1/*
2 * xfrm algorithm interface
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/pfkeyv2.h>
15#include <linux/crypto.h>
16#include <linux/scatterlist.h>
17#include <net/xfrm.h>
18#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || \
19	defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
20#include <net/ah.h>
21#endif
22#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || \
23	defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
24#include <net/esp.h>
25#endif
26
27/*
28 * Algorithms supported by IPsec.  These entries contain properties which
29 * are used in key negotiation and xfrm processing, and are used to verify
30 * that instantiated crypto transforms have correct parameters for IPsec
31 * purposes.
32 */
33static struct xfrm_algo_desc aead_list[] = {
34{
35	.name = "rfc4106(gcm(aes))",
36
37	.uinfo = {
38		.aead = {
39			.icv_truncbits = 64,
40		}
41	},
42
43	.desc = {
44		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
45		.sadb_alg_ivlen = 8,
46		.sadb_alg_minbits = 128,
47		.sadb_alg_maxbits = 256
48	}
49},
50{
51	.name = "rfc4106(gcm(aes))",
52
53	.uinfo = {
54		.aead = {
55			.icv_truncbits = 96,
56		}
57	},
58
59	.desc = {
60		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
61		.sadb_alg_ivlen = 8,
62		.sadb_alg_minbits = 128,
63		.sadb_alg_maxbits = 256
64	}
65},
66{
67	.name = "rfc4106(gcm(aes))",
68
69	.uinfo = {
70		.aead = {
71			.icv_truncbits = 128,
72		}
73	},
74
75	.desc = {
76		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
77		.sadb_alg_ivlen = 8,
78		.sadb_alg_minbits = 128,
79		.sadb_alg_maxbits = 256
80	}
81},
82{
83	.name = "rfc4309(ccm(aes))",
84
85	.uinfo = {
86		.aead = {
87			.icv_truncbits = 64,
88		}
89	},
90
91	.desc = {
92		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
93		.sadb_alg_ivlen = 8,
94		.sadb_alg_minbits = 128,
95		.sadb_alg_maxbits = 256
96	}
97},
98{
99	.name = "rfc4309(ccm(aes))",
100
101	.uinfo = {
102		.aead = {
103			.icv_truncbits = 96,
104		}
105	},
106
107	.desc = {
108		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
109		.sadb_alg_ivlen = 8,
110		.sadb_alg_minbits = 128,
111		.sadb_alg_maxbits = 256
112	}
113},
114{
115	.name = "rfc4309(ccm(aes))",
116
117	.uinfo = {
118		.aead = {
119			.icv_truncbits = 128,
120		}
121	},
122
123	.desc = {
124		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
125		.sadb_alg_ivlen = 8,
126		.sadb_alg_minbits = 128,
127		.sadb_alg_maxbits = 256
128	}
129},
130{
131	.name = "rfc4543(gcm(aes))",
132
133	.uinfo = {
134		.aead = {
135			.icv_truncbits = 128,
136		}
137	},
138
139	.desc = {
140		.sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
141		.sadb_alg_ivlen = 8,
142		.sadb_alg_minbits = 128,
143		.sadb_alg_maxbits = 256
144	}
145},
146};
147
148static struct xfrm_algo_desc aalg_list[] = {
149{
150	.name = "digest_null",
151
152	.uinfo = {
153		.auth = {
154			.icv_truncbits = 0,
155			.icv_fullbits = 0,
156		}
157	},
158
159	.desc = {
160		.sadb_alg_id = SADB_X_AALG_NULL,
161		.sadb_alg_ivlen = 0,
162		.sadb_alg_minbits = 0,
163		.sadb_alg_maxbits = 0
164	}
165},
166{
167	.name = "hmac(md5)",
168	.compat = "md5",
169
170	.uinfo = {
171		.auth = {
172			.icv_truncbits = 96,
173			.icv_fullbits = 128,
174		}
175	},
176
177	.desc = {
178		.sadb_alg_id = SADB_AALG_MD5HMAC,
179		.sadb_alg_ivlen = 0,
180		.sadb_alg_minbits = 128,
181		.sadb_alg_maxbits = 128
182	}
183},
184{
185	.name = "hmac(sha1)",
186	.compat = "sha1",
187
188	.uinfo = {
189		.auth = {
190			.icv_truncbits = 96,
191			.icv_fullbits = 160,
192		}
193	},
194
195	.desc = {
196		.sadb_alg_id = SADB_AALG_SHA1HMAC,
197		.sadb_alg_ivlen = 0,
198		.sadb_alg_minbits = 160,
199		.sadb_alg_maxbits = 160
200	}
201},
202{
203	.name = "hmac(sha256)",
204	.compat = "sha256",
205
206	.uinfo = {
207		.auth = {
208			.icv_truncbits = 96,
209			.icv_fullbits = 256,
210		}
211	},
212
213	.desc = {
214		.sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
215		.sadb_alg_ivlen = 0,
216		.sadb_alg_minbits = 256,
217		.sadb_alg_maxbits = 256
218	}
219},
220{
221	.name = "hmac(sha384)",
222
223	.uinfo = {
224		.auth = {
225			.icv_truncbits = 192,
226			.icv_fullbits = 384,
227		}
228	},
229
230	.desc = {
231		.sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
232		.sadb_alg_ivlen = 0,
233		.sadb_alg_minbits = 384,
234		.sadb_alg_maxbits = 384
235	}
236},
237{
238	.name = "hmac(sha512)",
239
240	.uinfo = {
241		.auth = {
242			.icv_truncbits = 256,
243			.icv_fullbits = 512,
244		}
245	},
246
247	.desc = {
248		.sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
249		.sadb_alg_ivlen = 0,
250		.sadb_alg_minbits = 512,
251		.sadb_alg_maxbits = 512
252	}
253},
254{
255	.name = "hmac(rmd160)",
256	.compat = "rmd160",
257
258	.uinfo = {
259		.auth = {
260			.icv_truncbits = 96,
261			.icv_fullbits = 160,
262		}
263	},
264
265	.desc = {
266		.sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
267		.sadb_alg_ivlen = 0,
268		.sadb_alg_minbits = 160,
269		.sadb_alg_maxbits = 160
270	}
271},
272{
273	.name = "xcbc(aes)",
274
275	.uinfo = {
276		.auth = {
277			.icv_truncbits = 96,
278			.icv_fullbits = 128,
279		}
280	},
281
282	.desc = {
283		.sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
284		.sadb_alg_ivlen = 0,
285		.sadb_alg_minbits = 128,
286		.sadb_alg_maxbits = 128
287	}
288},
289};
290
291static struct xfrm_algo_desc ealg_list[] = {
292{
293	.name = "ecb(cipher_null)",
294	.compat = "cipher_null",
295
296	.uinfo = {
297		.encr = {
298			.blockbits = 8,
299			.defkeybits = 0,
300		}
301	},
302
303	.desc = {
304		.sadb_alg_id =	SADB_EALG_NULL,
305		.sadb_alg_ivlen = 0,
306		.sadb_alg_minbits = 0,
307		.sadb_alg_maxbits = 0
308	}
309},
310{
311	.name = "cbc(des)",
312	.compat = "des",
313
314	.uinfo = {
315		.encr = {
316			.blockbits = 64,
317			.defkeybits = 64,
318		}
319	},
320
321	.desc = {
322		.sadb_alg_id = SADB_EALG_DESCBC,
323		.sadb_alg_ivlen = 8,
324		.sadb_alg_minbits = 64,
325		.sadb_alg_maxbits = 64
326	}
327},
328{
329	.name = "cbc(des3_ede)",
330	.compat = "des3_ede",
331
332	.uinfo = {
333		.encr = {
334			.blockbits = 64,
335			.defkeybits = 192,
336		}
337	},
338
339	.desc = {
340		.sadb_alg_id = SADB_EALG_3DESCBC,
341		.sadb_alg_ivlen = 8,
342		.sadb_alg_minbits = 192,
343		.sadb_alg_maxbits = 192
344	}
345},
346{
347	.name = "cbc(cast5)",
348	.compat = "cast5",
349
350	.uinfo = {
351		.encr = {
352			.blockbits = 64,
353			.defkeybits = 128,
354		}
355	},
356
357	.desc = {
358		.sadb_alg_id = SADB_X_EALG_CASTCBC,
359		.sadb_alg_ivlen = 8,
360		.sadb_alg_minbits = 40,
361		.sadb_alg_maxbits = 128
362	}
363},
364{
365	.name = "cbc(blowfish)",
366	.compat = "blowfish",
367
368	.uinfo = {
369		.encr = {
370			.blockbits = 64,
371			.defkeybits = 128,
372		}
373	},
374
375	.desc = {
376		.sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
377		.sadb_alg_ivlen = 8,
378		.sadb_alg_minbits = 40,
379		.sadb_alg_maxbits = 448
380	}
381},
382{
383	.name = "cbc(aes)",
384	.compat = "aes",
385
386	.uinfo = {
387		.encr = {
388			.blockbits = 128,
389			.defkeybits = 128,
390		}
391	},
392
393	.desc = {
394		.sadb_alg_id = SADB_X_EALG_AESCBC,
395		.sadb_alg_ivlen = 8,
396		.sadb_alg_minbits = 128,
397		.sadb_alg_maxbits = 256
398	}
399},
400{
401	.name = "cbc(serpent)",
402	.compat = "serpent",
403
404	.uinfo = {
405		.encr = {
406			.blockbits = 128,
407			.defkeybits = 128,
408		}
409	},
410
411	.desc = {
412		.sadb_alg_id = SADB_X_EALG_SERPENTCBC,
413		.sadb_alg_ivlen = 8,
414		.sadb_alg_minbits = 128,
415		.sadb_alg_maxbits = 256,
416	}
417},
418{
419	.name = "cbc(camellia)",
420	.compat = "camellia",
421
422	.uinfo = {
423		.encr = {
424			.blockbits = 128,
425			.defkeybits = 128,
426		}
427	},
428
429	.desc = {
430		.sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
431		.sadb_alg_ivlen = 8,
432		.sadb_alg_minbits = 128,
433		.sadb_alg_maxbits = 256
434	}
435},
436{
437	.name = "cbc(twofish)",
438	.compat = "twofish",
439
440	.uinfo = {
441		.encr = {
442			.blockbits = 128,
443			.defkeybits = 128,
444		}
445	},
446
447	.desc = {
448		.sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
449		.sadb_alg_ivlen = 8,
450		.sadb_alg_minbits = 128,
451		.sadb_alg_maxbits = 256
452	}
453},
454{
455	.name = "rfc3686(ctr(aes))",
456
457	.uinfo = {
458		.encr = {
459			.blockbits = 128,
460			.defkeybits = 160, /* 128-bit key + 32-bit nonce */
461		}
462	},
463
464	.desc = {
465		.sadb_alg_id = SADB_X_EALG_AESCTR,
466		.sadb_alg_ivlen	= 8,
467		.sadb_alg_minbits = 128,
468		.sadb_alg_maxbits = 256
469	}
470},
471};
472
473static struct xfrm_algo_desc calg_list[] = {
474{
475	.name = "deflate",
476	.uinfo = {
477		.comp = {
478			.threshold = 90,
479		}
480	},
481	.desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
482},
483{
484	.name = "lzs",
485	.uinfo = {
486		.comp = {
487			.threshold = 90,
488		}
489	},
490	.desc = { .sadb_alg_id = SADB_X_CALG_LZS }
491},
492{
493	.name = "lzjh",
494	.uinfo = {
495		.comp = {
496			.threshold = 50,
497		}
498	},
499	.desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
500},
501};
502
503static inline int aead_entries(void)
504{
505	return ARRAY_SIZE(aead_list);
506}
507
508static inline int aalg_entries(void)
509{
510	return ARRAY_SIZE(aalg_list);
511}
512
513static inline int ealg_entries(void)
514{
515	return ARRAY_SIZE(ealg_list);
516}
517
518static inline int calg_entries(void)
519{
520	return ARRAY_SIZE(calg_list);
521}
522
523struct xfrm_algo_list {
524	struct xfrm_algo_desc *algs;
525	int entries;
526	u32 type;
527	u32 mask;
528};
529
530static const struct xfrm_algo_list xfrm_aead_list = {
531	.algs = aead_list,
532	.entries = ARRAY_SIZE(aead_list),
533	.type = CRYPTO_ALG_TYPE_AEAD,
534	.mask = CRYPTO_ALG_TYPE_MASK,
535};
536
537static const struct xfrm_algo_list xfrm_aalg_list = {
538	.algs = aalg_list,
539	.entries = ARRAY_SIZE(aalg_list),
540	.type = CRYPTO_ALG_TYPE_HASH,
541	.mask = CRYPTO_ALG_TYPE_HASH_MASK,
542};
543
544static const struct xfrm_algo_list xfrm_ealg_list = {
545	.algs = ealg_list,
546	.entries = ARRAY_SIZE(ealg_list),
547	.type = CRYPTO_ALG_TYPE_BLKCIPHER,
548	.mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
549};
550
551static const struct xfrm_algo_list xfrm_calg_list = {
552	.algs = calg_list,
553	.entries = ARRAY_SIZE(calg_list),
554	.type = CRYPTO_ALG_TYPE_COMPRESS,
555	.mask = CRYPTO_ALG_TYPE_MASK,
556};
557
558static struct xfrm_algo_desc *xfrm_find_algo(
559	const struct xfrm_algo_list *algo_list,
560	int match(const struct xfrm_algo_desc *entry, const void *data),
561	const void *data, int probe)
562{
563	struct xfrm_algo_desc *list = algo_list->algs;
564	int i, status;
565
566	for (i = 0; i < algo_list->entries; i++) {
567		if (!match(list + i, data))
568			continue;
569
570		if (list[i].available)
571			return &list[i];
572
573		if (!probe)
574			break;
575
576		status = crypto_has_alg(list[i].name, algo_list->type,
577					algo_list->mask);
578		if (!status)
579			break;
580
581		list[i].available = status;
582		return &list[i];
583	}
584	return NULL;
585}
586
587static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
588			     const void *data)
589{
590	return entry->desc.sadb_alg_id == (unsigned long)data;
591}
592
593struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
594{
595	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
596			      (void *)(unsigned long)alg_id, 1);
597}
598EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
599
600struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
601{
602	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
603			      (void *)(unsigned long)alg_id, 1);
604}
605EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
606
607struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
608{
609	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
610			      (void *)(unsigned long)alg_id, 1);
611}
612EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
613
614static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
615			       const void *data)
616{
617	const char *name = data;
618
619	return name && (!strcmp(name, entry->name) ||
620			(entry->compat && !strcmp(name, entry->compat)));
621}
622
623struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
624{
625	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
626			      probe);
627}
628EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
629
630struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
631{
632	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
633			      probe);
634}
635EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
636
637struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
638{
639	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
640			      probe);
641}
642EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
643
644struct xfrm_aead_name {
645	const char *name;
646	int icvbits;
647};
648
649static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
650				const void *data)
651{
652	const struct xfrm_aead_name *aead = data;
653	const char *name = aead->name;
654
655	return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
656	       !strcmp(name, entry->name);
657}
658
659struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe)
660{
661	struct xfrm_aead_name data = {
662		.name = name,
663		.icvbits = icv_len,
664	};
665
666	return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
667			      probe);
668}
669EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
670
671struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
672{
673	if (idx >= aalg_entries())
674		return NULL;
675
676	return &aalg_list[idx];
677}
678EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
679
680struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
681{
682	if (idx >= ealg_entries())
683		return NULL;
684
685	return &ealg_list[idx];
686}
687EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
688
689/*
690 * Probe for the availability of crypto algorithms, and set the available
691 * flag for any algorithms found on the system.  This is typically called by
692 * pfkey during userspace SA add, update or register.
693 */
694void xfrm_probe_algs(void)
695{
696	int i, status;
697
698	BUG_ON(in_softirq());
699
700	for (i = 0; i < aalg_entries(); i++) {
701		status = crypto_has_hash(aalg_list[i].name, 0,
702					 CRYPTO_ALG_ASYNC);
703		if (aalg_list[i].available != status)
704			aalg_list[i].available = status;
705	}
706
707	for (i = 0; i < ealg_entries(); i++) {
708		status = crypto_has_blkcipher(ealg_list[i].name, 0,
709					      CRYPTO_ALG_ASYNC);
710		if (ealg_list[i].available != status)
711			ealg_list[i].available = status;
712	}
713
714	for (i = 0; i < calg_entries(); i++) {
715		status = crypto_has_comp(calg_list[i].name, 0,
716					 CRYPTO_ALG_ASYNC);
717		if (calg_list[i].available != status)
718			calg_list[i].available = status;
719	}
720}
721EXPORT_SYMBOL_GPL(xfrm_probe_algs);
722
723int xfrm_count_auth_supported(void)
724{
725	int i, n;
726
727	for (i = 0, n = 0; i < aalg_entries(); i++)
728		if (aalg_list[i].available)
729			n++;
730	return n;
731}
732EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
733
734int xfrm_count_enc_supported(void)
735{
736	int i, n;
737
738	for (i = 0, n = 0; i < ealg_entries(); i++)
739		if (ealg_list[i].available)
740			n++;
741	return n;
742}
743EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
744
745#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || \
746	defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
747
748void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
749{
750	if (tail != skb) {
751		skb->data_len += len;
752		skb->len += len;
753	}
754	return skb_put(tail, len);
755}
756EXPORT_SYMBOL_GPL(pskb_put);
757#endif
758