2 * Copyright (C)2002 USAGI/WIDE Project
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Mitsuru KANDA @USAGI : IPv6 Support
21 * Kazunori MIYAZAWA @USAGI :
22 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
24 * This file is derived from net/ipv4/esp.c
27 #include <crypto/aead.h>
28 #include <crypto/authenc.h>
29 #include <linux/err.h>
30 #include <linux/module.h>
34 #include <linux/scatterlist.h>
35 #include <linux/kernel.h>
36 #include <linux/pfkeyv2.h>
37 #include <linux/random.h>
38 #include <linux/slab.h>
39 #include <linux/spinlock.h>
42 #include <net/protocol.h>
43 #include <linux/icmpv6.h>
46 struct xfrm_skb_cb xfrm
;
50 #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
52 static u32
esp6_get_mtu(struct xfrm_state
*x
, int mtu
);
55 * Allocate an AEAD request structure with extra space for SG and IV.
57 * For alignment considerations the IV is placed at the front, followed
58 * by the request and finally the SG list.
60 * TODO: Use spare space in skb for this where possible.
62 static void *esp_alloc_tmp(struct crypto_aead
*aead
, int nfrags
)
66 len
= crypto_aead_ivsize(aead
);
68 len
+= crypto_aead_alignmask(aead
) &
69 ~(crypto_tfm_ctx_alignment() - 1);
70 len
= ALIGN(len
, crypto_tfm_ctx_alignment());
73 len
+= sizeof(struct aead_givcrypt_request
) + crypto_aead_reqsize(aead
);
74 len
= ALIGN(len
, __alignof__(struct scatterlist
));
76 len
+= sizeof(struct scatterlist
) * nfrags
;
78 return kmalloc(len
, GFP_ATOMIC
);
81 static inline u8
*esp_tmp_iv(struct crypto_aead
*aead
, void *tmp
)
83 return crypto_aead_ivsize(aead
) ?
84 PTR_ALIGN((u8
*)tmp
, crypto_aead_alignmask(aead
) + 1) : tmp
;
87 static inline struct aead_givcrypt_request
*esp_tmp_givreq(
88 struct crypto_aead
*aead
, u8
*iv
)
90 struct aead_givcrypt_request
*req
;
92 req
= (void *)PTR_ALIGN(iv
+ crypto_aead_ivsize(aead
),
93 crypto_tfm_ctx_alignment());
94 aead_givcrypt_set_tfm(req
, aead
);
98 static inline struct aead_request
*esp_tmp_req(struct crypto_aead
*aead
, u8
*iv
)
100 struct aead_request
*req
;
102 req
= (void *)PTR_ALIGN(iv
+ crypto_aead_ivsize(aead
),
103 crypto_tfm_ctx_alignment());
104 aead_request_set_tfm(req
, aead
);
108 static inline struct scatterlist
*esp_req_sg(struct crypto_aead
*aead
,
109 struct aead_request
*req
)
111 return (void *)ALIGN((unsigned long)(req
+ 1) +
112 crypto_aead_reqsize(aead
),
113 __alignof__(struct scatterlist
));
116 static inline struct scatterlist
*esp_givreq_sg(
117 struct crypto_aead
*aead
, struct aead_givcrypt_request
*req
)
119 return (void *)ALIGN((unsigned long)(req
+ 1) +
120 crypto_aead_reqsize(aead
),
121 __alignof__(struct scatterlist
));
124 static void esp_output_done(struct crypto_async_request
*base
, int err
)
126 struct sk_buff
*skb
= base
->data
;
128 kfree(ESP_SKB_CB(skb
)->tmp
);
129 xfrm_output_resume(skb
, err
);
132 static int esp6_output(struct xfrm_state
*x
, struct sk_buff
*skb
)
135 struct ip_esp_hdr
*esph
;
136 struct crypto_aead
*aead
;
137 struct aead_givcrypt_request
*req
;
138 struct scatterlist
*sg
;
139 struct scatterlist
*asg
;
140 struct sk_buff
*trailer
;
150 struct esp_data
*esp
= x
->data
;
152 /* skb is pure payload to encrypt */
156 alen
= crypto_aead_authsize(aead
);
160 struct xfrm_dst
*dst
= (struct xfrm_dst
*)skb_dst(skb
);
163 padto
= min(x
->tfcpad
, esp6_get_mtu(x
, dst
->child_mtu_cached
));
164 if (skb
->len
< padto
)
165 tfclen
= padto
- skb
->len
;
167 blksize
= ALIGN(crypto_aead_blocksize(aead
), 4);
168 clen
= ALIGN(skb
->len
+ 2 + tfclen
, blksize
);
170 clen
= ALIGN(clen
, esp
->padlen
);
171 plen
= clen
- skb
->len
- tfclen
;
173 err
= skb_cow_data(skb
, tfclen
+ plen
+ alen
, &trailer
);
178 tmp
= esp_alloc_tmp(aead
, nfrags
+ 1);
182 iv
= esp_tmp_iv(aead
, tmp
);
183 req
= esp_tmp_givreq(aead
, iv
);
184 asg
= esp_givreq_sg(aead
, req
);
187 /* Fill padding... */
188 tail
= skb_tail_pointer(trailer
);
190 memset(tail
, 0, tfclen
);
195 for (i
= 0; i
< plen
- 2; i
++)
198 tail
[plen
- 2] = plen
- 2;
199 tail
[plen
- 1] = *skb_mac_header(skb
);
200 pskb_put(skb
, trailer
, clen
- skb
->len
+ alen
);
202 skb_push(skb
, -skb_network_offset(skb
));
203 esph
= ip_esp_hdr(skb
);
204 *skb_mac_header(skb
) = IPPROTO_ESP
;
206 esph
->spi
= x
->id
.spi
;
207 esph
->seq_no
= htonl(XFRM_SKB_CB(skb
)->seq
.output
);
209 sg_init_table(sg
, nfrags
);
210 skb_to_sgvec(skb
, sg
,
211 esph
->enc_data
+ crypto_aead_ivsize(aead
) - skb
->data
,
213 sg_init_one(asg
, esph
, sizeof(*esph
));
215 aead_givcrypt_set_callback(req
, 0, esp_output_done
, skb
);
216 aead_givcrypt_set_crypt(req
, sg
, sg
, clen
, iv
);
217 aead_givcrypt_set_assoc(req
, asg
, sizeof(*esph
));
218 aead_givcrypt_set_giv(req
, esph
->enc_data
,
219 XFRM_SKB_CB(skb
)->seq
.output
);
221 ESP_SKB_CB(skb
)->tmp
= tmp
;
222 err
= crypto_aead_givencrypt(req
);
223 if (err
== -EINPROGRESS
)
235 static int esp_input_done2(struct sk_buff
*skb
, int err
)
237 struct xfrm_state
*x
= xfrm_input_state(skb
);
238 struct esp_data
*esp
= x
->data
;
239 struct crypto_aead
*aead
= esp
->aead
;
240 int alen
= crypto_aead_authsize(aead
);
241 int hlen
= sizeof(struct ip_esp_hdr
) + crypto_aead_ivsize(aead
);
242 int elen
= skb
->len
- hlen
;
243 int hdr_len
= skb_network_header_len(skb
);
247 kfree(ESP_SKB_CB(skb
)->tmp
);
252 if (skb_copy_bits(skb
, skb
->len
- alen
- 2, nexthdr
, 2))
257 if (padlen
+ 2 + alen
>= elen
) {
258 LIMIT_NETDEBUG(KERN_WARNING
"ipsec esp packet is garbage "
259 "padlen=%d, elen=%d\n", padlen
+ 2, elen
- alen
);
263 /* ... check padding bits here. Silly. :-) */
265 pskb_trim(skb
, skb
->len
- alen
- padlen
- 2);
266 __skb_pull(skb
, hlen
);
267 skb_set_transport_header(skb
, -hdr_len
);
271 /* RFC4303: Drop dummy packets without any error */
272 if (err
== IPPROTO_NONE
)
279 static void esp_input_done(struct crypto_async_request
*base
, int err
)
281 struct sk_buff
*skb
= base
->data
;
283 xfrm_input_resume(skb
, esp_input_done2(skb
, err
));
286 static int esp6_input(struct xfrm_state
*x
, struct sk_buff
*skb
)
288 struct ip_esp_hdr
*esph
;
289 struct esp_data
*esp
= x
->data
;
290 struct crypto_aead
*aead
= esp
->aead
;
291 struct aead_request
*req
;
292 struct sk_buff
*trailer
;
293 int elen
= skb
->len
- sizeof(*esph
) - crypto_aead_ivsize(aead
);
298 struct scatterlist
*sg
;
299 struct scatterlist
*asg
;
301 if (!pskb_may_pull(skb
, sizeof(*esph
) + crypto_aead_ivsize(aead
))) {
311 if ((nfrags
= skb_cow_data(skb
, 0, &trailer
)) < 0) {
317 tmp
= esp_alloc_tmp(aead
, nfrags
+ 1);
321 ESP_SKB_CB(skb
)->tmp
= tmp
;
322 iv
= esp_tmp_iv(aead
, tmp
);
323 req
= esp_tmp_req(aead
, iv
);
324 asg
= esp_req_sg(aead
, req
);
327 skb
->ip_summed
= CHECKSUM_NONE
;
329 esph
= (struct ip_esp_hdr
*)skb
->data
;
331 /* Get ivec. This can be wrong, check against another impls. */
334 sg_init_table(sg
, nfrags
);
335 skb_to_sgvec(skb
, sg
, sizeof(*esph
) + crypto_aead_ivsize(aead
), elen
);
336 sg_init_one(asg
, esph
, sizeof(*esph
));
338 aead_request_set_callback(req
, 0, esp_input_done
, skb
);
339 aead_request_set_crypt(req
, sg
, sg
, elen
, iv
);
340 aead_request_set_assoc(req
, asg
, sizeof(*esph
));
342 ret
= crypto_aead_decrypt(req
);
343 if (ret
== -EINPROGRESS
)
346 ret
= esp_input_done2(skb
, ret
);
352 static u32
esp6_get_mtu(struct xfrm_state
*x
, int mtu
)
354 struct esp_data
*esp
= x
->data
;
355 u32 blksize
= ALIGN(crypto_aead_blocksize(esp
->aead
), 4);
356 u32 align
= max_t(u32
, blksize
, esp
->padlen
);
359 mtu
-= x
->props
.header_len
+ crypto_aead_authsize(esp
->aead
);
360 rem
= mtu
& (align
- 1);
363 if (x
->props
.mode
!= XFRM_MODE_TUNNEL
) {
364 u32 padsize
= ((blksize
- 1) & 7) + 1;
365 mtu
-= blksize
- padsize
;
366 mtu
+= min_t(u32
, blksize
- padsize
, rem
);
372 static void esp6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
373 u8 type
, u8 code
, int offset
, __be32 info
)
375 struct net
*net
= dev_net(skb
->dev
);
376 struct ipv6hdr
*iph
= (struct ipv6hdr
*)skb
->data
;
377 struct ip_esp_hdr
*esph
= (struct ip_esp_hdr
*)(skb
->data
+ offset
);
378 struct xfrm_state
*x
;
380 if (type
!= ICMPV6_DEST_UNREACH
&&
381 type
!= ICMPV6_PKT_TOOBIG
)
384 x
= xfrm_state_lookup(net
, skb
->mark
, (xfrm_address_t
*)&iph
->daddr
, esph
->spi
, IPPROTO_ESP
, AF_INET6
);
387 printk(KERN_DEBUG
"pmtu discovery on SA ESP/%08x/%pI6\n",
388 ntohl(esph
->spi
), &iph
->daddr
);
392 static void esp6_destroy(struct xfrm_state
*x
)
394 struct esp_data
*esp
= x
->data
;
399 crypto_free_aead(esp
->aead
);
403 static int esp_init_aead(struct xfrm_state
*x
)
405 struct esp_data
*esp
= x
->data
;
406 struct crypto_aead
*aead
;
409 aead
= crypto_alloc_aead(x
->aead
->alg_name
, 0, 0);
416 err
= crypto_aead_setkey(aead
, x
->aead
->alg_key
,
417 (x
->aead
->alg_key_len
+ 7) / 8);
421 err
= crypto_aead_setauthsize(aead
, x
->aead
->alg_icv_len
/ 8);
429 static int esp_init_authenc(struct xfrm_state
*x
)
431 struct esp_data
*esp
= x
->data
;
432 struct crypto_aead
*aead
;
433 struct crypto_authenc_key_param
*param
;
437 char authenc_name
[CRYPTO_MAX_ALG_NAME
];
446 if (snprintf(authenc_name
, CRYPTO_MAX_ALG_NAME
, "authenc(%s,%s)",
447 x
->aalg
? x
->aalg
->alg_name
: "digest_null",
448 x
->ealg
->alg_name
) >= CRYPTO_MAX_ALG_NAME
)
451 aead
= crypto_alloc_aead(authenc_name
, 0, 0);
458 keylen
= (x
->aalg
? (x
->aalg
->alg_key_len
+ 7) / 8 : 0) +
459 (x
->ealg
->alg_key_len
+ 7) / 8 + RTA_SPACE(sizeof(*param
));
461 key
= kmalloc(keylen
, GFP_KERNEL
);
467 rta
->rta_type
= CRYPTO_AUTHENC_KEYA_PARAM
;
468 rta
->rta_len
= RTA_LENGTH(sizeof(*param
));
469 param
= RTA_DATA(rta
);
470 p
+= RTA_SPACE(sizeof(*param
));
473 struct xfrm_algo_desc
*aalg_desc
;
475 memcpy(p
, x
->aalg
->alg_key
, (x
->aalg
->alg_key_len
+ 7) / 8);
476 p
+= (x
->aalg
->alg_key_len
+ 7) / 8;
478 aalg_desc
= xfrm_aalg_get_byname(x
->aalg
->alg_name
, 0);
482 if (aalg_desc
->uinfo
.auth
.icv_fullbits
/8 !=
483 crypto_aead_authsize(aead
)) {
484 NETDEBUG(KERN_INFO
"ESP: %s digestsize %u != %hu\n",
486 crypto_aead_authsize(aead
),
487 aalg_desc
->uinfo
.auth
.icv_fullbits
/8);
491 err
= crypto_aead_setauthsize(
492 aead
, x
->aalg
->alg_trunc_len
/ 8);
497 param
->enckeylen
= cpu_to_be32((x
->ealg
->alg_key_len
+ 7) / 8);
498 memcpy(p
, x
->ealg
->alg_key
, (x
->ealg
->alg_key_len
+ 7) / 8);
500 err
= crypto_aead_setkey(aead
, key
, keylen
);
509 static int esp6_init_state(struct xfrm_state
*x
)
511 struct esp_data
*esp
;
512 struct crypto_aead
*aead
;
519 esp
= kzalloc(sizeof(*esp
), GFP_KERNEL
);
526 err
= esp_init_aead(x
);
528 err
= esp_init_authenc(x
);
537 x
->props
.header_len
= sizeof(struct ip_esp_hdr
) +
538 crypto_aead_ivsize(aead
);
539 switch (x
->props
.mode
) {
541 if (x
->sel
.family
!= AF_INET6
)
542 x
->props
.header_len
+= IPV4_BEET_PHMAXLEN
+
543 (sizeof(struct ipv6hdr
) - sizeof(struct iphdr
));
545 case XFRM_MODE_TRANSPORT
:
547 case XFRM_MODE_TUNNEL
:
548 x
->props
.header_len
+= sizeof(struct ipv6hdr
);
554 align
= ALIGN(crypto_aead_blocksize(aead
), 4);
556 align
= max_t(u32
, align
, esp
->padlen
);
557 x
->props
.trailer_len
= align
+ 1 + crypto_aead_authsize(esp
->aead
);
563 static const struct xfrm_type esp6_type
=
565 .description
= "ESP6",
566 .owner
= THIS_MODULE
,
567 .proto
= IPPROTO_ESP
,
568 .flags
= XFRM_TYPE_REPLAY_PROT
,
569 .init_state
= esp6_init_state
,
570 .destructor
= esp6_destroy
,
571 .get_mtu
= esp6_get_mtu
,
573 .output
= esp6_output
,
574 .hdr_offset
= xfrm6_find_1stfragopt
,
577 static const struct inet6_protocol esp6_protocol
= {
578 .handler
= xfrm6_rcv
,
579 .err_handler
= esp6_err
,
580 .flags
= INET6_PROTO_NOPOLICY
,
583 static int __init
esp6_init(void)
585 if (xfrm_register_type(&esp6_type
, AF_INET6
) < 0) {
586 printk(KERN_INFO
"ipv6 esp init: can't add xfrm type\n");
589 if (inet6_add_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0) {
590 printk(KERN_INFO
"ipv6 esp init: can't add protocol\n");
591 xfrm_unregister_type(&esp6_type
, AF_INET6
);
598 static void __exit
esp6_fini(void)
600 if (inet6_del_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0)
601 printk(KERN_INFO
"ipv6 esp close: can't remove protocol\n");
602 if (xfrm_unregister_type(&esp6_type
, AF_INET6
) < 0)
603 printk(KERN_INFO
"ipv6 esp close: can't remove xfrm type\n");
606 module_init(esp6_init
);
607 module_exit(esp6_fini
);
609 MODULE_LICENSE("GPL");
610 MODULE_ALIAS_XFRM_TYPE(AF_INET6
, XFRM_PROTO_ESP
);