1/* 2 * xfrm algorithm interface 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the Free 8 * Software Foundation; either version 2 of the License, or (at your option) 9 * any later version. 10 */ 11 12#include <linux/module.h> 13#include <linux/kernel.h> 14#include <linux/pfkeyv2.h> 15#include <linux/crypto.h> 16#include <linux/scatterlist.h> 17#include <net/xfrm.h> 18#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || \ 19 defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE) 20#include <net/ah.h> 21#endif 22#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || \ 23 defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 24#include <net/esp.h> 25#endif 26 27/* 28 * Algorithms supported by IPsec. These entries contain properties which 29 * are used in key negotiation and xfrm processing, and are used to verify 30 * that instantiated crypto transforms have correct parameters for IPsec 31 * purposes. 32 */ 33static struct xfrm_algo_desc aead_list[] = { 34{ 35 .name = "rfc4106(gcm(aes))", 36 37 .uinfo = { 38 .aead = { 39 .icv_truncbits = 64, 40 } 41 }, 42 43 .desc = { 44 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8, 45 .sadb_alg_ivlen = 8, 46 .sadb_alg_minbits = 128, 47 .sadb_alg_maxbits = 256 48 } 49}, 50{ 51 .name = "rfc4106(gcm(aes))", 52 53 .uinfo = { 54 .aead = { 55 .icv_truncbits = 96, 56 } 57 }, 58 59 .desc = { 60 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12, 61 .sadb_alg_ivlen = 8, 62 .sadb_alg_minbits = 128, 63 .sadb_alg_maxbits = 256 64 } 65}, 66{ 67 .name = "rfc4106(gcm(aes))", 68 69 .uinfo = { 70 .aead = { 71 .icv_truncbits = 128, 72 } 73 }, 74 75 .desc = { 76 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16, 77 .sadb_alg_ivlen = 8, 78 .sadb_alg_minbits = 128, 79 .sadb_alg_maxbits = 256 80 } 81}, 82{ 83 .name = "rfc4309(ccm(aes))", 84 85 .uinfo = { 86 .aead = { 87 .icv_truncbits = 64, 88 } 89 }, 90 91 .desc = { 92 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8, 93 .sadb_alg_ivlen = 8, 94 .sadb_alg_minbits = 128, 95 .sadb_alg_maxbits = 256 96 } 97}, 98{ 99 .name = "rfc4309(ccm(aes))", 100 101 .uinfo = { 102 .aead = { 103 .icv_truncbits = 96, 104 } 105 }, 106 107 .desc = { 108 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12, 109 .sadb_alg_ivlen = 8, 110 .sadb_alg_minbits = 128, 111 .sadb_alg_maxbits = 256 112 } 113}, 114{ 115 .name = "rfc4309(ccm(aes))", 116 117 .uinfo = { 118 .aead = { 119 .icv_truncbits = 128, 120 } 121 }, 122 123 .desc = { 124 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16, 125 .sadb_alg_ivlen = 8, 126 .sadb_alg_minbits = 128, 127 .sadb_alg_maxbits = 256 128 } 129}, 130{ 131 .name = "rfc4543(gcm(aes))", 132 133 .uinfo = { 134 .aead = { 135 .icv_truncbits = 128, 136 } 137 }, 138 139 .desc = { 140 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC, 141 .sadb_alg_ivlen = 8, 142 .sadb_alg_minbits = 128, 143 .sadb_alg_maxbits = 256 144 } 145}, 146}; 147 148static struct xfrm_algo_desc aalg_list[] = { 149{ 150 .name = "digest_null", 151 152 .uinfo = { 153 .auth = { 154 .icv_truncbits = 0, 155 .icv_fullbits = 0, 156 } 157 }, 158 159 .desc = { 160 .sadb_alg_id = SADB_X_AALG_NULL, 161 .sadb_alg_ivlen = 0, 162 .sadb_alg_minbits = 0, 163 .sadb_alg_maxbits = 0 164 } 165}, 166{ 167 .name = "hmac(md5)", 168 .compat = "md5", 169 170 .uinfo = { 171 .auth = { 172 .icv_truncbits = 96, 173 .icv_fullbits = 128, 174 } 175 }, 176 177 .desc = { 178 .sadb_alg_id = SADB_AALG_MD5HMAC, 179 .sadb_alg_ivlen = 0, 180 .sadb_alg_minbits = 128, 181 .sadb_alg_maxbits = 128 182 } 183}, 184{ 185 .name = "hmac(sha1)", 186 .compat = "sha1", 187 188 .uinfo = { 189 .auth = { 190 .icv_truncbits = 96, 191 .icv_fullbits = 160, 192 } 193 }, 194 195 .desc = { 196 .sadb_alg_id = SADB_AALG_SHA1HMAC, 197 .sadb_alg_ivlen = 0, 198 .sadb_alg_minbits = 160, 199 .sadb_alg_maxbits = 160 200 } 201}, 202{ 203 .name = "hmac(sha256)", 204 .compat = "sha256", 205 206 .uinfo = { 207 .auth = { 208 .icv_truncbits = 96, 209 .icv_fullbits = 256, 210 } 211 }, 212 213 .desc = { 214 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC, 215 .sadb_alg_ivlen = 0, 216 .sadb_alg_minbits = 256, 217 .sadb_alg_maxbits = 256 218 } 219}, 220{ 221 .name = "hmac(sha384)", 222 223 .uinfo = { 224 .auth = { 225 .icv_truncbits = 192, 226 .icv_fullbits = 384, 227 } 228 }, 229 230 .desc = { 231 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC, 232 .sadb_alg_ivlen = 0, 233 .sadb_alg_minbits = 384, 234 .sadb_alg_maxbits = 384 235 } 236}, 237{ 238 .name = "hmac(sha512)", 239 240 .uinfo = { 241 .auth = { 242 .icv_truncbits = 256, 243 .icv_fullbits = 512, 244 } 245 }, 246 247 .desc = { 248 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC, 249 .sadb_alg_ivlen = 0, 250 .sadb_alg_minbits = 512, 251 .sadb_alg_maxbits = 512 252 } 253}, 254{ 255 .name = "hmac(rmd160)", 256 .compat = "rmd160", 257 258 .uinfo = { 259 .auth = { 260 .icv_truncbits = 96, 261 .icv_fullbits = 160, 262 } 263 }, 264 265 .desc = { 266 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, 267 .sadb_alg_ivlen = 0, 268 .sadb_alg_minbits = 160, 269 .sadb_alg_maxbits = 160 270 } 271}, 272{ 273 .name = "xcbc(aes)", 274 275 .uinfo = { 276 .auth = { 277 .icv_truncbits = 96, 278 .icv_fullbits = 128, 279 } 280 }, 281 282 .desc = { 283 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC, 284 .sadb_alg_ivlen = 0, 285 .sadb_alg_minbits = 128, 286 .sadb_alg_maxbits = 128 287 } 288}, 289}; 290 291static struct xfrm_algo_desc ealg_list[] = { 292{ 293 .name = "ecb(cipher_null)", 294 .compat = "cipher_null", 295 296 .uinfo = { 297 .encr = { 298 .blockbits = 8, 299 .defkeybits = 0, 300 } 301 }, 302 303 .desc = { 304 .sadb_alg_id = SADB_EALG_NULL, 305 .sadb_alg_ivlen = 0, 306 .sadb_alg_minbits = 0, 307 .sadb_alg_maxbits = 0 308 } 309}, 310{ 311 .name = "cbc(des)", 312 .compat = "des", 313 314 .uinfo = { 315 .encr = { 316 .blockbits = 64, 317 .defkeybits = 64, 318 } 319 }, 320 321 .desc = { 322 .sadb_alg_id = SADB_EALG_DESCBC, 323 .sadb_alg_ivlen = 8, 324 .sadb_alg_minbits = 64, 325 .sadb_alg_maxbits = 64 326 } 327}, 328{ 329 .name = "cbc(des3_ede)", 330 .compat = "des3_ede", 331 332 .uinfo = { 333 .encr = { 334 .blockbits = 64, 335 .defkeybits = 192, 336 } 337 }, 338 339 .desc = { 340 .sadb_alg_id = SADB_EALG_3DESCBC, 341 .sadb_alg_ivlen = 8, 342 .sadb_alg_minbits = 192, 343 .sadb_alg_maxbits = 192 344 } 345}, 346{ 347 .name = "cbc(cast5)", 348 .compat = "cast5", 349 350 .uinfo = { 351 .encr = { 352 .blockbits = 64, 353 .defkeybits = 128, 354 } 355 }, 356 357 .desc = { 358 .sadb_alg_id = SADB_X_EALG_CASTCBC, 359 .sadb_alg_ivlen = 8, 360 .sadb_alg_minbits = 40, 361 .sadb_alg_maxbits = 128 362 } 363}, 364{ 365 .name = "cbc(blowfish)", 366 .compat = "blowfish", 367 368 .uinfo = { 369 .encr = { 370 .blockbits = 64, 371 .defkeybits = 128, 372 } 373 }, 374 375 .desc = { 376 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC, 377 .sadb_alg_ivlen = 8, 378 .sadb_alg_minbits = 40, 379 .sadb_alg_maxbits = 448 380 } 381}, 382{ 383 .name = "cbc(aes)", 384 .compat = "aes", 385 386 .uinfo = { 387 .encr = { 388 .blockbits = 128, 389 .defkeybits = 128, 390 } 391 }, 392 393 .desc = { 394 .sadb_alg_id = SADB_X_EALG_AESCBC, 395 .sadb_alg_ivlen = 8, 396 .sadb_alg_minbits = 128, 397 .sadb_alg_maxbits = 256 398 } 399}, 400{ 401 .name = "cbc(serpent)", 402 .compat = "serpent", 403 404 .uinfo = { 405 .encr = { 406 .blockbits = 128, 407 .defkeybits = 128, 408 } 409 }, 410 411 .desc = { 412 .sadb_alg_id = SADB_X_EALG_SERPENTCBC, 413 .sadb_alg_ivlen = 8, 414 .sadb_alg_minbits = 128, 415 .sadb_alg_maxbits = 256, 416 } 417}, 418{ 419 .name = "cbc(camellia)", 420 .compat = "camellia", 421 422 .uinfo = { 423 .encr = { 424 .blockbits = 128, 425 .defkeybits = 128, 426 } 427 }, 428 429 .desc = { 430 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC, 431 .sadb_alg_ivlen = 8, 432 .sadb_alg_minbits = 128, 433 .sadb_alg_maxbits = 256 434 } 435}, 436{ 437 .name = "cbc(twofish)", 438 .compat = "twofish", 439 440 .uinfo = { 441 .encr = { 442 .blockbits = 128, 443 .defkeybits = 128, 444 } 445 }, 446 447 .desc = { 448 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC, 449 .sadb_alg_ivlen = 8, 450 .sadb_alg_minbits = 128, 451 .sadb_alg_maxbits = 256 452 } 453}, 454{ 455 .name = "rfc3686(ctr(aes))", 456 457 .uinfo = { 458 .encr = { 459 .blockbits = 128, 460 .defkeybits = 160, /* 128-bit key + 32-bit nonce */ 461 } 462 }, 463 464 .desc = { 465 .sadb_alg_id = SADB_X_EALG_AESCTR, 466 .sadb_alg_ivlen = 8, 467 .sadb_alg_minbits = 128, 468 .sadb_alg_maxbits = 256 469 } 470}, 471}; 472 473static struct xfrm_algo_desc calg_list[] = { 474{ 475 .name = "deflate", 476 .uinfo = { 477 .comp = { 478 .threshold = 90, 479 } 480 }, 481 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE } 482}, 483{ 484 .name = "lzs", 485 .uinfo = { 486 .comp = { 487 .threshold = 90, 488 } 489 }, 490 .desc = { .sadb_alg_id = SADB_X_CALG_LZS } 491}, 492{ 493 .name = "lzjh", 494 .uinfo = { 495 .comp = { 496 .threshold = 50, 497 } 498 }, 499 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH } 500}, 501}; 502 503static inline int aead_entries(void) 504{ 505 return ARRAY_SIZE(aead_list); 506} 507 508static inline int aalg_entries(void) 509{ 510 return ARRAY_SIZE(aalg_list); 511} 512 513static inline int ealg_entries(void) 514{ 515 return ARRAY_SIZE(ealg_list); 516} 517 518static inline int calg_entries(void) 519{ 520 return ARRAY_SIZE(calg_list); 521} 522 523struct xfrm_algo_list { 524 struct xfrm_algo_desc *algs; 525 int entries; 526 u32 type; 527 u32 mask; 528}; 529 530static const struct xfrm_algo_list xfrm_aead_list = { 531 .algs = aead_list, 532 .entries = ARRAY_SIZE(aead_list), 533 .type = CRYPTO_ALG_TYPE_AEAD, 534 .mask = CRYPTO_ALG_TYPE_MASK, 535}; 536 537static const struct xfrm_algo_list xfrm_aalg_list = { 538 .algs = aalg_list, 539 .entries = ARRAY_SIZE(aalg_list), 540 .type = CRYPTO_ALG_TYPE_HASH, 541 .mask = CRYPTO_ALG_TYPE_HASH_MASK, 542}; 543 544static const struct xfrm_algo_list xfrm_ealg_list = { 545 .algs = ealg_list, 546 .entries = ARRAY_SIZE(ealg_list), 547 .type = CRYPTO_ALG_TYPE_BLKCIPHER, 548 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK, 549}; 550 551static const struct xfrm_algo_list xfrm_calg_list = { 552 .algs = calg_list, 553 .entries = ARRAY_SIZE(calg_list), 554 .type = CRYPTO_ALG_TYPE_COMPRESS, 555 .mask = CRYPTO_ALG_TYPE_MASK, 556}; 557 558static struct xfrm_algo_desc *xfrm_find_algo( 559 const struct xfrm_algo_list *algo_list, 560 int match(const struct xfrm_algo_desc *entry, const void *data), 561 const void *data, int probe) 562{ 563 struct xfrm_algo_desc *list = algo_list->algs; 564 int i, status; 565 566 for (i = 0; i < algo_list->entries; i++) { 567 if (!match(list + i, data)) 568 continue; 569 570 if (list[i].available) 571 return &list[i]; 572 573 if (!probe) 574 break; 575 576 status = crypto_has_alg(list[i].name, algo_list->type, 577 algo_list->mask); 578 if (!status) 579 break; 580 581 list[i].available = status; 582 return &list[i]; 583 } 584 return NULL; 585} 586 587static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry, 588 const void *data) 589{ 590 return entry->desc.sadb_alg_id == (unsigned long)data; 591} 592 593struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id) 594{ 595 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match, 596 (void *)(unsigned long)alg_id, 1); 597} 598EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid); 599 600struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id) 601{ 602 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match, 603 (void *)(unsigned long)alg_id, 1); 604} 605EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid); 606 607struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id) 608{ 609 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match, 610 (void *)(unsigned long)alg_id, 1); 611} 612EXPORT_SYMBOL_GPL(xfrm_calg_get_byid); 613 614static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry, 615 const void *data) 616{ 617 const char *name = data; 618 619 return name && (!strcmp(name, entry->name) || 620 (entry->compat && !strcmp(name, entry->compat))); 621} 622 623struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe) 624{ 625 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name, 626 probe); 627} 628EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname); 629 630struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe) 631{ 632 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name, 633 probe); 634} 635EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname); 636 637struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe) 638{ 639 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name, 640 probe); 641} 642EXPORT_SYMBOL_GPL(xfrm_calg_get_byname); 643 644struct xfrm_aead_name { 645 const char *name; 646 int icvbits; 647}; 648 649static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry, 650 const void *data) 651{ 652 const struct xfrm_aead_name *aead = data; 653 const char *name = aead->name; 654 655 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name && 656 !strcmp(name, entry->name); 657} 658 659struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe) 660{ 661 struct xfrm_aead_name data = { 662 .name = name, 663 .icvbits = icv_len, 664 }; 665 666 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data, 667 probe); 668} 669EXPORT_SYMBOL_GPL(xfrm_aead_get_byname); 670 671struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx) 672{ 673 if (idx >= aalg_entries()) 674 return NULL; 675 676 return &aalg_list[idx]; 677} 678EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx); 679 680struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx) 681{ 682 if (idx >= ealg_entries()) 683 return NULL; 684 685 return &ealg_list[idx]; 686} 687EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx); 688 689/* 690 * Probe for the availability of crypto algorithms, and set the available 691 * flag for any algorithms found on the system. This is typically called by 692 * pfkey during userspace SA add, update or register. 693 */ 694void xfrm_probe_algs(void) 695{ 696 int i, status; 697 698 BUG_ON(in_softirq()); 699 700 for (i = 0; i < aalg_entries(); i++) { 701 status = crypto_has_hash(aalg_list[i].name, 0, 702 CRYPTO_ALG_ASYNC); 703 if (aalg_list[i].available != status) 704 aalg_list[i].available = status; 705 } 706 707 for (i = 0; i < ealg_entries(); i++) { 708 status = crypto_has_blkcipher(ealg_list[i].name, 0, 709 CRYPTO_ALG_ASYNC); 710 if (ealg_list[i].available != status) 711 ealg_list[i].available = status; 712 } 713 714 for (i = 0; i < calg_entries(); i++) { 715 status = crypto_has_comp(calg_list[i].name, 0, 716 CRYPTO_ALG_ASYNC); 717 if (calg_list[i].available != status) 718 calg_list[i].available = status; 719 } 720} 721EXPORT_SYMBOL_GPL(xfrm_probe_algs); 722 723int xfrm_count_auth_supported(void) 724{ 725 int i, n; 726 727 for (i = 0, n = 0; i < aalg_entries(); i++) 728 if (aalg_list[i].available) 729 n++; 730 return n; 731} 732EXPORT_SYMBOL_GPL(xfrm_count_auth_supported); 733 734int xfrm_count_enc_supported(void) 735{ 736 int i, n; 737 738 for (i = 0, n = 0; i < ealg_entries(); i++) 739 if (ealg_list[i].available) 740 n++; 741 return n; 742} 743EXPORT_SYMBOL_GPL(xfrm_count_enc_supported); 744 745#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || \ 746 defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE) 747 748void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len) 749{ 750 if (tail != skb) { 751 skb->data_len += len; 752 skb->len += len; 753 } 754 return skb_put(tail, len); 755} 756EXPORT_SYMBOL_GPL(pskb_put); 757#endif 758