Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xfrm_algo.c
Go to the documentation of this file.
1 /*
2  * xfrm algorithm interface
3  *
4  * Copyright (c) 2002 James Morris <[email protected]>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
17 #include <net/xfrm.h>
18 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
19 #include <net/esp.h>
20 #endif
21 
22 /*
23  * Algorithms supported by IPsec. These entries contain properties which
24  * are used in key negotiation and xfrm processing, and are used to verify
25  * that instantiated crypto transforms have correct parameters for IPsec
26  * purposes.
27  */
28 static struct xfrm_algo_desc aead_list[] = {
29 {
30  .name = "rfc4106(gcm(aes))",
31 
32  .uinfo = {
33  .aead = {
34  .icv_truncbits = 64,
35  }
36  },
37 
38  .desc = {
39  .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
40  .sadb_alg_ivlen = 8,
41  .sadb_alg_minbits = 128,
42  .sadb_alg_maxbits = 256
43  }
44 },
45 {
46  .name = "rfc4106(gcm(aes))",
47 
48  .uinfo = {
49  .aead = {
50  .icv_truncbits = 96,
51  }
52  },
53 
54  .desc = {
55  .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
56  .sadb_alg_ivlen = 8,
57  .sadb_alg_minbits = 128,
58  .sadb_alg_maxbits = 256
59  }
60 },
61 {
62  .name = "rfc4106(gcm(aes))",
63 
64  .uinfo = {
65  .aead = {
66  .icv_truncbits = 128,
67  }
68  },
69 
70  .desc = {
71  .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
72  .sadb_alg_ivlen = 8,
73  .sadb_alg_minbits = 128,
74  .sadb_alg_maxbits = 256
75  }
76 },
77 {
78  .name = "rfc4309(ccm(aes))",
79 
80  .uinfo = {
81  .aead = {
82  .icv_truncbits = 64,
83  }
84  },
85 
86  .desc = {
87  .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
88  .sadb_alg_ivlen = 8,
89  .sadb_alg_minbits = 128,
90  .sadb_alg_maxbits = 256
91  }
92 },
93 {
94  .name = "rfc4309(ccm(aes))",
95 
96  .uinfo = {
97  .aead = {
98  .icv_truncbits = 96,
99  }
100  },
101 
102  .desc = {
103  .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
104  .sadb_alg_ivlen = 8,
105  .sadb_alg_minbits = 128,
106  .sadb_alg_maxbits = 256
107  }
108 },
109 {
110  .name = "rfc4309(ccm(aes))",
111 
112  .uinfo = {
113  .aead = {
114  .icv_truncbits = 128,
115  }
116  },
117 
118  .desc = {
119  .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
120  .sadb_alg_ivlen = 8,
121  .sadb_alg_minbits = 128,
122  .sadb_alg_maxbits = 256
123  }
124 },
125 {
126  .name = "rfc4543(gcm(aes))",
127 
128  .uinfo = {
129  .aead = {
130  .icv_truncbits = 128,
131  }
132  },
133 
134  .desc = {
135  .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
136  .sadb_alg_ivlen = 8,
137  .sadb_alg_minbits = 128,
138  .sadb_alg_maxbits = 256
139  }
140 },
141 };
142 
143 static struct xfrm_algo_desc aalg_list[] = {
144 {
145  .name = "digest_null",
146 
147  .uinfo = {
148  .auth = {
149  .icv_truncbits = 0,
150  .icv_fullbits = 0,
151  }
152  },
153 
154  .desc = {
155  .sadb_alg_id = SADB_X_AALG_NULL,
156  .sadb_alg_ivlen = 0,
157  .sadb_alg_minbits = 0,
158  .sadb_alg_maxbits = 0
159  }
160 },
161 {
162  .name = "hmac(md5)",
163  .compat = "md5",
164 
165  .uinfo = {
166  .auth = {
167  .icv_truncbits = 96,
168  .icv_fullbits = 128,
169  }
170  },
171 
172  .desc = {
173  .sadb_alg_id = SADB_AALG_MD5HMAC,
174  .sadb_alg_ivlen = 0,
175  .sadb_alg_minbits = 128,
176  .sadb_alg_maxbits = 128
177  }
178 },
179 {
180  .name = "hmac(sha1)",
181  .compat = "sha1",
182 
183  .uinfo = {
184  .auth = {
185  .icv_truncbits = 96,
186  .icv_fullbits = 160,
187  }
188  },
189 
190  .desc = {
191  .sadb_alg_id = SADB_AALG_SHA1HMAC,
192  .sadb_alg_ivlen = 0,
193  .sadb_alg_minbits = 160,
194  .sadb_alg_maxbits = 160
195  }
196 },
197 {
198  .name = "hmac(sha256)",
199  .compat = "sha256",
200 
201  .uinfo = {
202  .auth = {
203  .icv_truncbits = 96,
204  .icv_fullbits = 256,
205  }
206  },
207 
208  .desc = {
209  .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
210  .sadb_alg_ivlen = 0,
211  .sadb_alg_minbits = 256,
212  .sadb_alg_maxbits = 256
213  }
214 },
215 {
216  .name = "hmac(sha384)",
217 
218  .uinfo = {
219  .auth = {
220  .icv_truncbits = 192,
221  .icv_fullbits = 384,
222  }
223  },
224 
225  .desc = {
226  .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
227  .sadb_alg_ivlen = 0,
228  .sadb_alg_minbits = 384,
229  .sadb_alg_maxbits = 384
230  }
231 },
232 {
233  .name = "hmac(sha512)",
234 
235  .uinfo = {
236  .auth = {
237  .icv_truncbits = 256,
238  .icv_fullbits = 512,
239  }
240  },
241 
242  .desc = {
243  .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
244  .sadb_alg_ivlen = 0,
245  .sadb_alg_minbits = 512,
246  .sadb_alg_maxbits = 512
247  }
248 },
249 {
250  .name = "hmac(rmd160)",
251  .compat = "rmd160",
252 
253  .uinfo = {
254  .auth = {
255  .icv_truncbits = 96,
256  .icv_fullbits = 160,
257  }
258  },
259 
260  .desc = {
261  .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
262  .sadb_alg_ivlen = 0,
263  .sadb_alg_minbits = 160,
264  .sadb_alg_maxbits = 160
265  }
266 },
267 {
268  .name = "xcbc(aes)",
269 
270  .uinfo = {
271  .auth = {
272  .icv_truncbits = 96,
273  .icv_fullbits = 128,
274  }
275  },
276 
277  .desc = {
278  .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
279  .sadb_alg_ivlen = 0,
280  .sadb_alg_minbits = 128,
281  .sadb_alg_maxbits = 128
282  }
283 },
284 };
285 
286 static struct xfrm_algo_desc ealg_list[] = {
287 {
288  .name = "ecb(cipher_null)",
289  .compat = "cipher_null",
290 
291  .uinfo = {
292  .encr = {
293  .blockbits = 8,
294  .defkeybits = 0,
295  }
296  },
297 
298  .desc = {
299  .sadb_alg_id = SADB_EALG_NULL,
300  .sadb_alg_ivlen = 0,
301  .sadb_alg_minbits = 0,
302  .sadb_alg_maxbits = 0
303  }
304 },
305 {
306  .name = "cbc(des)",
307  .compat = "des",
308 
309  .uinfo = {
310  .encr = {
311  .blockbits = 64,
312  .defkeybits = 64,
313  }
314  },
315 
316  .desc = {
317  .sadb_alg_id = SADB_EALG_DESCBC,
318  .sadb_alg_ivlen = 8,
319  .sadb_alg_minbits = 64,
320  .sadb_alg_maxbits = 64
321  }
322 },
323 {
324  .name = "cbc(des3_ede)",
325  .compat = "des3_ede",
326 
327  .uinfo = {
328  .encr = {
329  .blockbits = 64,
330  .defkeybits = 192,
331  }
332  },
333 
334  .desc = {
335  .sadb_alg_id = SADB_EALG_3DESCBC,
336  .sadb_alg_ivlen = 8,
337  .sadb_alg_minbits = 192,
338  .sadb_alg_maxbits = 192
339  }
340 },
341 {
342  .name = "cbc(cast5)",
343  .compat = "cast5",
344 
345  .uinfo = {
346  .encr = {
347  .blockbits = 64,
348  .defkeybits = 128,
349  }
350  },
351 
352  .desc = {
353  .sadb_alg_id = SADB_X_EALG_CASTCBC,
354  .sadb_alg_ivlen = 8,
355  .sadb_alg_minbits = 40,
356  .sadb_alg_maxbits = 128
357  }
358 },
359 {
360  .name = "cbc(blowfish)",
361  .compat = "blowfish",
362 
363  .uinfo = {
364  .encr = {
365  .blockbits = 64,
366  .defkeybits = 128,
367  }
368  },
369 
370  .desc = {
371  .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
372  .sadb_alg_ivlen = 8,
373  .sadb_alg_minbits = 40,
374  .sadb_alg_maxbits = 448
375  }
376 },
377 {
378  .name = "cbc(aes)",
379  .compat = "aes",
380 
381  .uinfo = {
382  .encr = {
383  .blockbits = 128,
384  .defkeybits = 128,
385  }
386  },
387 
388  .desc = {
389  .sadb_alg_id = SADB_X_EALG_AESCBC,
390  .sadb_alg_ivlen = 8,
391  .sadb_alg_minbits = 128,
392  .sadb_alg_maxbits = 256
393  }
394 },
395 {
396  .name = "cbc(serpent)",
397  .compat = "serpent",
398 
399  .uinfo = {
400  .encr = {
401  .blockbits = 128,
402  .defkeybits = 128,
403  }
404  },
405 
406  .desc = {
407  .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
408  .sadb_alg_ivlen = 8,
409  .sadb_alg_minbits = 128,
410  .sadb_alg_maxbits = 256,
411  }
412 },
413 {
414  .name = "cbc(camellia)",
415  .compat = "camellia",
416 
417  .uinfo = {
418  .encr = {
419  .blockbits = 128,
420  .defkeybits = 128,
421  }
422  },
423 
424  .desc = {
425  .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
426  .sadb_alg_ivlen = 8,
427  .sadb_alg_minbits = 128,
428  .sadb_alg_maxbits = 256
429  }
430 },
431 {
432  .name = "cbc(twofish)",
433  .compat = "twofish",
434 
435  .uinfo = {
436  .encr = {
437  .blockbits = 128,
438  .defkeybits = 128,
439  }
440  },
441 
442  .desc = {
443  .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
444  .sadb_alg_ivlen = 8,
445  .sadb_alg_minbits = 128,
446  .sadb_alg_maxbits = 256
447  }
448 },
449 {
450  .name = "rfc3686(ctr(aes))",
451 
452  .uinfo = {
453  .encr = {
454  .blockbits = 128,
455  .defkeybits = 160, /* 128-bit key + 32-bit nonce */
456  }
457  },
458 
459  .desc = {
460  .sadb_alg_id = SADB_X_EALG_AESCTR,
461  .sadb_alg_ivlen = 8,
462  .sadb_alg_minbits = 160,
463  .sadb_alg_maxbits = 288
464  }
465 },
466 };
467 
468 static struct xfrm_algo_desc calg_list[] = {
469 {
470  .name = "deflate",
471  .uinfo = {
472  .comp = {
473  .threshold = 90,
474  }
475  },
476  .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
477 },
478 {
479  .name = "lzs",
480  .uinfo = {
481  .comp = {
482  .threshold = 90,
483  }
484  },
485  .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
486 },
487 {
488  .name = "lzjh",
489  .uinfo = {
490  .comp = {
491  .threshold = 50,
492  }
493  },
494  .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
495 },
496 };
497 
498 static inline int aead_entries(void)
499 {
500  return ARRAY_SIZE(aead_list);
501 }
502 
503 static inline int aalg_entries(void)
504 {
505  return ARRAY_SIZE(aalg_list);
506 }
507 
508 static inline int ealg_entries(void)
509 {
510  return ARRAY_SIZE(ealg_list);
511 }
512 
513 static inline int calg_entries(void)
514 {
515  return ARRAY_SIZE(calg_list);
516 }
517 
518 struct xfrm_algo_list {
519  struct xfrm_algo_desc *algs;
520  int entries;
521  u32 type;
522  u32 mask;
523 };
524 
525 static const struct xfrm_algo_list xfrm_aead_list = {
526  .algs = aead_list,
527  .entries = ARRAY_SIZE(aead_list),
528  .type = CRYPTO_ALG_TYPE_AEAD,
529  .mask = CRYPTO_ALG_TYPE_MASK,
530 };
531 
532 static const struct xfrm_algo_list xfrm_aalg_list = {
533  .algs = aalg_list,
534  .entries = ARRAY_SIZE(aalg_list),
535  .type = CRYPTO_ALG_TYPE_HASH,
536  .mask = CRYPTO_ALG_TYPE_HASH_MASK,
537 };
538 
539 static const struct xfrm_algo_list xfrm_ealg_list = {
540  .algs = ealg_list,
541  .entries = ARRAY_SIZE(ealg_list),
542  .type = CRYPTO_ALG_TYPE_BLKCIPHER,
543  .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
544 };
545 
546 static const struct xfrm_algo_list xfrm_calg_list = {
547  .algs = calg_list,
548  .entries = ARRAY_SIZE(calg_list),
549  .type = CRYPTO_ALG_TYPE_COMPRESS,
550  .mask = CRYPTO_ALG_TYPE_MASK,
551 };
552 
553 static struct xfrm_algo_desc *xfrm_find_algo(
554  const struct xfrm_algo_list *algo_list,
555  int match(const struct xfrm_algo_desc *entry, const void *data),
556  const void *data, int probe)
557 {
558  struct xfrm_algo_desc *list = algo_list->algs;
559  int i, status;
560 
561  for (i = 0; i < algo_list->entries; i++) {
562  if (!match(list + i, data))
563  continue;
564 
565  if (list[i].available)
566  return &list[i];
567 
568  if (!probe)
569  break;
570 
571  status = crypto_has_alg(list[i].name, algo_list->type,
572  algo_list->mask);
573  if (!status)
574  break;
575 
576  list[i].available = status;
577  return &list[i];
578  }
579  return NULL;
580 }
581 
582 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
583  const void *data)
584 {
585  return entry->desc.sadb_alg_id == (unsigned long)data;
586 }
587 
588 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
589 {
590  return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
591  (void *)(unsigned long)alg_id, 1);
592 }
593 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
594 
595 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
596 {
597  return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
598  (void *)(unsigned long)alg_id, 1);
599 }
600 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
601 
602 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
603 {
604  return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
605  (void *)(unsigned long)alg_id, 1);
606 }
607 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
608 
609 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
610  const void *data)
611 {
612  const char *name = data;
613 
614  return name && (!strcmp(name, entry->name) ||
615  (entry->compat && !strcmp(name, entry->compat)));
616 }
617 
618 struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
619 {
620  return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
621  probe);
622 }
623 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
624 
625 struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
626 {
627  return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
628  probe);
629 }
630 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
631 
632 struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
633 {
634  return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
635  probe);
636 }
637 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
638 
639 struct xfrm_aead_name {
640  const char *name;
641  int icvbits;
642 };
643 
644 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
645  const void *data)
646 {
647  const struct xfrm_aead_name *aead = data;
648  const char *name = aead->name;
649 
650  return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
651  !strcmp(name, entry->name);
652 }
653 
654 struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
655 {
656  struct xfrm_aead_name data = {
657  .name = name,
658  .icvbits = icv_len,
659  };
660 
661  return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
662  probe);
663 }
664 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
665 
666 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
667 {
668  if (idx >= aalg_entries())
669  return NULL;
670 
671  return &aalg_list[idx];
672 }
673 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
674 
675 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
676 {
677  if (idx >= ealg_entries())
678  return NULL;
679 
680  return &ealg_list[idx];
681 }
682 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
683 
684 /*
685  * Probe for the availability of crypto algorithms, and set the available
686  * flag for any algorithms found on the system. This is typically called by
687  * pfkey during userspace SA add, update or register.
688  */
689 void xfrm_probe_algs(void)
690 {
691  int i, status;
692 
693  BUG_ON(in_softirq());
694 
695  for (i = 0; i < aalg_entries(); i++) {
696  status = crypto_has_hash(aalg_list[i].name, 0,
697  CRYPTO_ALG_ASYNC);
698  if (aalg_list[i].available != status)
699  aalg_list[i].available = status;
700  }
701 
702  for (i = 0; i < ealg_entries(); i++) {
703  status = crypto_has_blkcipher(ealg_list[i].name, 0,
704  CRYPTO_ALG_ASYNC);
705  if (ealg_list[i].available != status)
706  ealg_list[i].available = status;
707  }
708 
709  for (i = 0; i < calg_entries(); i++) {
710  status = crypto_has_comp(calg_list[i].name, 0,
711  CRYPTO_ALG_ASYNC);
712  if (calg_list[i].available != status)
713  calg_list[i].available = status;
714  }
715 }
716 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
717 
718 int xfrm_count_auth_supported(void)
719 {
720  int i, n;
721 
722  for (i = 0, n = 0; i < aalg_entries(); i++)
723  if (aalg_list[i].available)
724  n++;
725  return n;
726 }
727 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
728 
729 int xfrm_count_enc_supported(void)
730 {
731  int i, n;
732 
733  for (i = 0, n = 0; i < ealg_entries(); i++)
734  if (ealg_list[i].available)
735  n++;
736  return n;
737 }
738 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
739 
740 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
741 
742 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
743 {
744  if (tail != skb) {
745  skb->data_len += len;
746  skb->len += len;
747  }
748  return skb_put(tail, len);
749 }
750 EXPORT_SYMBOL_GPL(pskb_put);
751 #endif
752 
753 MODULE_LICENSE("GPL");
Generated on Thu Jan 10 2013 15:02:39 for Linux Kernel by   doxygen 1.8.2