1 /*
2  * xfrm algorithm interface
3  *
4  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
17 #include <net/xfrm.h>
18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19 #include <net/ah.h>
20 #endif
21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22 #include <net/esp.h>
23 #endif
24 
25 /*
26  * Algorithms supported by IPsec.  These entries contain properties which
27  * are used in key negotiation and xfrm processing, and are used to verify
28  * that instantiated crypto transforms have correct parameters for IPsec
29  * purposes.
30  */
31 static struct xfrm_algo_desc aead_list[] = {
32 {
33 	.name = "rfc4106(gcm(aes))",
34 
35 	.uinfo = {
36 		.aead = {
37 			.icv_truncbits = 64,
38 		}
39 	},
40 
41 	.desc = {
42 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 		.sadb_alg_ivlen = 8,
44 		.sadb_alg_minbits = 128,
45 		.sadb_alg_maxbits = 256
46 	}
47 },
48 {
49 	.name = "rfc4106(gcm(aes))",
50 
51 	.uinfo = {
52 		.aead = {
53 			.icv_truncbits = 96,
54 		}
55 	},
56 
57 	.desc = {
58 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59 		.sadb_alg_ivlen = 8,
60 		.sadb_alg_minbits = 128,
61 		.sadb_alg_maxbits = 256
62 	}
63 },
64 {
65 	.name = "rfc4106(gcm(aes))",
66 
67 	.uinfo = {
68 		.aead = {
69 			.icv_truncbits = 128,
70 		}
71 	},
72 
73 	.desc = {
74 		.sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75 		.sadb_alg_ivlen = 8,
76 		.sadb_alg_minbits = 128,
77 		.sadb_alg_maxbits = 256
78 	}
79 },
80 {
81 	.name = "rfc4309(ccm(aes))",
82 
83 	.uinfo = {
84 		.aead = {
85 			.icv_truncbits = 64,
86 		}
87 	},
88 
89 	.desc = {
90 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91 		.sadb_alg_ivlen = 8,
92 		.sadb_alg_minbits = 128,
93 		.sadb_alg_maxbits = 256
94 	}
95 },
96 {
97 	.name = "rfc4309(ccm(aes))",
98 
99 	.uinfo = {
100 		.aead = {
101 			.icv_truncbits = 96,
102 		}
103 	},
104 
105 	.desc = {
106 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107 		.sadb_alg_ivlen = 8,
108 		.sadb_alg_minbits = 128,
109 		.sadb_alg_maxbits = 256
110 	}
111 },
112 {
113 	.name = "rfc4309(ccm(aes))",
114 
115 	.uinfo = {
116 		.aead = {
117 			.icv_truncbits = 128,
118 		}
119 	},
120 
121 	.desc = {
122 		.sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123 		.sadb_alg_ivlen = 8,
124 		.sadb_alg_minbits = 128,
125 		.sadb_alg_maxbits = 256
126 	}
127 },
128 {
129 	.name = "rfc4543(gcm(aes))",
130 
131 	.uinfo = {
132 		.aead = {
133 			.icv_truncbits = 128,
134 		}
135 	},
136 
137 	.desc = {
138 		.sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
139 		.sadb_alg_ivlen = 8,
140 		.sadb_alg_minbits = 128,
141 		.sadb_alg_maxbits = 256
142 	}
143 },
144 };
145 
146 static struct xfrm_algo_desc aalg_list[] = {
147 {
148 	.name = "digest_null",
149 
150 	.uinfo = {
151 		.auth = {
152 			.icv_truncbits = 0,
153 			.icv_fullbits = 0,
154 		}
155 	},
156 
157 	.desc = {
158 		.sadb_alg_id = SADB_X_AALG_NULL,
159 		.sadb_alg_ivlen = 0,
160 		.sadb_alg_minbits = 0,
161 		.sadb_alg_maxbits = 0
162 	}
163 },
164 {
165 	.name = "hmac(md5)",
166 	.compat = "md5",
167 
168 	.uinfo = {
169 		.auth = {
170 			.icv_truncbits = 96,
171 			.icv_fullbits = 128,
172 		}
173 	},
174 
175 	.desc = {
176 		.sadb_alg_id = SADB_AALG_MD5HMAC,
177 		.sadb_alg_ivlen = 0,
178 		.sadb_alg_minbits = 128,
179 		.sadb_alg_maxbits = 128
180 	}
181 },
182 {
183 	.name = "hmac(sha1)",
184 	.compat = "sha1",
185 
186 	.uinfo = {
187 		.auth = {
188 			.icv_truncbits = 96,
189 			.icv_fullbits = 160,
190 		}
191 	},
192 
193 	.desc = {
194 		.sadb_alg_id = SADB_AALG_SHA1HMAC,
195 		.sadb_alg_ivlen = 0,
196 		.sadb_alg_minbits = 160,
197 		.sadb_alg_maxbits = 160
198 	}
199 },
200 {
201 	.name = "hmac(sha256)",
202 	.compat = "sha256",
203 
204 	.uinfo = {
205 		.auth = {
206 			.icv_truncbits = 96,
207 			.icv_fullbits = 256,
208 		}
209 	},
210 
211 	.desc = {
212 		.sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
213 		.sadb_alg_ivlen = 0,
214 		.sadb_alg_minbits = 256,
215 		.sadb_alg_maxbits = 256
216 	}
217 },
218 {
219 	.name = "hmac(sha384)",
220 
221 	.uinfo = {
222 		.auth = {
223 			.icv_truncbits = 192,
224 			.icv_fullbits = 384,
225 		}
226 	},
227 
228 	.desc = {
229 		.sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
230 		.sadb_alg_ivlen = 0,
231 		.sadb_alg_minbits = 384,
232 		.sadb_alg_maxbits = 384
233 	}
234 },
235 {
236 	.name = "hmac(sha512)",
237 
238 	.uinfo = {
239 		.auth = {
240 			.icv_truncbits = 256,
241 			.icv_fullbits = 512,
242 		}
243 	},
244 
245 	.desc = {
246 		.sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
247 		.sadb_alg_ivlen = 0,
248 		.sadb_alg_minbits = 512,
249 		.sadb_alg_maxbits = 512
250 	}
251 },
252 {
253 	.name = "hmac(rmd160)",
254 	.compat = "rmd160",
255 
256 	.uinfo = {
257 		.auth = {
258 			.icv_truncbits = 96,
259 			.icv_fullbits = 160,
260 		}
261 	},
262 
263 	.desc = {
264 		.sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
265 		.sadb_alg_ivlen = 0,
266 		.sadb_alg_minbits = 160,
267 		.sadb_alg_maxbits = 160
268 	}
269 },
270 {
271 	.name = "xcbc(aes)",
272 
273 	.uinfo = {
274 		.auth = {
275 			.icv_truncbits = 96,
276 			.icv_fullbits = 128,
277 		}
278 	},
279 
280 	.desc = {
281 		.sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
282 		.sadb_alg_ivlen = 0,
283 		.sadb_alg_minbits = 128,
284 		.sadb_alg_maxbits = 128
285 	}
286 },
287 };
288 
289 static struct xfrm_algo_desc ealg_list[] = {
290 {
291 	.name = "ecb(cipher_null)",
292 	.compat = "cipher_null",
293 
294 	.uinfo = {
295 		.encr = {
296 			.blockbits = 8,
297 			.defkeybits = 0,
298 		}
299 	},
300 
301 	.desc = {
302 		.sadb_alg_id =	SADB_EALG_NULL,
303 		.sadb_alg_ivlen = 0,
304 		.sadb_alg_minbits = 0,
305 		.sadb_alg_maxbits = 0
306 	}
307 },
308 {
309 	.name = "cbc(des)",
310 	.compat = "des",
311 
312 	.uinfo = {
313 		.encr = {
314 			.blockbits = 64,
315 			.defkeybits = 64,
316 		}
317 	},
318 
319 	.desc = {
320 		.sadb_alg_id = SADB_EALG_DESCBC,
321 		.sadb_alg_ivlen = 8,
322 		.sadb_alg_minbits = 64,
323 		.sadb_alg_maxbits = 64
324 	}
325 },
326 {
327 	.name = "cbc(des3_ede)",
328 	.compat = "des3_ede",
329 
330 	.uinfo = {
331 		.encr = {
332 			.blockbits = 64,
333 			.defkeybits = 192,
334 		}
335 	},
336 
337 	.desc = {
338 		.sadb_alg_id = SADB_EALG_3DESCBC,
339 		.sadb_alg_ivlen = 8,
340 		.sadb_alg_minbits = 192,
341 		.sadb_alg_maxbits = 192
342 	}
343 },
344 {
345 	.name = "cbc(cast5)",
346 	.compat = "cast5",
347 
348 	.uinfo = {
349 		.encr = {
350 			.blockbits = 64,
351 			.defkeybits = 128,
352 		}
353 	},
354 
355 	.desc = {
356 		.sadb_alg_id = SADB_X_EALG_CASTCBC,
357 		.sadb_alg_ivlen = 8,
358 		.sadb_alg_minbits = 40,
359 		.sadb_alg_maxbits = 128
360 	}
361 },
362 {
363 	.name = "cbc(blowfish)",
364 	.compat = "blowfish",
365 
366 	.uinfo = {
367 		.encr = {
368 			.blockbits = 64,
369 			.defkeybits = 128,
370 		}
371 	},
372 
373 	.desc = {
374 		.sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
375 		.sadb_alg_ivlen = 8,
376 		.sadb_alg_minbits = 40,
377 		.sadb_alg_maxbits = 448
378 	}
379 },
380 {
381 	.name = "cbc(aes)",
382 	.compat = "aes",
383 
384 	.uinfo = {
385 		.encr = {
386 			.blockbits = 128,
387 			.defkeybits = 128,
388 		}
389 	},
390 
391 	.desc = {
392 		.sadb_alg_id = SADB_X_EALG_AESCBC,
393 		.sadb_alg_ivlen = 8,
394 		.sadb_alg_minbits = 128,
395 		.sadb_alg_maxbits = 256
396 	}
397 },
398 {
399 	.name = "cbc(serpent)",
400 	.compat = "serpent",
401 
402 	.uinfo = {
403 		.encr = {
404 			.blockbits = 128,
405 			.defkeybits = 128,
406 		}
407 	},
408 
409 	.desc = {
410 		.sadb_alg_id = SADB_X_EALG_SERPENTCBC,
411 		.sadb_alg_ivlen = 8,
412 		.sadb_alg_minbits = 128,
413 		.sadb_alg_maxbits = 256,
414 	}
415 },
416 {
417 	.name = "cbc(camellia)",
418 	.compat = "camellia",
419 
420 	.uinfo = {
421 		.encr = {
422 			.blockbits = 128,
423 			.defkeybits = 128,
424 		}
425 	},
426 
427 	.desc = {
428 		.sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
429 		.sadb_alg_ivlen = 8,
430 		.sadb_alg_minbits = 128,
431 		.sadb_alg_maxbits = 256
432 	}
433 },
434 {
435 	.name = "cbc(twofish)",
436 	.compat = "twofish",
437 
438 	.uinfo = {
439 		.encr = {
440 			.blockbits = 128,
441 			.defkeybits = 128,
442 		}
443 	},
444 
445 	.desc = {
446 		.sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
447 		.sadb_alg_ivlen = 8,
448 		.sadb_alg_minbits = 128,
449 		.sadb_alg_maxbits = 256
450 	}
451 },
452 {
453 	.name = "rfc3686(ctr(aes))",
454 
455 	.uinfo = {
456 		.encr = {
457 			.blockbits = 128,
458 			.defkeybits = 160, /* 128-bit key + 32-bit nonce */
459 		}
460 	},
461 
462 	.desc = {
463 		.sadb_alg_id = SADB_X_EALG_AESCTR,
464 		.sadb_alg_ivlen	= 8,
465 		.sadb_alg_minbits = 128,
466 		.sadb_alg_maxbits = 256
467 	}
468 },
469 };
470 
471 static struct xfrm_algo_desc calg_list[] = {
472 {
473 	.name = "deflate",
474 	.uinfo = {
475 		.comp = {
476 			.threshold = 90,
477 		}
478 	},
479 	.desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
480 },
481 {
482 	.name = "lzs",
483 	.uinfo = {
484 		.comp = {
485 			.threshold = 90,
486 		}
487 	},
488 	.desc = { .sadb_alg_id = SADB_X_CALG_LZS }
489 },
490 {
491 	.name = "lzjh",
492 	.uinfo = {
493 		.comp = {
494 			.threshold = 50,
495 		}
496 	},
497 	.desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
498 },
499 };
500 
aead_entries(void)501 static inline int aead_entries(void)
502 {
503 	return ARRAY_SIZE(aead_list);
504 }
505 
aalg_entries(void)506 static inline int aalg_entries(void)
507 {
508 	return ARRAY_SIZE(aalg_list);
509 }
510 
ealg_entries(void)511 static inline int ealg_entries(void)
512 {
513 	return ARRAY_SIZE(ealg_list);
514 }
515 
calg_entries(void)516 static inline int calg_entries(void)
517 {
518 	return ARRAY_SIZE(calg_list);
519 }
520 
521 struct xfrm_algo_list {
522 	struct xfrm_algo_desc *algs;
523 	int entries;
524 	u32 type;
525 	u32 mask;
526 };
527 
528 static const struct xfrm_algo_list xfrm_aead_list = {
529 	.algs = aead_list,
530 	.entries = ARRAY_SIZE(aead_list),
531 	.type = CRYPTO_ALG_TYPE_AEAD,
532 	.mask = CRYPTO_ALG_TYPE_MASK,
533 };
534 
535 static const struct xfrm_algo_list xfrm_aalg_list = {
536 	.algs = aalg_list,
537 	.entries = ARRAY_SIZE(aalg_list),
538 	.type = CRYPTO_ALG_TYPE_HASH,
539 	.mask = CRYPTO_ALG_TYPE_HASH_MASK,
540 };
541 
542 static const struct xfrm_algo_list xfrm_ealg_list = {
543 	.algs = ealg_list,
544 	.entries = ARRAY_SIZE(ealg_list),
545 	.type = CRYPTO_ALG_TYPE_BLKCIPHER,
546 	.mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
547 };
548 
549 static const struct xfrm_algo_list xfrm_calg_list = {
550 	.algs = calg_list,
551 	.entries = ARRAY_SIZE(calg_list),
552 	.type = CRYPTO_ALG_TYPE_COMPRESS,
553 	.mask = CRYPTO_ALG_TYPE_MASK,
554 };
555 
xfrm_find_algo(const struct xfrm_algo_list * algo_list,int match (const struct xfrm_algo_desc * entry,const void * data),const void * data,int probe)556 static struct xfrm_algo_desc *xfrm_find_algo(
557 	const struct xfrm_algo_list *algo_list,
558 	int match(const struct xfrm_algo_desc *entry, const void *data),
559 	const void *data, int probe)
560 {
561 	struct xfrm_algo_desc *list = algo_list->algs;
562 	int i, status;
563 
564 	for (i = 0; i < algo_list->entries; i++) {
565 		if (!match(list + i, data))
566 			continue;
567 
568 		if (list[i].available)
569 			return &list[i];
570 
571 		if (!probe)
572 			break;
573 
574 		status = crypto_has_alg(list[i].name, algo_list->type,
575 					algo_list->mask);
576 		if (!status)
577 			break;
578 
579 		list[i].available = status;
580 		return &list[i];
581 	}
582 	return NULL;
583 }
584 
xfrm_alg_id_match(const struct xfrm_algo_desc * entry,const void * data)585 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
586 			     const void *data)
587 {
588 	return entry->desc.sadb_alg_id == (unsigned long)data;
589 }
590 
xfrm_aalg_get_byid(int alg_id)591 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
592 {
593 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
594 			      (void *)(unsigned long)alg_id, 1);
595 }
596 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
597 
xfrm_ealg_get_byid(int alg_id)598 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
599 {
600 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
601 			      (void *)(unsigned long)alg_id, 1);
602 }
603 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
604 
xfrm_calg_get_byid(int alg_id)605 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
606 {
607 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
608 			      (void *)(unsigned long)alg_id, 1);
609 }
610 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
611 
xfrm_alg_name_match(const struct xfrm_algo_desc * entry,const void * data)612 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
613 			       const void *data)
614 {
615 	const char *name = data;
616 
617 	return name && (!strcmp(name, entry->name) ||
618 			(entry->compat && !strcmp(name, entry->compat)));
619 }
620 
xfrm_aalg_get_byname(const char * name,int probe)621 struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
622 {
623 	return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
624 			      probe);
625 }
626 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
627 
xfrm_ealg_get_byname(const char * name,int probe)628 struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
629 {
630 	return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
631 			      probe);
632 }
633 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
634 
xfrm_calg_get_byname(const char * name,int probe)635 struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
636 {
637 	return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
638 			      probe);
639 }
640 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
641 
642 struct xfrm_aead_name {
643 	const char *name;
644 	int icvbits;
645 };
646 
xfrm_aead_name_match(const struct xfrm_algo_desc * entry,const void * data)647 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
648 				const void *data)
649 {
650 	const struct xfrm_aead_name *aead = data;
651 	const char *name = aead->name;
652 
653 	return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
654 	       !strcmp(name, entry->name);
655 }
656 
xfrm_aead_get_byname(const char * name,int icv_len,int probe)657 struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
658 {
659 	struct xfrm_aead_name data = {
660 		.name = name,
661 		.icvbits = icv_len,
662 	};
663 
664 	return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
665 			      probe);
666 }
667 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
668 
xfrm_aalg_get_byidx(unsigned int idx)669 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
670 {
671 	if (idx >= aalg_entries())
672 		return NULL;
673 
674 	return &aalg_list[idx];
675 }
676 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
677 
xfrm_ealg_get_byidx(unsigned int idx)678 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
679 {
680 	if (idx >= ealg_entries())
681 		return NULL;
682 
683 	return &ealg_list[idx];
684 }
685 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
686 
687 /*
688  * Probe for the availability of crypto algorithms, and set the available
689  * flag for any algorithms found on the system.  This is typically called by
690  * pfkey during userspace SA add, update or register.
691  */
xfrm_probe_algs(void)692 void xfrm_probe_algs(void)
693 {
694 	int i, status;
695 
696 	BUG_ON(in_softirq());
697 
698 	for (i = 0; i < aalg_entries(); i++) {
699 		status = crypto_has_hash(aalg_list[i].name, 0,
700 					 CRYPTO_ALG_ASYNC);
701 		if (aalg_list[i].available != status)
702 			aalg_list[i].available = status;
703 	}
704 
705 	for (i = 0; i < ealg_entries(); i++) {
706 		status = crypto_has_blkcipher(ealg_list[i].name, 0,
707 					      CRYPTO_ALG_ASYNC);
708 		if (ealg_list[i].available != status)
709 			ealg_list[i].available = status;
710 	}
711 
712 	for (i = 0; i < calg_entries(); i++) {
713 		status = crypto_has_comp(calg_list[i].name, 0,
714 					 CRYPTO_ALG_ASYNC);
715 		if (calg_list[i].available != status)
716 			calg_list[i].available = status;
717 	}
718 }
719 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
720 
xfrm_count_auth_supported(void)721 int xfrm_count_auth_supported(void)
722 {
723 	int i, n;
724 
725 	for (i = 0, n = 0; i < aalg_entries(); i++)
726 		if (aalg_list[i].available)
727 			n++;
728 	return n;
729 }
730 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
731 
xfrm_count_enc_supported(void)732 int xfrm_count_enc_supported(void)
733 {
734 	int i, n;
735 
736 	for (i = 0, n = 0; i < ealg_entries(); i++)
737 		if (ealg_list[i].available)
738 			n++;
739 	return n;
740 }
741 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
742 
743 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
744 
pskb_put(struct sk_buff * skb,struct sk_buff * tail,int len)745 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
746 {
747 	if (tail != skb) {
748 		skb->data_len += len;
749 		skb->len += len;
750 	}
751 	return skb_put(tail, len);
752 }
753 EXPORT_SYMBOL_GPL(pskb_put);
754 #endif
755