2 * Copyright (C)2002 USAGI/WIDE Project
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Mitsuru KANDA @USAGI : IPv6 Support
21 * Kazunori MIYAZAWA @USAGI :
22 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
24 * This file is derived from net/ipv4/esp.c
27 #include <crypto/aead.h>
28 #include <crypto/authenc.h>
29 #include <linux/err.h>
30 #include <linux/module.h>
34 #include <linux/scatterlist.h>
35 #include <linux/kernel.h>
36 #include <linux/pfkeyv2.h>
37 #include <linux/random.h>
38 #include <linux/slab.h>
39 #include <linux/spinlock.h>
42 #include <net/protocol.h>
43 #include <linux/icmpv6.h>
46 struct xfrm_skb_cb xfrm
;
50 #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
53 * Allocate an AEAD request structure with extra space for SG and IV.
55 * For alignment considerations the IV is placed at the front, followed
56 * by the request and finally the SG list.
58 * TODO: Use spare space in skb for this where possible.
60 static void *esp_alloc_tmp(struct crypto_aead
*aead
, int nfrags
)
64 len
= crypto_aead_ivsize(aead
);
66 len
+= crypto_aead_alignmask(aead
) &
67 ~(crypto_tfm_ctx_alignment() - 1);
68 len
= ALIGN(len
, crypto_tfm_ctx_alignment());
71 len
+= sizeof(struct aead_givcrypt_request
) + crypto_aead_reqsize(aead
);
72 len
= ALIGN(len
, __alignof__(struct scatterlist
));
74 len
+= sizeof(struct scatterlist
) * nfrags
;
76 return kmalloc(len
, GFP_ATOMIC
);
79 static inline u8
*esp_tmp_iv(struct crypto_aead
*aead
, void *tmp
)
81 return crypto_aead_ivsize(aead
) ?
82 PTR_ALIGN((u8
*)tmp
, crypto_aead_alignmask(aead
) + 1) : tmp
;
85 static inline struct aead_givcrypt_request
*esp_tmp_givreq(
86 struct crypto_aead
*aead
, u8
*iv
)
88 struct aead_givcrypt_request
*req
;
90 req
= (void *)PTR_ALIGN(iv
+ crypto_aead_ivsize(aead
),
91 crypto_tfm_ctx_alignment());
92 aead_givcrypt_set_tfm(req
, aead
);
96 static inline struct aead_request
*esp_tmp_req(struct crypto_aead
*aead
, u8
*iv
)
98 struct aead_request
*req
;
100 req
= (void *)PTR_ALIGN(iv
+ crypto_aead_ivsize(aead
),
101 crypto_tfm_ctx_alignment());
102 aead_request_set_tfm(req
, aead
);
106 static inline struct scatterlist
*esp_req_sg(struct crypto_aead
*aead
,
107 struct aead_request
*req
)
109 return (void *)ALIGN((unsigned long)(req
+ 1) +
110 crypto_aead_reqsize(aead
),
111 __alignof__(struct scatterlist
));
114 static inline struct scatterlist
*esp_givreq_sg(
115 struct crypto_aead
*aead
, struct aead_givcrypt_request
*req
)
117 return (void *)ALIGN((unsigned long)(req
+ 1) +
118 crypto_aead_reqsize(aead
),
119 __alignof__(struct scatterlist
));
122 static void esp_output_done(struct crypto_async_request
*base
, int err
)
124 struct sk_buff
*skb
= base
->data
;
126 kfree(ESP_SKB_CB(skb
)->tmp
);
127 xfrm_output_resume(skb
, err
);
130 static int esp6_output(struct xfrm_state
*x
, struct sk_buff
*skb
)
133 struct ip_esp_hdr
*esph
;
134 struct crypto_aead
*aead
;
135 struct aead_givcrypt_request
*req
;
136 struct scatterlist
*sg
;
137 struct scatterlist
*asg
;
138 struct sk_buff
*trailer
;
146 struct esp_data
*esp
= x
->data
;
148 /* skb is pure payload to encrypt */
151 /* Round to block size */
155 alen
= crypto_aead_authsize(aead
);
157 blksize
= ALIGN(crypto_aead_blocksize(aead
), 4);
158 clen
= ALIGN(clen
+ 2, blksize
);
160 clen
= ALIGN(clen
, esp
->padlen
);
162 if ((err
= skb_cow_data(skb
, clen
- skb
->len
+ alen
, &trailer
)) < 0)
166 tmp
= esp_alloc_tmp(aead
, nfrags
+ 1);
170 iv
= esp_tmp_iv(aead
, tmp
);
171 req
= esp_tmp_givreq(aead
, iv
);
172 asg
= esp_givreq_sg(aead
, req
);
175 /* Fill padding... */
176 tail
= skb_tail_pointer(trailer
);
179 for (i
=0; i
<clen
-skb
->len
- 2; i
++)
182 tail
[clen
-skb
->len
- 2] = (clen
- skb
->len
) - 2;
183 tail
[clen
- skb
->len
- 1] = *skb_mac_header(skb
);
184 pskb_put(skb
, trailer
, clen
- skb
->len
+ alen
);
186 skb_push(skb
, -skb_network_offset(skb
));
187 esph
= ip_esp_hdr(skb
);
188 *skb_mac_header(skb
) = IPPROTO_ESP
;
190 esph
->spi
= x
->id
.spi
;
191 esph
->seq_no
= htonl(XFRM_SKB_CB(skb
)->seq
.output
);
193 sg_init_table(sg
, nfrags
);
194 skb_to_sgvec(skb
, sg
,
195 esph
->enc_data
+ crypto_aead_ivsize(aead
) - skb
->data
,
197 sg_init_one(asg
, esph
, sizeof(*esph
));
199 aead_givcrypt_set_callback(req
, 0, esp_output_done
, skb
);
200 aead_givcrypt_set_crypt(req
, sg
, sg
, clen
, iv
);
201 aead_givcrypt_set_assoc(req
, asg
, sizeof(*esph
));
202 aead_givcrypt_set_giv(req
, esph
->enc_data
,
203 XFRM_SKB_CB(skb
)->seq
.output
);
205 ESP_SKB_CB(skb
)->tmp
= tmp
;
206 err
= crypto_aead_givencrypt(req
);
207 if (err
== -EINPROGRESS
)
219 static int esp_input_done2(struct sk_buff
*skb
, int err
)
221 struct xfrm_state
*x
= xfrm_input_state(skb
);
222 struct esp_data
*esp
= x
->data
;
223 struct crypto_aead
*aead
= esp
->aead
;
224 int alen
= crypto_aead_authsize(aead
);
225 int hlen
= sizeof(struct ip_esp_hdr
) + crypto_aead_ivsize(aead
);
226 int elen
= skb
->len
- hlen
;
227 int hdr_len
= skb_network_header_len(skb
);
231 kfree(ESP_SKB_CB(skb
)->tmp
);
236 if (skb_copy_bits(skb
, skb
->len
- alen
- 2, nexthdr
, 2))
241 if (padlen
+ 2 + alen
>= elen
) {
242 LIMIT_NETDEBUG(KERN_WARNING
"ipsec esp packet is garbage "
243 "padlen=%d, elen=%d\n", padlen
+ 2, elen
- alen
);
247 /* ... check padding bits here. Silly. :-) */
249 pskb_trim(skb
, skb
->len
- alen
- padlen
- 2);
250 __skb_pull(skb
, hlen
);
251 skb_set_transport_header(skb
, -hdr_len
);
255 /* RFC4303: Drop dummy packets without any error */
256 if (err
== IPPROTO_NONE
)
263 static void esp_input_done(struct crypto_async_request
*base
, int err
)
265 struct sk_buff
*skb
= base
->data
;
267 xfrm_input_resume(skb
, esp_input_done2(skb
, err
));
270 static int esp6_input(struct xfrm_state
*x
, struct sk_buff
*skb
)
272 struct ip_esp_hdr
*esph
;
273 struct esp_data
*esp
= x
->data
;
274 struct crypto_aead
*aead
= esp
->aead
;
275 struct aead_request
*req
;
276 struct sk_buff
*trailer
;
277 int elen
= skb
->len
- sizeof(*esph
) - crypto_aead_ivsize(aead
);
282 struct scatterlist
*sg
;
283 struct scatterlist
*asg
;
285 if (!pskb_may_pull(skb
, sizeof(*esph
) + crypto_aead_ivsize(aead
))) {
295 if ((nfrags
= skb_cow_data(skb
, 0, &trailer
)) < 0) {
301 tmp
= esp_alloc_tmp(aead
, nfrags
+ 1);
305 ESP_SKB_CB(skb
)->tmp
= tmp
;
306 iv
= esp_tmp_iv(aead
, tmp
);
307 req
= esp_tmp_req(aead
, iv
);
308 asg
= esp_req_sg(aead
, req
);
311 skb
->ip_summed
= CHECKSUM_NONE
;
313 esph
= (struct ip_esp_hdr
*)skb
->data
;
315 /* Get ivec. This can be wrong, check against another impls. */
318 sg_init_table(sg
, nfrags
);
319 skb_to_sgvec(skb
, sg
, sizeof(*esph
) + crypto_aead_ivsize(aead
), elen
);
320 sg_init_one(asg
, esph
, sizeof(*esph
));
322 aead_request_set_callback(req
, 0, esp_input_done
, skb
);
323 aead_request_set_crypt(req
, sg
, sg
, elen
, iv
);
324 aead_request_set_assoc(req
, asg
, sizeof(*esph
));
326 ret
= crypto_aead_decrypt(req
);
327 if (ret
== -EINPROGRESS
)
330 ret
= esp_input_done2(skb
, ret
);
336 static u32
esp6_get_mtu(struct xfrm_state
*x
, int mtu
)
338 struct esp_data
*esp
= x
->data
;
339 u32 blksize
= ALIGN(crypto_aead_blocksize(esp
->aead
), 4);
340 u32 align
= max_t(u32
, blksize
, esp
->padlen
);
343 mtu
-= x
->props
.header_len
+ crypto_aead_authsize(esp
->aead
);
344 rem
= mtu
& (align
- 1);
347 if (x
->props
.mode
!= XFRM_MODE_TUNNEL
) {
348 u32 padsize
= ((blksize
- 1) & 7) + 1;
349 mtu
-= blksize
- padsize
;
350 mtu
+= min_t(u32
, blksize
- padsize
, rem
);
356 static void esp6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
357 int type
, int code
, int offset
, __be32 info
)
359 struct ipv6hdr
*iph
= (struct ipv6hdr
*)skb
->data
;
360 struct ip_esp_hdr
*esph
= (struct ip_esp_hdr
*)(skb
->data
+ offset
);
361 struct xfrm_state
*x
;
363 if (type
!= ICMPV6_DEST_UNREACH
&&
364 type
!= ICMPV6_PKT_TOOBIG
)
367 x
= xfrm_state_lookup((xfrm_address_t
*)&iph
->daddr
, esph
->spi
, IPPROTO_ESP
, AF_INET6
);
370 printk(KERN_DEBUG
"pmtu discovery on SA ESP/%08x/" NIP6_FMT
"\n",
371 ntohl(esph
->spi
), NIP6(iph
->daddr
));
375 static void esp6_destroy(struct xfrm_state
*x
)
377 struct esp_data
*esp
= x
->data
;
382 crypto_free_aead(esp
->aead
);
386 static int esp_init_aead(struct xfrm_state
*x
)
388 struct esp_data
*esp
= x
->data
;
389 struct crypto_aead
*aead
;
392 aead
= crypto_alloc_aead(x
->aead
->alg_name
, 0, 0);
399 err
= crypto_aead_setkey(aead
, x
->aead
->alg_key
,
400 (x
->aead
->alg_key_len
+ 7) / 8);
404 err
= crypto_aead_setauthsize(aead
, x
->aead
->alg_icv_len
/ 8);
412 static int esp_init_authenc(struct xfrm_state
*x
)
414 struct esp_data
*esp
= x
->data
;
415 struct crypto_aead
*aead
;
416 struct crypto_authenc_key_param
*param
;
420 char authenc_name
[CRYPTO_MAX_ALG_NAME
];
429 if (snprintf(authenc_name
, CRYPTO_MAX_ALG_NAME
, "authenc(%s,%s)",
430 x
->aalg
? x
->aalg
->alg_name
: "digest_null",
431 x
->ealg
->alg_name
) >= CRYPTO_MAX_ALG_NAME
)
434 aead
= crypto_alloc_aead(authenc_name
, 0, 0);
441 keylen
= (x
->aalg
? (x
->aalg
->alg_key_len
+ 7) / 8 : 0) +
442 (x
->ealg
->alg_key_len
+ 7) / 8 + RTA_SPACE(sizeof(*param
));
444 key
= kmalloc(keylen
, GFP_KERNEL
);
450 rta
->rta_type
= CRYPTO_AUTHENC_KEYA_PARAM
;
451 rta
->rta_len
= RTA_LENGTH(sizeof(*param
));
452 param
= RTA_DATA(rta
);
453 p
+= RTA_SPACE(sizeof(*param
));
456 struct xfrm_algo_desc
*aalg_desc
;
458 memcpy(p
, x
->aalg
->alg_key
, (x
->aalg
->alg_key_len
+ 7) / 8);
459 p
+= (x
->aalg
->alg_key_len
+ 7) / 8;
461 aalg_desc
= xfrm_aalg_get_byname(x
->aalg
->alg_name
, 0);
465 if (aalg_desc
->uinfo
.auth
.icv_fullbits
/8 !=
466 crypto_aead_authsize(aead
)) {
467 NETDEBUG(KERN_INFO
"ESP: %s digestsize %u != %hu\n",
469 crypto_aead_authsize(aead
),
470 aalg_desc
->uinfo
.auth
.icv_fullbits
/8);
474 err
= crypto_aead_setauthsize(
475 aead
, aalg_desc
->uinfo
.auth
.icv_truncbits
/ 8);
480 param
->enckeylen
= cpu_to_be32((x
->ealg
->alg_key_len
+ 7) / 8);
481 memcpy(p
, x
->ealg
->alg_key
, (x
->ealg
->alg_key_len
+ 7) / 8);
483 err
= crypto_aead_setkey(aead
, key
, keylen
);
492 static int esp6_init_state(struct xfrm_state
*x
)
494 struct esp_data
*esp
;
495 struct crypto_aead
*aead
;
502 esp
= kzalloc(sizeof(*esp
), GFP_KERNEL
);
509 err
= esp_init_aead(x
);
511 err
= esp_init_authenc(x
);
520 x
->props
.header_len
= sizeof(struct ip_esp_hdr
) +
521 crypto_aead_ivsize(aead
);
522 switch (x
->props
.mode
) {
524 if (x
->sel
.family
!= AF_INET6
)
525 x
->props
.header_len
+= IPV4_BEET_PHMAXLEN
+
526 (sizeof(struct ipv6hdr
) - sizeof(struct iphdr
));
528 case XFRM_MODE_TRANSPORT
:
530 case XFRM_MODE_TUNNEL
:
531 x
->props
.header_len
+= sizeof(struct ipv6hdr
);
537 align
= ALIGN(crypto_aead_blocksize(aead
), 4);
539 align
= max_t(u32
, align
, esp
->padlen
);
540 x
->props
.trailer_len
= align
+ 1 + crypto_aead_authsize(esp
->aead
);
546 static const struct xfrm_type esp6_type
=
548 .description
= "ESP6",
549 .owner
= THIS_MODULE
,
550 .proto
= IPPROTO_ESP
,
551 .flags
= XFRM_TYPE_REPLAY_PROT
,
552 .init_state
= esp6_init_state
,
553 .destructor
= esp6_destroy
,
554 .get_mtu
= esp6_get_mtu
,
556 .output
= esp6_output
,
557 .hdr_offset
= xfrm6_find_1stfragopt
,
560 static struct inet6_protocol esp6_protocol
= {
561 .handler
= xfrm6_rcv
,
562 .err_handler
= esp6_err
,
563 .flags
= INET6_PROTO_NOPOLICY
,
566 static int __init
esp6_init(void)
568 if (xfrm_register_type(&esp6_type
, AF_INET6
) < 0) {
569 printk(KERN_INFO
"ipv6 esp init: can't add xfrm type\n");
572 if (inet6_add_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0) {
573 printk(KERN_INFO
"ipv6 esp init: can't add protocol\n");
574 xfrm_unregister_type(&esp6_type
, AF_INET6
);
581 static void __exit
esp6_fini(void)
583 if (inet6_del_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0)
584 printk(KERN_INFO
"ipv6 esp close: can't remove protocol\n");
585 if (xfrm_unregister_type(&esp6_type
, AF_INET6
) < 0)
586 printk(KERN_INFO
"ipv6 esp close: can't remove xfrm type\n");
589 module_init(esp6_init
);
590 module_exit(esp6_fini
);
592 MODULE_LICENSE("GPL");
593 MODULE_ALIAS_XFRM_TYPE(AF_INET6
, XFRM_PROTO_ESP
);