Loading...
1/*
2 * xfrm algorithm interface
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/pfkeyv2.h>
15#include <linux/crypto.h>
16#include <linux/scatterlist.h>
17#include <net/xfrm.h>
18#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19#include <net/ah.h>
20#endif
21#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22#include <net/esp.h>
23#endif
24
25/*
26 * Algorithms supported by IPsec. These entries contain properties which
27 * are used in key negotiation and xfrm processing, and are used to verify
28 * that instantiated crypto transforms have correct parameters for IPsec
29 * purposes.
30 */
31static struct xfrm_algo_desc aead_list[] = {
32{
33 .name = "rfc4106(gcm(aes))",
34
35 .uinfo = {
36 .aead = {
37 .icv_truncbits = 64,
38 }
39 },
40
41 .desc = {
42 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 .sadb_alg_ivlen = 8,
44 .sadb_alg_minbits = 128,
45 .sadb_alg_maxbits = 256
46 }
47},
48{
49 .name = "rfc4106(gcm(aes))",
50
51 .uinfo = {
52 .aead = {
53 .icv_truncbits = 96,
54 }
55 },
56
57 .desc = {
58 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59 .sadb_alg_ivlen = 8,
60 .sadb_alg_minbits = 128,
61 .sadb_alg_maxbits = 256
62 }
63},
64{
65 .name = "rfc4106(gcm(aes))",
66
67 .uinfo = {
68 .aead = {
69 .icv_truncbits = 128,
70 }
71 },
72
73 .desc = {
74 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75 .sadb_alg_ivlen = 8,
76 .sadb_alg_minbits = 128,
77 .sadb_alg_maxbits = 256
78 }
79},
80{
81 .name = "rfc4309(ccm(aes))",
82
83 .uinfo = {
84 .aead = {
85 .icv_truncbits = 64,
86 }
87 },
88
89 .desc = {
90 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91 .sadb_alg_ivlen = 8,
92 .sadb_alg_minbits = 128,
93 .sadb_alg_maxbits = 256
94 }
95},
96{
97 .name = "rfc4309(ccm(aes))",
98
99 .uinfo = {
100 .aead = {
101 .icv_truncbits = 96,
102 }
103 },
104
105 .desc = {
106 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107 .sadb_alg_ivlen = 8,
108 .sadb_alg_minbits = 128,
109 .sadb_alg_maxbits = 256
110 }
111},
112{
113 .name = "rfc4309(ccm(aes))",
114
115 .uinfo = {
116 .aead = {
117 .icv_truncbits = 128,
118 }
119 },
120
121 .desc = {
122 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123 .sadb_alg_ivlen = 8,
124 .sadb_alg_minbits = 128,
125 .sadb_alg_maxbits = 256
126 }
127},
128{
129 .name = "rfc4543(gcm(aes))",
130
131 .uinfo = {
132 .aead = {
133 .icv_truncbits = 128,
134 }
135 },
136
137 .desc = {
138 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
139 .sadb_alg_ivlen = 8,
140 .sadb_alg_minbits = 128,
141 .sadb_alg_maxbits = 256
142 }
143},
144};
145
146static struct xfrm_algo_desc aalg_list[] = {
147{
148 .name = "digest_null",
149
150 .uinfo = {
151 .auth = {
152 .icv_truncbits = 0,
153 .icv_fullbits = 0,
154 }
155 },
156
157 .desc = {
158 .sadb_alg_id = SADB_X_AALG_NULL,
159 .sadb_alg_ivlen = 0,
160 .sadb_alg_minbits = 0,
161 .sadb_alg_maxbits = 0
162 }
163},
164{
165 .name = "hmac(md5)",
166 .compat = "md5",
167
168 .uinfo = {
169 .auth = {
170 .icv_truncbits = 96,
171 .icv_fullbits = 128,
172 }
173 },
174
175 .desc = {
176 .sadb_alg_id = SADB_AALG_MD5HMAC,
177 .sadb_alg_ivlen = 0,
178 .sadb_alg_minbits = 128,
179 .sadb_alg_maxbits = 128
180 }
181},
182{
183 .name = "hmac(sha1)",
184 .compat = "sha1",
185
186 .uinfo = {
187 .auth = {
188 .icv_truncbits = 96,
189 .icv_fullbits = 160,
190 }
191 },
192
193 .desc = {
194 .sadb_alg_id = SADB_AALG_SHA1HMAC,
195 .sadb_alg_ivlen = 0,
196 .sadb_alg_minbits = 160,
197 .sadb_alg_maxbits = 160
198 }
199},
200{
201 .name = "hmac(sha256)",
202 .compat = "sha256",
203
204 .uinfo = {
205 .auth = {
206 .icv_truncbits = 96,
207 .icv_fullbits = 256,
208 }
209 },
210
211 .desc = {
212 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
213 .sadb_alg_ivlen = 0,
214 .sadb_alg_minbits = 256,
215 .sadb_alg_maxbits = 256
216 }
217},
218{
219 .name = "hmac(sha384)",
220
221 .uinfo = {
222 .auth = {
223 .icv_truncbits = 192,
224 .icv_fullbits = 384,
225 }
226 },
227
228 .desc = {
229 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
230 .sadb_alg_ivlen = 0,
231 .sadb_alg_minbits = 384,
232 .sadb_alg_maxbits = 384
233 }
234},
235{
236 .name = "hmac(sha512)",
237
238 .uinfo = {
239 .auth = {
240 .icv_truncbits = 256,
241 .icv_fullbits = 512,
242 }
243 },
244
245 .desc = {
246 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
247 .sadb_alg_ivlen = 0,
248 .sadb_alg_minbits = 512,
249 .sadb_alg_maxbits = 512
250 }
251},
252{
253 .name = "hmac(rmd160)",
254 .compat = "rmd160",
255
256 .uinfo = {
257 .auth = {
258 .icv_truncbits = 96,
259 .icv_fullbits = 160,
260 }
261 },
262
263 .desc = {
264 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
265 .sadb_alg_ivlen = 0,
266 .sadb_alg_minbits = 160,
267 .sadb_alg_maxbits = 160
268 }
269},
270{
271 .name = "xcbc(aes)",
272
273 .uinfo = {
274 .auth = {
275 .icv_truncbits = 96,
276 .icv_fullbits = 128,
277 }
278 },
279
280 .desc = {
281 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
282 .sadb_alg_ivlen = 0,
283 .sadb_alg_minbits = 128,
284 .sadb_alg_maxbits = 128
285 }
286},
287};
288
289static struct xfrm_algo_desc ealg_list[] = {
290{
291 .name = "ecb(cipher_null)",
292 .compat = "cipher_null",
293
294 .uinfo = {
295 .encr = {
296 .blockbits = 8,
297 .defkeybits = 0,
298 }
299 },
300
301 .desc = {
302 .sadb_alg_id = SADB_EALG_NULL,
303 .sadb_alg_ivlen = 0,
304 .sadb_alg_minbits = 0,
305 .sadb_alg_maxbits = 0
306 }
307},
308{
309 .name = "cbc(des)",
310 .compat = "des",
311
312 .uinfo = {
313 .encr = {
314 .blockbits = 64,
315 .defkeybits = 64,
316 }
317 },
318
319 .desc = {
320 .sadb_alg_id = SADB_EALG_DESCBC,
321 .sadb_alg_ivlen = 8,
322 .sadb_alg_minbits = 64,
323 .sadb_alg_maxbits = 64
324 }
325},
326{
327 .name = "cbc(des3_ede)",
328 .compat = "des3_ede",
329
330 .uinfo = {
331 .encr = {
332 .blockbits = 64,
333 .defkeybits = 192,
334 }
335 },
336
337 .desc = {
338 .sadb_alg_id = SADB_EALG_3DESCBC,
339 .sadb_alg_ivlen = 8,
340 .sadb_alg_minbits = 192,
341 .sadb_alg_maxbits = 192
342 }
343},
344{
345 .name = "cbc(cast5)",
346 .compat = "cast5",
347
348 .uinfo = {
349 .encr = {
350 .blockbits = 64,
351 .defkeybits = 128,
352 }
353 },
354
355 .desc = {
356 .sadb_alg_id = SADB_X_EALG_CASTCBC,
357 .sadb_alg_ivlen = 8,
358 .sadb_alg_minbits = 40,
359 .sadb_alg_maxbits = 128
360 }
361},
362{
363 .name = "cbc(blowfish)",
364 .compat = "blowfish",
365
366 .uinfo = {
367 .encr = {
368 .blockbits = 64,
369 .defkeybits = 128,
370 }
371 },
372
373 .desc = {
374 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
375 .sadb_alg_ivlen = 8,
376 .sadb_alg_minbits = 40,
377 .sadb_alg_maxbits = 448
378 }
379},
380{
381 .name = "cbc(aes)",
382 .compat = "aes",
383
384 .uinfo = {
385 .encr = {
386 .blockbits = 128,
387 .defkeybits = 128,
388 }
389 },
390
391 .desc = {
392 .sadb_alg_id = SADB_X_EALG_AESCBC,
393 .sadb_alg_ivlen = 8,
394 .sadb_alg_minbits = 128,
395 .sadb_alg_maxbits = 256
396 }
397},
398{
399 .name = "cbc(serpent)",
400 .compat = "serpent",
401
402 .uinfo = {
403 .encr = {
404 .blockbits = 128,
405 .defkeybits = 128,
406 }
407 },
408
409 .desc = {
410 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
411 .sadb_alg_ivlen = 8,
412 .sadb_alg_minbits = 128,
413 .sadb_alg_maxbits = 256,
414 }
415},
416{
417 .name = "cbc(camellia)",
418 .compat = "camellia",
419
420 .uinfo = {
421 .encr = {
422 .blockbits = 128,
423 .defkeybits = 128,
424 }
425 },
426
427 .desc = {
428 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
429 .sadb_alg_ivlen = 8,
430 .sadb_alg_minbits = 128,
431 .sadb_alg_maxbits = 256
432 }
433},
434{
435 .name = "cbc(twofish)",
436 .compat = "twofish",
437
438 .uinfo = {
439 .encr = {
440 .blockbits = 128,
441 .defkeybits = 128,
442 }
443 },
444
445 .desc = {
446 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
447 .sadb_alg_ivlen = 8,
448 .sadb_alg_minbits = 128,
449 .sadb_alg_maxbits = 256
450 }
451},
452{
453 .name = "rfc3686(ctr(aes))",
454
455 .uinfo = {
456 .encr = {
457 .blockbits = 128,
458 .defkeybits = 160, /* 128-bit key + 32-bit nonce */
459 }
460 },
461
462 .desc = {
463 .sadb_alg_id = SADB_X_EALG_AESCTR,
464 .sadb_alg_ivlen = 8,
465 .sadb_alg_minbits = 160,
466 .sadb_alg_maxbits = 288
467 }
468},
469};
470
471static struct xfrm_algo_desc calg_list[] = {
472{
473 .name = "deflate",
474 .uinfo = {
475 .comp = {
476 .threshold = 90,
477 }
478 },
479 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
480},
481{
482 .name = "lzs",
483 .uinfo = {
484 .comp = {
485 .threshold = 90,
486 }
487 },
488 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
489},
490{
491 .name = "lzjh",
492 .uinfo = {
493 .comp = {
494 .threshold = 50,
495 }
496 },
497 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
498},
499};
500
501static inline int aead_entries(void)
502{
503 return ARRAY_SIZE(aead_list);
504}
505
506static inline int aalg_entries(void)
507{
508 return ARRAY_SIZE(aalg_list);
509}
510
511static inline int ealg_entries(void)
512{
513 return ARRAY_SIZE(ealg_list);
514}
515
516static inline int calg_entries(void)
517{
518 return ARRAY_SIZE(calg_list);
519}
520
521struct xfrm_algo_list {
522 struct xfrm_algo_desc *algs;
523 int entries;
524 u32 type;
525 u32 mask;
526};
527
528static const struct xfrm_algo_list xfrm_aead_list = {
529 .algs = aead_list,
530 .entries = ARRAY_SIZE(aead_list),
531 .type = CRYPTO_ALG_TYPE_AEAD,
532 .mask = CRYPTO_ALG_TYPE_MASK,
533};
534
535static const struct xfrm_algo_list xfrm_aalg_list = {
536 .algs = aalg_list,
537 .entries = ARRAY_SIZE(aalg_list),
538 .type = CRYPTO_ALG_TYPE_HASH,
539 .mask = CRYPTO_ALG_TYPE_HASH_MASK,
540};
541
542static const struct xfrm_algo_list xfrm_ealg_list = {
543 .algs = ealg_list,
544 .entries = ARRAY_SIZE(ealg_list),
545 .type = CRYPTO_ALG_TYPE_BLKCIPHER,
546 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
547};
548
549static const struct xfrm_algo_list xfrm_calg_list = {
550 .algs = calg_list,
551 .entries = ARRAY_SIZE(calg_list),
552 .type = CRYPTO_ALG_TYPE_COMPRESS,
553 .mask = CRYPTO_ALG_TYPE_MASK,
554};
555
556static struct xfrm_algo_desc *xfrm_find_algo(
557 const struct xfrm_algo_list *algo_list,
558 int match(const struct xfrm_algo_desc *entry, const void *data),
559 const void *data, int probe)
560{
561 struct xfrm_algo_desc *list = algo_list->algs;
562 int i, status;
563
564 for (i = 0; i < algo_list->entries; i++) {
565 if (!match(list + i, data))
566 continue;
567
568 if (list[i].available)
569 return &list[i];
570
571 if (!probe)
572 break;
573
574 status = crypto_has_alg(list[i].name, algo_list->type,
575 algo_list->mask);
576 if (!status)
577 break;
578
579 list[i].available = status;
580 return &list[i];
581 }
582 return NULL;
583}
584
585static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
586 const void *data)
587{
588 return entry->desc.sadb_alg_id == (unsigned long)data;
589}
590
591struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
592{
593 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
594 (void *)(unsigned long)alg_id, 1);
595}
596EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
597
598struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
599{
600 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
601 (void *)(unsigned long)alg_id, 1);
602}
603EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
604
605struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
606{
607 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
608 (void *)(unsigned long)alg_id, 1);
609}
610EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
611
612static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
613 const void *data)
614{
615 const char *name = data;
616
617 return name && (!strcmp(name, entry->name) ||
618 (entry->compat && !strcmp(name, entry->compat)));
619}
620
621struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
622{
623 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
624 probe);
625}
626EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
627
628struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
629{
630 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
631 probe);
632}
633EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
634
635struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
636{
637 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
638 probe);
639}
640EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
641
642struct xfrm_aead_name {
643 const char *name;
644 int icvbits;
645};
646
647static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
648 const void *data)
649{
650 const struct xfrm_aead_name *aead = data;
651 const char *name = aead->name;
652
653 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
654 !strcmp(name, entry->name);
655}
656
657struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
658{
659 struct xfrm_aead_name data = {
660 .name = name,
661 .icvbits = icv_len,
662 };
663
664 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
665 probe);
666}
667EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
668
669struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
670{
671 if (idx >= aalg_entries())
672 return NULL;
673
674 return &aalg_list[idx];
675}
676EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
677
678struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
679{
680 if (idx >= ealg_entries())
681 return NULL;
682
683 return &ealg_list[idx];
684}
685EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
686
687/*
688 * Probe for the availability of crypto algorithms, and set the available
689 * flag for any algorithms found on the system. This is typically called by
690 * pfkey during userspace SA add, update or register.
691 */
692void xfrm_probe_algs(void)
693{
694 int i, status;
695
696 BUG_ON(in_softirq());
697
698 for (i = 0; i < aalg_entries(); i++) {
699 status = crypto_has_hash(aalg_list[i].name, 0,
700 CRYPTO_ALG_ASYNC);
701 if (aalg_list[i].available != status)
702 aalg_list[i].available = status;
703 }
704
705 for (i = 0; i < ealg_entries(); i++) {
706 status = crypto_has_blkcipher(ealg_list[i].name, 0,
707 CRYPTO_ALG_ASYNC);
708 if (ealg_list[i].available != status)
709 ealg_list[i].available = status;
710 }
711
712 for (i = 0; i < calg_entries(); i++) {
713 status = crypto_has_comp(calg_list[i].name, 0,
714 CRYPTO_ALG_ASYNC);
715 if (calg_list[i].available != status)
716 calg_list[i].available = status;
717 }
718}
719EXPORT_SYMBOL_GPL(xfrm_probe_algs);
720
721int xfrm_count_auth_supported(void)
722{
723 int i, n;
724
725 for (i = 0, n = 0; i < aalg_entries(); i++)
726 if (aalg_list[i].available)
727 n++;
728 return n;
729}
730EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
731
732int xfrm_count_enc_supported(void)
733{
734 int i, n;
735
736 for (i = 0, n = 0; i < ealg_entries(); i++)
737 if (ealg_list[i].available)
738 n++;
739 return n;
740}
741EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
742
743#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
744
745void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
746{
747 if (tail != skb) {
748 skb->data_len += len;
749 skb->len += len;
750 }
751 return skb_put(tail, len);
752}
753EXPORT_SYMBOL_GPL(pskb_put);
754#endif
1/*
2 * xfrm algorithm interface
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/pfkeyv2.h>
15#include <linux/crypto.h>
16#include <linux/scatterlist.h>
17#include <net/xfrm.h>
18#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
19#include <net/esp.h>
20#endif
21
22/*
23 * Algorithms supported by IPsec. These entries contain properties which
24 * are used in key negotiation and xfrm processing, and are used to verify
25 * that instantiated crypto transforms have correct parameters for IPsec
26 * purposes.
27 */
28static struct xfrm_algo_desc aead_list[] = {
29{
30 .name = "rfc4106(gcm(aes))",
31
32 .uinfo = {
33 .aead = {
34 .icv_truncbits = 64,
35 }
36 },
37
38 .pfkey_supported = 1,
39
40 .desc = {
41 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
42 .sadb_alg_ivlen = 8,
43 .sadb_alg_minbits = 128,
44 .sadb_alg_maxbits = 256
45 }
46},
47{
48 .name = "rfc4106(gcm(aes))",
49
50 .uinfo = {
51 .aead = {
52 .icv_truncbits = 96,
53 }
54 },
55
56 .pfkey_supported = 1,
57
58 .desc = {
59 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
60 .sadb_alg_ivlen = 8,
61 .sadb_alg_minbits = 128,
62 .sadb_alg_maxbits = 256
63 }
64},
65{
66 .name = "rfc4106(gcm(aes))",
67
68 .uinfo = {
69 .aead = {
70 .icv_truncbits = 128,
71 }
72 },
73
74 .pfkey_supported = 1,
75
76 .desc = {
77 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
78 .sadb_alg_ivlen = 8,
79 .sadb_alg_minbits = 128,
80 .sadb_alg_maxbits = 256
81 }
82},
83{
84 .name = "rfc4309(ccm(aes))",
85
86 .uinfo = {
87 .aead = {
88 .icv_truncbits = 64,
89 }
90 },
91
92 .pfkey_supported = 1,
93
94 .desc = {
95 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
96 .sadb_alg_ivlen = 8,
97 .sadb_alg_minbits = 128,
98 .sadb_alg_maxbits = 256
99 }
100},
101{
102 .name = "rfc4309(ccm(aes))",
103
104 .uinfo = {
105 .aead = {
106 .icv_truncbits = 96,
107 }
108 },
109
110 .pfkey_supported = 1,
111
112 .desc = {
113 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
114 .sadb_alg_ivlen = 8,
115 .sadb_alg_minbits = 128,
116 .sadb_alg_maxbits = 256
117 }
118},
119{
120 .name = "rfc4309(ccm(aes))",
121
122 .uinfo = {
123 .aead = {
124 .icv_truncbits = 128,
125 }
126 },
127
128 .pfkey_supported = 1,
129
130 .desc = {
131 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
132 .sadb_alg_ivlen = 8,
133 .sadb_alg_minbits = 128,
134 .sadb_alg_maxbits = 256
135 }
136},
137{
138 .name = "rfc4543(gcm(aes))",
139
140 .uinfo = {
141 .aead = {
142 .icv_truncbits = 128,
143 }
144 },
145
146 .pfkey_supported = 1,
147
148 .desc = {
149 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
150 .sadb_alg_ivlen = 8,
151 .sadb_alg_minbits = 128,
152 .sadb_alg_maxbits = 256
153 }
154},
155};
156
157static struct xfrm_algo_desc aalg_list[] = {
158{
159 .name = "digest_null",
160
161 .uinfo = {
162 .auth = {
163 .icv_truncbits = 0,
164 .icv_fullbits = 0,
165 }
166 },
167
168 .pfkey_supported = 1,
169
170 .desc = {
171 .sadb_alg_id = SADB_X_AALG_NULL,
172 .sadb_alg_ivlen = 0,
173 .sadb_alg_minbits = 0,
174 .sadb_alg_maxbits = 0
175 }
176},
177{
178 .name = "hmac(md5)",
179 .compat = "md5",
180
181 .uinfo = {
182 .auth = {
183 .icv_truncbits = 96,
184 .icv_fullbits = 128,
185 }
186 },
187
188 .pfkey_supported = 1,
189
190 .desc = {
191 .sadb_alg_id = SADB_AALG_MD5HMAC,
192 .sadb_alg_ivlen = 0,
193 .sadb_alg_minbits = 128,
194 .sadb_alg_maxbits = 128
195 }
196},
197{
198 .name = "hmac(sha1)",
199 .compat = "sha1",
200
201 .uinfo = {
202 .auth = {
203 .icv_truncbits = 96,
204 .icv_fullbits = 160,
205 }
206 },
207
208 .pfkey_supported = 1,
209
210 .desc = {
211 .sadb_alg_id = SADB_AALG_SHA1HMAC,
212 .sadb_alg_ivlen = 0,
213 .sadb_alg_minbits = 160,
214 .sadb_alg_maxbits = 160
215 }
216},
217{
218 .name = "hmac(sha256)",
219 .compat = "sha256",
220
221 .uinfo = {
222 .auth = {
223 .icv_truncbits = 96,
224 .icv_fullbits = 256,
225 }
226 },
227
228 .pfkey_supported = 1,
229
230 .desc = {
231 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
232 .sadb_alg_ivlen = 0,
233 .sadb_alg_minbits = 256,
234 .sadb_alg_maxbits = 256
235 }
236},
237{
238 .name = "hmac(sha384)",
239
240 .uinfo = {
241 .auth = {
242 .icv_truncbits = 192,
243 .icv_fullbits = 384,
244 }
245 },
246
247 .pfkey_supported = 1,
248
249 .desc = {
250 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
251 .sadb_alg_ivlen = 0,
252 .sadb_alg_minbits = 384,
253 .sadb_alg_maxbits = 384
254 }
255},
256{
257 .name = "hmac(sha512)",
258
259 .uinfo = {
260 .auth = {
261 .icv_truncbits = 256,
262 .icv_fullbits = 512,
263 }
264 },
265
266 .pfkey_supported = 1,
267
268 .desc = {
269 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
270 .sadb_alg_ivlen = 0,
271 .sadb_alg_minbits = 512,
272 .sadb_alg_maxbits = 512
273 }
274},
275{
276 .name = "hmac(rmd160)",
277 .compat = "rmd160",
278
279 .uinfo = {
280 .auth = {
281 .icv_truncbits = 96,
282 .icv_fullbits = 160,
283 }
284 },
285
286 .pfkey_supported = 1,
287
288 .desc = {
289 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
290 .sadb_alg_ivlen = 0,
291 .sadb_alg_minbits = 160,
292 .sadb_alg_maxbits = 160
293 }
294},
295{
296 .name = "xcbc(aes)",
297
298 .uinfo = {
299 .auth = {
300 .icv_truncbits = 96,
301 .icv_fullbits = 128,
302 }
303 },
304
305 .pfkey_supported = 1,
306
307 .desc = {
308 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
309 .sadb_alg_ivlen = 0,
310 .sadb_alg_minbits = 128,
311 .sadb_alg_maxbits = 128
312 }
313},
314{
315 /* rfc4494 */
316 .name = "cmac(aes)",
317
318 .uinfo = {
319 .auth = {
320 .icv_truncbits = 96,
321 .icv_fullbits = 128,
322 }
323 },
324
325 .pfkey_supported = 0,
326},
327};
328
329static struct xfrm_algo_desc ealg_list[] = {
330{
331 .name = "ecb(cipher_null)",
332 .compat = "cipher_null",
333
334 .uinfo = {
335 .encr = {
336 .blockbits = 8,
337 .defkeybits = 0,
338 }
339 },
340
341 .pfkey_supported = 1,
342
343 .desc = {
344 .sadb_alg_id = SADB_EALG_NULL,
345 .sadb_alg_ivlen = 0,
346 .sadb_alg_minbits = 0,
347 .sadb_alg_maxbits = 0
348 }
349},
350{
351 .name = "cbc(des)",
352 .compat = "des",
353
354 .uinfo = {
355 .encr = {
356 .blockbits = 64,
357 .defkeybits = 64,
358 }
359 },
360
361 .pfkey_supported = 1,
362
363 .desc = {
364 .sadb_alg_id = SADB_EALG_DESCBC,
365 .sadb_alg_ivlen = 8,
366 .sadb_alg_minbits = 64,
367 .sadb_alg_maxbits = 64
368 }
369},
370{
371 .name = "cbc(des3_ede)",
372 .compat = "des3_ede",
373
374 .uinfo = {
375 .encr = {
376 .blockbits = 64,
377 .defkeybits = 192,
378 }
379 },
380
381 .pfkey_supported = 1,
382
383 .desc = {
384 .sadb_alg_id = SADB_EALG_3DESCBC,
385 .sadb_alg_ivlen = 8,
386 .sadb_alg_minbits = 192,
387 .sadb_alg_maxbits = 192
388 }
389},
390{
391 .name = "cbc(cast5)",
392 .compat = "cast5",
393
394 .uinfo = {
395 .encr = {
396 .blockbits = 64,
397 .defkeybits = 128,
398 }
399 },
400
401 .pfkey_supported = 1,
402
403 .desc = {
404 .sadb_alg_id = SADB_X_EALG_CASTCBC,
405 .sadb_alg_ivlen = 8,
406 .sadb_alg_minbits = 40,
407 .sadb_alg_maxbits = 128
408 }
409},
410{
411 .name = "cbc(blowfish)",
412 .compat = "blowfish",
413
414 .uinfo = {
415 .encr = {
416 .blockbits = 64,
417 .defkeybits = 128,
418 }
419 },
420
421 .pfkey_supported = 1,
422
423 .desc = {
424 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
425 .sadb_alg_ivlen = 8,
426 .sadb_alg_minbits = 40,
427 .sadb_alg_maxbits = 448
428 }
429},
430{
431 .name = "cbc(aes)",
432 .compat = "aes",
433
434 .uinfo = {
435 .encr = {
436 .blockbits = 128,
437 .defkeybits = 128,
438 }
439 },
440
441 .pfkey_supported = 1,
442
443 .desc = {
444 .sadb_alg_id = SADB_X_EALG_AESCBC,
445 .sadb_alg_ivlen = 8,
446 .sadb_alg_minbits = 128,
447 .sadb_alg_maxbits = 256
448 }
449},
450{
451 .name = "cbc(serpent)",
452 .compat = "serpent",
453
454 .uinfo = {
455 .encr = {
456 .blockbits = 128,
457 .defkeybits = 128,
458 }
459 },
460
461 .pfkey_supported = 1,
462
463 .desc = {
464 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
465 .sadb_alg_ivlen = 8,
466 .sadb_alg_minbits = 128,
467 .sadb_alg_maxbits = 256,
468 }
469},
470{
471 .name = "cbc(camellia)",
472 .compat = "camellia",
473
474 .uinfo = {
475 .encr = {
476 .blockbits = 128,
477 .defkeybits = 128,
478 }
479 },
480
481 .pfkey_supported = 1,
482
483 .desc = {
484 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
485 .sadb_alg_ivlen = 8,
486 .sadb_alg_minbits = 128,
487 .sadb_alg_maxbits = 256
488 }
489},
490{
491 .name = "cbc(twofish)",
492 .compat = "twofish",
493
494 .uinfo = {
495 .encr = {
496 .blockbits = 128,
497 .defkeybits = 128,
498 }
499 },
500
501 .pfkey_supported = 1,
502
503 .desc = {
504 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
505 .sadb_alg_ivlen = 8,
506 .sadb_alg_minbits = 128,
507 .sadb_alg_maxbits = 256
508 }
509},
510{
511 .name = "rfc3686(ctr(aes))",
512
513 .uinfo = {
514 .encr = {
515 .blockbits = 128,
516 .defkeybits = 160, /* 128-bit key + 32-bit nonce */
517 }
518 },
519
520 .pfkey_supported = 1,
521
522 .desc = {
523 .sadb_alg_id = SADB_X_EALG_AESCTR,
524 .sadb_alg_ivlen = 8,
525 .sadb_alg_minbits = 160,
526 .sadb_alg_maxbits = 288
527 }
528},
529};
530
531static struct xfrm_algo_desc calg_list[] = {
532{
533 .name = "deflate",
534 .uinfo = {
535 .comp = {
536 .threshold = 90,
537 }
538 },
539 .pfkey_supported = 1,
540 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
541},
542{
543 .name = "lzs",
544 .uinfo = {
545 .comp = {
546 .threshold = 90,
547 }
548 },
549 .pfkey_supported = 1,
550 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
551},
552{
553 .name = "lzjh",
554 .uinfo = {
555 .comp = {
556 .threshold = 50,
557 }
558 },
559 .pfkey_supported = 1,
560 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
561},
562};
563
564static inline int aead_entries(void)
565{
566 return ARRAY_SIZE(aead_list);
567}
568
569static inline int aalg_entries(void)
570{
571 return ARRAY_SIZE(aalg_list);
572}
573
574static inline int ealg_entries(void)
575{
576 return ARRAY_SIZE(ealg_list);
577}
578
579static inline int calg_entries(void)
580{
581 return ARRAY_SIZE(calg_list);
582}
583
584struct xfrm_algo_list {
585 struct xfrm_algo_desc *algs;
586 int entries;
587 u32 type;
588 u32 mask;
589};
590
591static const struct xfrm_algo_list xfrm_aead_list = {
592 .algs = aead_list,
593 .entries = ARRAY_SIZE(aead_list),
594 .type = CRYPTO_ALG_TYPE_AEAD,
595 .mask = CRYPTO_ALG_TYPE_MASK,
596};
597
598static const struct xfrm_algo_list xfrm_aalg_list = {
599 .algs = aalg_list,
600 .entries = ARRAY_SIZE(aalg_list),
601 .type = CRYPTO_ALG_TYPE_HASH,
602 .mask = CRYPTO_ALG_TYPE_HASH_MASK,
603};
604
605static const struct xfrm_algo_list xfrm_ealg_list = {
606 .algs = ealg_list,
607 .entries = ARRAY_SIZE(ealg_list),
608 .type = CRYPTO_ALG_TYPE_BLKCIPHER,
609 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
610};
611
612static const struct xfrm_algo_list xfrm_calg_list = {
613 .algs = calg_list,
614 .entries = ARRAY_SIZE(calg_list),
615 .type = CRYPTO_ALG_TYPE_COMPRESS,
616 .mask = CRYPTO_ALG_TYPE_MASK,
617};
618
619static struct xfrm_algo_desc *xfrm_find_algo(
620 const struct xfrm_algo_list *algo_list,
621 int match(const struct xfrm_algo_desc *entry, const void *data),
622 const void *data, int probe)
623{
624 struct xfrm_algo_desc *list = algo_list->algs;
625 int i, status;
626
627 for (i = 0; i < algo_list->entries; i++) {
628 if (!match(list + i, data))
629 continue;
630
631 if (list[i].available)
632 return &list[i];
633
634 if (!probe)
635 break;
636
637 status = crypto_has_alg(list[i].name, algo_list->type,
638 algo_list->mask);
639 if (!status)
640 break;
641
642 list[i].available = status;
643 return &list[i];
644 }
645 return NULL;
646}
647
648static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
649 const void *data)
650{
651 return entry->desc.sadb_alg_id == (unsigned long)data;
652}
653
654struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
655{
656 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
657 (void *)(unsigned long)alg_id, 1);
658}
659EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
660
661struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
662{
663 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
664 (void *)(unsigned long)alg_id, 1);
665}
666EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
667
668struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
669{
670 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
671 (void *)(unsigned long)alg_id, 1);
672}
673EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
674
675static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
676 const void *data)
677{
678 const char *name = data;
679
680 return name && (!strcmp(name, entry->name) ||
681 (entry->compat && !strcmp(name, entry->compat)));
682}
683
684struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
685{
686 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
687 probe);
688}
689EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
690
691struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
692{
693 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
694 probe);
695}
696EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
697
698struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
699{
700 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
701 probe);
702}
703EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
704
705struct xfrm_aead_name {
706 const char *name;
707 int icvbits;
708};
709
710static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
711 const void *data)
712{
713 const struct xfrm_aead_name *aead = data;
714 const char *name = aead->name;
715
716 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
717 !strcmp(name, entry->name);
718}
719
720struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
721{
722 struct xfrm_aead_name data = {
723 .name = name,
724 .icvbits = icv_len,
725 };
726
727 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
728 probe);
729}
730EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
731
732struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
733{
734 if (idx >= aalg_entries())
735 return NULL;
736
737 return &aalg_list[idx];
738}
739EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
740
741struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
742{
743 if (idx >= ealg_entries())
744 return NULL;
745
746 return &ealg_list[idx];
747}
748EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
749
750/*
751 * Probe for the availability of crypto algorithms, and set the available
752 * flag for any algorithms found on the system. This is typically called by
753 * pfkey during userspace SA add, update or register.
754 */
755void xfrm_probe_algs(void)
756{
757 int i, status;
758
759 BUG_ON(in_softirq());
760
761 for (i = 0; i < aalg_entries(); i++) {
762 status = crypto_has_hash(aalg_list[i].name, 0,
763 CRYPTO_ALG_ASYNC);
764 if (aalg_list[i].available != status)
765 aalg_list[i].available = status;
766 }
767
768 for (i = 0; i < ealg_entries(); i++) {
769 status = crypto_has_ablkcipher(ealg_list[i].name, 0, 0);
770 if (ealg_list[i].available != status)
771 ealg_list[i].available = status;
772 }
773
774 for (i = 0; i < calg_entries(); i++) {
775 status = crypto_has_comp(calg_list[i].name, 0,
776 CRYPTO_ALG_ASYNC);
777 if (calg_list[i].available != status)
778 calg_list[i].available = status;
779 }
780}
781EXPORT_SYMBOL_GPL(xfrm_probe_algs);
782
783int xfrm_count_pfkey_auth_supported(void)
784{
785 int i, n;
786
787 for (i = 0, n = 0; i < aalg_entries(); i++)
788 if (aalg_list[i].available && aalg_list[i].pfkey_supported)
789 n++;
790 return n;
791}
792EXPORT_SYMBOL_GPL(xfrm_count_pfkey_auth_supported);
793
794int xfrm_count_pfkey_enc_supported(void)
795{
796 int i, n;
797
798 for (i = 0, n = 0; i < ealg_entries(); i++)
799 if (ealg_list[i].available && ealg_list[i].pfkey_supported)
800 n++;
801 return n;
802}
803EXPORT_SYMBOL_GPL(xfrm_count_pfkey_enc_supported);
804
805MODULE_LICENSE("GPL");