linux/net/xfrm/xfrm_algo.c
<<
>>
Prefs
   1/*
   2 * xfrm algorithm interface
   3 *
   4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
   5 *
   6 * This program is free software; you can redistribute it and/or modify it
   7 * under the terms of the GNU General Public License as published by the Free
   8 * Software Foundation; either version 2 of the License, or (at your option)
   9 * any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/kernel.h>
  14#include <linux/pfkeyv2.h>
  15#include <linux/crypto.h>
  16#include <linux/scatterlist.h>
  17#include <net/xfrm.h>
  18#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
  19#include <net/esp.h>
  20#endif
  21
  22/*
  23 * Algorithms supported by IPsec.  These entries contain properties which
  24 * are used in key negotiation and xfrm processing, and are used to verify
  25 * that instantiated crypto transforms have correct parameters for IPsec
  26 * purposes.
  27 */
  28static struct xfrm_algo_desc aead_list[] = {
  29{
  30        .name = "rfc4106(gcm(aes))",
  31
  32        .uinfo = {
  33                .aead = {
  34                        .icv_truncbits = 64,
  35                }
  36        },
  37
  38        .desc = {
  39                .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
  40                .sadb_alg_ivlen = 8,
  41                .sadb_alg_minbits = 128,
  42                .sadb_alg_maxbits = 256
  43        }
  44},
  45{
  46        .name = "rfc4106(gcm(aes))",
  47
  48        .uinfo = {
  49                .aead = {
  50                        .icv_truncbits = 96,
  51                }
  52        },
  53
  54        .desc = {
  55                .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
  56                .sadb_alg_ivlen = 8,
  57                .sadb_alg_minbits = 128,
  58                .sadb_alg_maxbits = 256
  59        }
  60},
  61{
  62        .name = "rfc4106(gcm(aes))",
  63
  64        .uinfo = {
  65                .aead = {
  66                        .icv_truncbits = 128,
  67                }
  68        },
  69
  70        .desc = {
  71                .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
  72                .sadb_alg_ivlen = 8,
  73                .sadb_alg_minbits = 128,
  74                .sadb_alg_maxbits = 256
  75        }
  76},
  77{
  78        .name = "rfc4309(ccm(aes))",
  79
  80        .uinfo = {
  81                .aead = {
  82                        .icv_truncbits = 64,
  83                }
  84        },
  85
  86        .desc = {
  87                .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
  88                .sadb_alg_ivlen = 8,
  89                .sadb_alg_minbits = 128,
  90                .sadb_alg_maxbits = 256
  91        }
  92},
  93{
  94        .name = "rfc4309(ccm(aes))",
  95
  96        .uinfo = {
  97                .aead = {
  98                        .icv_truncbits = 96,
  99                }
 100        },
 101
 102        .desc = {
 103                .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
 104                .sadb_alg_ivlen = 8,
 105                .sadb_alg_minbits = 128,
 106                .sadb_alg_maxbits = 256
 107        }
 108},
 109{
 110        .name = "rfc4309(ccm(aes))",
 111
 112        .uinfo = {
 113                .aead = {
 114                        .icv_truncbits = 128,
 115                }
 116        },
 117
 118        .desc = {
 119                .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
 120                .sadb_alg_ivlen = 8,
 121                .sadb_alg_minbits = 128,
 122                .sadb_alg_maxbits = 256
 123        }
 124},
 125{
 126        .name = "rfc4543(gcm(aes))",
 127
 128        .uinfo = {
 129                .aead = {
 130                        .icv_truncbits = 128,
 131                }
 132        },
 133
 134        .desc = {
 135                .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
 136                .sadb_alg_ivlen = 8,
 137                .sadb_alg_minbits = 128,
 138                .sadb_alg_maxbits = 256
 139        }
 140},
 141};
 142
 143static struct xfrm_algo_desc aalg_list[] = {
 144{
 145        .name = "digest_null",
 146
 147        .uinfo = {
 148                .auth = {
 149                        .icv_truncbits = 0,
 150                        .icv_fullbits = 0,
 151                }
 152        },
 153
 154        .desc = {
 155                .sadb_alg_id = SADB_X_AALG_NULL,
 156                .sadb_alg_ivlen = 0,
 157                .sadb_alg_minbits = 0,
 158                .sadb_alg_maxbits = 0
 159        }
 160},
 161{
 162        .name = "hmac(md5)",
 163        .compat = "md5",
 164
 165        .uinfo = {
 166                .auth = {
 167                        .icv_truncbits = 96,
 168                        .icv_fullbits = 128,
 169                }
 170        },
 171
 172        .desc = {
 173                .sadb_alg_id = SADB_AALG_MD5HMAC,
 174                .sadb_alg_ivlen = 0,
 175                .sadb_alg_minbits = 128,
 176                .sadb_alg_maxbits = 128
 177        }
 178},
 179{
 180        .name = "hmac(sha1)",
 181        .compat = "sha1",
 182
 183        .uinfo = {
 184                .auth = {
 185                        .icv_truncbits = 96,
 186                        .icv_fullbits = 160,
 187                }
 188        },
 189
 190        .desc = {
 191                .sadb_alg_id = SADB_AALG_SHA1HMAC,
 192                .sadb_alg_ivlen = 0,
 193                .sadb_alg_minbits = 160,
 194                .sadb_alg_maxbits = 160
 195        }
 196},
 197{
 198        .name = "hmac(sha256)",
 199        .compat = "sha256",
 200
 201        .uinfo = {
 202                .auth = {
 203                        .icv_truncbits = 96,
 204                        .icv_fullbits = 256,
 205                }
 206        },
 207
 208        .desc = {
 209                .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
 210                .sadb_alg_ivlen = 0,
 211                .sadb_alg_minbits = 256,
 212                .sadb_alg_maxbits = 256
 213        }
 214},
 215{
 216        .name = "hmac(sha384)",
 217
 218        .uinfo = {
 219                .auth = {
 220                        .icv_truncbits = 192,
 221                        .icv_fullbits = 384,
 222                }
 223        },
 224
 225        .desc = {
 226                .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
 227                .sadb_alg_ivlen = 0,
 228                .sadb_alg_minbits = 384,
 229                .sadb_alg_maxbits = 384
 230        }
 231},
 232{
 233        .name = "hmac(sha512)",
 234
 235        .uinfo = {
 236                .auth = {
 237                        .icv_truncbits = 256,
 238                        .icv_fullbits = 512,
 239                }
 240        },
 241
 242        .desc = {
 243                .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
 244                .sadb_alg_ivlen = 0,
 245                .sadb_alg_minbits = 512,
 246                .sadb_alg_maxbits = 512
 247        }
 248},
 249{
 250        .name = "hmac(rmd160)",
 251        .compat = "rmd160",
 252
 253        .uinfo = {
 254                .auth = {
 255                        .icv_truncbits = 96,
 256                        .icv_fullbits = 160,
 257                }
 258        },
 259
 260        .desc = {
 261                .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
 262                .sadb_alg_ivlen = 0,
 263                .sadb_alg_minbits = 160,
 264                .sadb_alg_maxbits = 160
 265        }
 266},
 267{
 268        .name = "xcbc(aes)",
 269
 270        .uinfo = {
 271                .auth = {
 272                        .icv_truncbits = 96,
 273                        .icv_fullbits = 128,
 274                }
 275        },
 276
 277        .desc = {
 278                .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
 279                .sadb_alg_ivlen = 0,
 280                .sadb_alg_minbits = 128,
 281                .sadb_alg_maxbits = 128
 282        }
 283},
 284};
 285
 286static struct xfrm_algo_desc ealg_list[] = {
 287{
 288        .name = "ecb(cipher_null)",
 289        .compat = "cipher_null",
 290
 291        .uinfo = {
 292                .encr = {
 293                        .blockbits = 8,
 294                        .defkeybits = 0,
 295                }
 296        },
 297
 298        .desc = {
 299                .sadb_alg_id =  SADB_EALG_NULL,
 300                .sadb_alg_ivlen = 0,
 301                .sadb_alg_minbits = 0,
 302                .sadb_alg_maxbits = 0
 303        }
 304},
 305{
 306        .name = "cbc(des)",
 307        .compat = "des",
 308
 309        .uinfo = {
 310                .encr = {
 311                        .blockbits = 64,
 312                        .defkeybits = 64,
 313                }
 314        },
 315
 316        .desc = {
 317                .sadb_alg_id = SADB_EALG_DESCBC,
 318                .sadb_alg_ivlen = 8,
 319                .sadb_alg_minbits = 64,
 320                .sadb_alg_maxbits = 64
 321        }
 322},
 323{
 324        .name = "cbc(des3_ede)",
 325        .compat = "des3_ede",
 326
 327        .uinfo = {
 328                .encr = {
 329                        .blockbits = 64,
 330                        .defkeybits = 192,
 331                }
 332        },
 333
 334        .desc = {
 335                .sadb_alg_id = SADB_EALG_3DESCBC,
 336                .sadb_alg_ivlen = 8,
 337                .sadb_alg_minbits = 192,
 338                .sadb_alg_maxbits = 192
 339        }
 340},
 341{
 342        .name = "cbc(cast5)",
 343        .compat = "cast5",
 344
 345        .uinfo = {
 346                .encr = {
 347                        .blockbits = 64,
 348                        .defkeybits = 128,
 349                }
 350        },
 351
 352        .desc = {
 353                .sadb_alg_id = SADB_X_EALG_CASTCBC,
 354                .sadb_alg_ivlen = 8,
 355                .sadb_alg_minbits = 40,
 356                .sadb_alg_maxbits = 128
 357        }
 358},
 359{
 360        .name = "cbc(blowfish)",
 361        .compat = "blowfish",
 362
 363        .uinfo = {
 364                .encr = {
 365                        .blockbits = 64,
 366                        .defkeybits = 128,
 367                }
 368        },
 369
 370        .desc = {
 371                .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
 372                .sadb_alg_ivlen = 8,
 373                .sadb_alg_minbits = 40,
 374                .sadb_alg_maxbits = 448
 375        }
 376},
 377{
 378        .name = "cbc(aes)",
 379        .compat = "aes",
 380
 381        .uinfo = {
 382                .encr = {
 383                        .blockbits = 128,
 384                        .defkeybits = 128,
 385                }
 386        },
 387
 388        .desc = {
 389                .sadb_alg_id = SADB_X_EALG_AESCBC,
 390                .sadb_alg_ivlen = 8,
 391                .sadb_alg_minbits = 128,
 392                .sadb_alg_maxbits = 256
 393        }
 394},
 395{
 396        .name = "cbc(serpent)",
 397        .compat = "serpent",
 398
 399        .uinfo = {
 400                .encr = {
 401                        .blockbits = 128,
 402                        .defkeybits = 128,
 403                }
 404        },
 405
 406        .desc = {
 407                .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
 408                .sadb_alg_ivlen = 8,
 409                .sadb_alg_minbits = 128,
 410                .sadb_alg_maxbits = 256,
 411        }
 412},
 413{
 414        .name = "cbc(camellia)",
 415        .compat = "camellia",
 416
 417        .uinfo = {
 418                .encr = {
 419                        .blockbits = 128,
 420                        .defkeybits = 128,
 421                }
 422        },
 423
 424        .desc = {
 425                .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
 426                .sadb_alg_ivlen = 8,
 427                .sadb_alg_minbits = 128,
 428                .sadb_alg_maxbits = 256
 429        }
 430},
 431{
 432        .name = "cbc(twofish)",
 433        .compat = "twofish",
 434
 435        .uinfo = {
 436                .encr = {
 437                        .blockbits = 128,
 438                        .defkeybits = 128,
 439                }
 440        },
 441
 442        .desc = {
 443                .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
 444                .sadb_alg_ivlen = 8,
 445                .sadb_alg_minbits = 128,
 446                .sadb_alg_maxbits = 256
 447        }
 448},
 449{
 450        .name = "rfc3686(ctr(aes))",
 451
 452        .uinfo = {
 453                .encr = {
 454                        .blockbits = 128,
 455                        .defkeybits = 160, /* 128-bit key + 32-bit nonce */
 456                }
 457        },
 458
 459        .desc = {
 460                .sadb_alg_id = SADB_X_EALG_AESCTR,
 461                .sadb_alg_ivlen = 8,
 462                .sadb_alg_minbits = 160,
 463                .sadb_alg_maxbits = 288
 464        }
 465},
 466};
 467
 468static struct xfrm_algo_desc calg_list[] = {
 469{
 470        .name = "deflate",
 471        .uinfo = {
 472                .comp = {
 473                        .threshold = 90,
 474                }
 475        },
 476        .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
 477},
 478{
 479        .name = "lzs",
 480        .uinfo = {
 481                .comp = {
 482                        .threshold = 90,
 483                }
 484        },
 485        .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
 486},
 487{
 488        .name = "lzjh",
 489        .uinfo = {
 490                .comp = {
 491                        .threshold = 50,
 492                }
 493        },
 494        .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
 495},
 496};
 497
 498static inline int aead_entries(void)
 499{
 500        return ARRAY_SIZE(aead_list);
 501}
 502
 503static inline int aalg_entries(void)
 504{
 505        return ARRAY_SIZE(aalg_list);
 506}
 507
 508static inline int ealg_entries(void)
 509{
 510        return ARRAY_SIZE(ealg_list);
 511}
 512
 513static inline int calg_entries(void)
 514{
 515        return ARRAY_SIZE(calg_list);
 516}
 517
 518struct xfrm_algo_list {
 519        struct xfrm_algo_desc *algs;
 520        int entries;
 521        u32 type;
 522        u32 mask;
 523};
 524
 525static const struct xfrm_algo_list xfrm_aead_list = {
 526        .algs = aead_list,
 527        .entries = ARRAY_SIZE(aead_list),
 528        .type = CRYPTO_ALG_TYPE_AEAD,
 529        .mask = CRYPTO_ALG_TYPE_MASK,
 530};
 531
 532static const struct xfrm_algo_list xfrm_aalg_list = {
 533        .algs = aalg_list,
 534        .entries = ARRAY_SIZE(aalg_list),
 535        .type = CRYPTO_ALG_TYPE_HASH,
 536        .mask = CRYPTO_ALG_TYPE_HASH_MASK,
 537};
 538
 539static const struct xfrm_algo_list xfrm_ealg_list = {
 540        .algs = ealg_list,
 541        .entries = ARRAY_SIZE(ealg_list),
 542        .type = CRYPTO_ALG_TYPE_BLKCIPHER,
 543        .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
 544};
 545
 546static const struct xfrm_algo_list xfrm_calg_list = {
 547        .algs = calg_list,
 548        .entries = ARRAY_SIZE(calg_list),
 549        .type = CRYPTO_ALG_TYPE_COMPRESS,
 550        .mask = CRYPTO_ALG_TYPE_MASK,
 551};
 552
 553static struct xfrm_algo_desc *xfrm_find_algo(
 554        const struct xfrm_algo_list *algo_list,
 555        int match(const struct xfrm_algo_desc *entry, const void *data),
 556        const void *data, int probe)
 557{
 558        struct xfrm_algo_desc *list = algo_list->algs;
 559        int i, status;
 560
 561        for (i = 0; i < algo_list->entries; i++) {
 562                if (!match(list + i, data))
 563                        continue;
 564
 565                if (list[i].available)
 566                        return &list[i];
 567
 568                if (!probe)
 569                        break;
 570
 571                status = crypto_has_alg(list[i].name, algo_list->type,
 572                                        algo_list->mask);
 573                if (!status)
 574                        break;
 575
 576                list[i].available = status;
 577                return &list[i];
 578        }
 579        return NULL;
 580}
 581
 582static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
 583                             const void *data)
 584{
 585        return entry->desc.sadb_alg_id == (unsigned long)data;
 586}
 587
 588struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
 589{
 590        return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
 591                              (void *)(unsigned long)alg_id, 1);
 592}
 593EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
 594
 595struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
 596{
 597        return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
 598                              (void *)(unsigned long)alg_id, 1);
 599}
 600EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
 601
 602struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
 603{
 604        return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
 605                              (void *)(unsigned long)alg_id, 1);
 606}
 607EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
 608
 609static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
 610                               const void *data)
 611{
 612        const char *name = data;
 613
 614        return name && (!strcmp(name, entry->name) ||
 615                        (entry->compat && !strcmp(name, entry->compat)));
 616}
 617
 618struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
 619{
 620        return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
 621                              probe);
 622}
 623EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
 624
 625struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
 626{
 627        return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
 628                              probe);
 629}
 630EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
 631
 632struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
 633{
 634        return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
 635                              probe);
 636}
 637EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
 638
 639struct xfrm_aead_name {
 640        const char *name;
 641        int icvbits;
 642};
 643
 644static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
 645                                const void *data)
 646{
 647        const struct xfrm_aead_name *aead = data;
 648        const char *name = aead->name;
 649
 650        return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
 651               !strcmp(name, entry->name);
 652}
 653
 654struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
 655{
 656        struct xfrm_aead_name data = {
 657                .name = name,
 658                .icvbits = icv_len,
 659        };
 660
 661        return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
 662                              probe);
 663}
 664EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
 665
 666struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
 667{
 668        if (idx >= aalg_entries())
 669                return NULL;
 670
 671        return &aalg_list[idx];
 672}
 673EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
 674
 675struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
 676{
 677        if (idx >= ealg_entries())
 678                return NULL;
 679
 680        return &ealg_list[idx];
 681}
 682EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
 683
 684/*
 685 * Probe for the availability of crypto algorithms, and set the available
 686 * flag for any algorithms found on the system.  This is typically called by
 687 * pfkey during userspace SA add, update or register.
 688 */
 689void xfrm_probe_algs(void)
 690{
 691        int i, status;
 692
 693        BUG_ON(in_softirq());
 694
 695        for (i = 0; i < aalg_entries(); i++) {
 696                status = crypto_has_hash(aalg_list[i].name, 0,
 697                                         CRYPTO_ALG_ASYNC);
 698                if (aalg_list[i].available != status)
 699                        aalg_list[i].available = status;
 700        }
 701
 702        for (i = 0; i < ealg_entries(); i++) {
 703                status = crypto_has_blkcipher(ealg_list[i].name, 0,
 704                                              CRYPTO_ALG_ASYNC);
 705                if (ealg_list[i].available != status)
 706                        ealg_list[i].available = status;
 707        }
 708
 709        for (i = 0; i < calg_entries(); i++) {
 710                status = crypto_has_comp(calg_list[i].name, 0,
 711                                         CRYPTO_ALG_ASYNC);
 712                if (calg_list[i].available != status)
 713                        calg_list[i].available = status;
 714        }
 715}
 716EXPORT_SYMBOL_GPL(xfrm_probe_algs);
 717
 718int xfrm_count_auth_supported(void)
 719{
 720        int i, n;
 721
 722        for (i = 0, n = 0; i < aalg_entries(); i++)
 723                if (aalg_list[i].available)
 724                        n++;
 725        return n;
 726}
 727EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
 728
 729int xfrm_count_enc_supported(void)
 730{
 731        int i, n;
 732
 733        for (i = 0, n = 0; i < ealg_entries(); i++)
 734                if (ealg_list[i].available)
 735                        n++;
 736        return n;
 737}
 738EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
 739
 740#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
 741
 742void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
 743{
 744        if (tail != skb) {
 745                skb->data_len += len;
 746                skb->len += len;
 747        }
 748        return skb_put(tail, len);
 749}
 750EXPORT_SYMBOL_GPL(pskb_put);
 751#endif
 752
 753MODULE_LICENSE("GPL");
 754
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.