719 	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
720 		int end;
721 
722 		BUG_TRAP(start <= offset + len);
723 
724 		end = start + skb_shinfo(skb)->frags[i].size;
725 		if ((copy = end - offset) > 0) {
726 			skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
727 
728 			if (copy > len)
729 				copy = len;
730 
731 			sg_init_table(&sg, 1);
732 			sg_set_page(&sg, frag->page, copy,
733 				    frag->page_offset + offset-start);
734 
735 			err = icv_update(desc, &sg, copy);
736 			if (unlikely(err))
737 				return err;
738 
739 			if (!(len -= copy))
740 				return 0;
741 			offset += copy;
742 		}
743 		start = end;
744 	}
745 
746 	if (skb_shinfo(skb)->frag_list) {
747 		struct sk_buff *list = skb_shinfo(skb)->frag_list;
748 
749 		for (; list; list = list->next) {
750 			int end;
751 
752 			BUG_TRAP(start <= offset + len);
753 
754 			end = start + list->len;
755 			if ((copy = end - offset) > 0) {
756 				if (copy > len)
757 					copy = len;
758 				err = skb_icv_walk(list, desc, offset-start,
759 						   copy, icv_update);
760 				if (unlikely(err))
761 					return err;
762 				if ((len -= copy) == 0)
763 					return 0;
764 				offset += copy;
765 			}
766 			start = end;
767 		}
768 	}
769 	BUG_ON(len);
770 	return 0;
771 }
772 EXPORT_SYMBOL_GPL(skb_icv_walk);
773 
774 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
775 
776 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
777 {
778 	if (tail != skb) {
779 		skb->data_len += len;
780 		skb->len += len;
781 	}
782 	return skb_put(tail, len);
783 }
784 EXPORT_SYMBOL_GPL(pskb_put);
785 #endif
786