2 * xfrm algorithm interface
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
12 #include <linux/config.h>
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/pfkeyv2.h>
17 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
20 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
23 #include <asm/scatterlist.h>
26 * Algorithms supported by IPsec. These entries contain properties which
27 * are used in key negotiation and xfrm processing, and are used to verify
28 * that instantiated crypto transforms have correct parameters for IPsec
31 static struct xfrm_algo_desc aalg_list[] = {
33 .name = "digest_null",
43 .sadb_alg_id = SADB_X_AALG_NULL,
45 .sadb_alg_minbits = 0,
60 .sadb_alg_id = SADB_AALG_MD5HMAC,
62 .sadb_alg_minbits = 128,
63 .sadb_alg_maxbits = 128
77 .sadb_alg_id = SADB_AALG_SHA1HMAC,
79 .sadb_alg_minbits = 160,
80 .sadb_alg_maxbits = 160
94 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
96 .sadb_alg_minbits = 256,
97 .sadb_alg_maxbits = 256
111 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
113 .sadb_alg_minbits = 160,
114 .sadb_alg_maxbits = 160
119 static struct xfrm_algo_desc ealg_list[] = {
121 .name = "cipher_null",
131 .sadb_alg_id = SADB_EALG_NULL,
133 .sadb_alg_minbits = 0,
134 .sadb_alg_maxbits = 0
148 .sadb_alg_id = SADB_EALG_DESCBC,
150 .sadb_alg_minbits = 64,
151 .sadb_alg_maxbits = 64
165 .sadb_alg_id = SADB_EALG_3DESCBC,
167 .sadb_alg_minbits = 192,
168 .sadb_alg_maxbits = 192
182 .sadb_alg_id = SADB_X_EALG_CASTCBC,
184 .sadb_alg_minbits = 40,
185 .sadb_alg_maxbits = 128
199 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
201 .sadb_alg_minbits = 40,
202 .sadb_alg_maxbits = 448
216 .sadb_alg_id = SADB_X_EALG_AESCBC,
218 .sadb_alg_minbits = 128,
219 .sadb_alg_maxbits = 256
233 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
235 .sadb_alg_minbits = 128,
236 .sadb_alg_maxbits = 256,
250 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
252 .sadb_alg_minbits = 128,
253 .sadb_alg_maxbits = 256
258 static struct xfrm_algo_desc calg_list[] = {
266 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
275 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
284 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
288 static inline int aalg_entries(void)
290 return ARRAY_SIZE(aalg_list);
293 static inline int ealg_entries(void)
295 return ARRAY_SIZE(ealg_list);
298 static inline int calg_entries(void)
300 return ARRAY_SIZE(calg_list);
303 /* Todo: generic iterators */
304 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
308 for (i = 0; i < aalg_entries(); i++) {
309 if (aalg_list[i].desc.sadb_alg_id == alg_id) {
310 if (aalg_list[i].available)
311 return &aalg_list[i];
319 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
323 for (i = 0; i < ealg_entries(); i++) {
324 if (ealg_list[i].desc.sadb_alg_id == alg_id) {
325 if (ealg_list[i].available)
326 return &ealg_list[i];
334 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
338 for (i = 0; i < calg_entries(); i++) {
339 if (calg_list[i].desc.sadb_alg_id == alg_id) {
340 if (calg_list[i].available)
341 return &calg_list[i];
349 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name)
356 for (i=0; i < aalg_entries(); i++) {
357 if (strcmp(name, aalg_list[i].name) == 0) {
358 if (aalg_list[i].available)
359 return &aalg_list[i];
367 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name)
374 for (i=0; i < ealg_entries(); i++) {
375 if (strcmp(name, ealg_list[i].name) == 0) {
376 if (ealg_list[i].available)
377 return &ealg_list[i];
385 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name)
392 for (i=0; i < calg_entries(); i++) {
393 if (strcmp(name, calg_list[i].name) == 0) {
394 if (calg_list[i].available)
395 return &calg_list[i];
403 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
405 if (idx >= aalg_entries())
408 return &aalg_list[idx];
411 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
413 if (idx >= ealg_entries())
416 return &ealg_list[idx];
419 struct xfrm_algo_desc *xfrm_calg_get_byidx(unsigned int idx)
421 if (idx >= calg_entries())
424 return &calg_list[idx];
428 * Probe for the availability of crypto algorithms, and set the available
429 * flag for any algorithms found on the system. This is typically called by
430 * pfkey during userspace SA add, update or register.
432 void xfrm_probe_algs(void)
437 BUG_ON(in_softirq());
439 for (i = 0; i < aalg_entries(); i++) {
440 status = crypto_alg_available(aalg_list[i].name, 0);
441 if (aalg_list[i].available != status)
442 aalg_list[i].available = status;
445 for (i = 0; i < ealg_entries(); i++) {
446 status = crypto_alg_available(ealg_list[i].name, 0);
447 if (ealg_list[i].available != status)
448 ealg_list[i].available = status;
451 for (i = 0; i < calg_entries(); i++) {
452 status = crypto_alg_available(calg_list[i].name, 0);
453 if (calg_list[i].available != status)
454 calg_list[i].available = status;
459 int xfrm_count_auth_supported(void)
463 for (i = 0, n = 0; i < aalg_entries(); i++)
464 if (aalg_list[i].available)
469 int xfrm_count_enc_supported(void)
473 for (i = 0, n = 0; i < ealg_entries(); i++)
474 if (ealg_list[i].available)
479 /* Move to common area: it is shared with AH. */
481 void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
482 int offset, int len, icv_update_fn_t icv_update)
484 int start = skb_headlen(skb);
485 int i, copy = start - offset;
486 struct scatterlist sg;
488 /* Checksum header. */
493 sg.page = virt_to_page(skb->data + offset);
494 sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
497 icv_update(tfm, &sg, 1);
499 if ((len -= copy) == 0)
504 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
507 BUG_TRAP(start <= offset + len);
509 end = start + skb_shinfo(skb)->frags[i].size;
510 if ((copy = end - offset) > 0) {
511 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
516 sg.page = frag->page;
517 sg.offset = frag->page_offset + offset-start;
520 icv_update(tfm, &sg, 1);
529 if (skb_shinfo(skb)->frag_list) {
530 struct sk_buff *list = skb_shinfo(skb)->frag_list;
532 for (; list; list = list->next) {
535 BUG_TRAP(start <= offset + len);
537 end = start + list->len;
538 if ((copy = end - offset) > 0) {
541 skb_icv_walk(list, tfm, offset-start, copy, icv_update);
542 if ((len -= copy) == 0)
553 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
555 /* Looking generic it is not used in another places. */
558 skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
560 int start = skb_headlen(skb);
561 int i, copy = start - offset;
567 sg[elt].page = virt_to_page(skb->data + offset);
568 sg[elt].offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
569 sg[elt].length = copy;
571 if ((len -= copy) == 0)
576 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
579 BUG_TRAP(start <= offset + len);
581 end = start + skb_shinfo(skb)->frags[i].size;
582 if ((copy = end - offset) > 0) {
583 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
587 sg[elt].page = frag->page;
588 sg[elt].offset = frag->page_offset+offset-start;
589 sg[elt].length = copy;
598 if (skb_shinfo(skb)->frag_list) {
599 struct sk_buff *list = skb_shinfo(skb)->frag_list;
601 for (; list; list = list->next) {
604 BUG_TRAP(start <= offset + len);
606 end = start + list->len;
607 if ((copy = end - offset) > 0) {
610 elt += skb_to_sgvec(list, sg+elt, offset - start, copy);
611 if ((len -= copy) == 0)
622 EXPORT_SYMBOL_GPL(skb_to_sgvec);
624 /* Check that skb data bits are writable. If they are not, copy data
625 * to newly created private area. If "tailbits" is given, make sure that
626 * tailbits bytes beyond current end of skb are writable.
628 * Returns amount of elements of scatterlist to load for subsequent
629 * transformations and pointer to writable trailer skb.
632 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
636 struct sk_buff *skb1, **skb_p;
638 /* If skb is cloned or its head is paged, reallocate
639 * head pulling out all the pages (pages are considered not writable
640 * at the moment even if they are anonymous).
642 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
643 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
646 /* Easy case. Most of packets will go this way. */
647 if (!skb_shinfo(skb)->frag_list) {
648 /* A little of trouble, not enough of space for trailer.
649 * This should not happen, when stack is tuned to generate
650 * good frames. OK, on miss we reallocate and reserve even more
651 * space, 128 bytes is fair. */
653 if (skb_tailroom(skb) < tailbits &&
654 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
662 /* Misery. We are in troubles, going to mincer fragments... */
665 skb_p = &skb_shinfo(skb)->frag_list;
668 while ((skb1 = *skb_p) != NULL) {
671 /* The fragment is partially pulled by someone,
672 * this can happen on input. Copy it and everything
675 if (skb_shared(skb1))
678 /* If the skb is the last, worry about trailer. */
680 if (skb1->next == NULL && tailbits) {
681 if (skb_shinfo(skb1)->nr_frags ||
682 skb_shinfo(skb1)->frag_list ||
683 skb_tailroom(skb1) < tailbits)
684 ntail = tailbits + 128;
690 skb_shinfo(skb1)->nr_frags ||
691 skb_shinfo(skb1)->frag_list) {
692 struct sk_buff *skb2;
694 /* Fuck, we are miserable poor guys... */
696 skb2 = skb_copy(skb1, GFP_ATOMIC);
698 skb2 = skb_copy_expand(skb1,
702 if (unlikely(skb2 == NULL))
706 skb_set_owner_w(skb, skb1->sk);
708 /* Looking around. Are we still alive?
709 * OK, link new skb, drop old one */
711 skb2->next = skb1->next;
723 EXPORT_SYMBOL_GPL(skb_cow_data);
725 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
728 skb->data_len += len;
731 return skb_put(tail, len);
733 EXPORT_SYMBOL_GPL(pskb_put);
git://git.onelab.eu / linux-2.6.git / blob