2 #include <linux/module.h>
6 #include <asm/scatterlist.h>
7 #include <linux/crypto.h>
8 #include <linux/kernel.h>
9 #include <linux/pfkeyv2.h>
10 #include <linux/random.h>
11 #include <linux/in6.h>
13 #include <net/protocol.h>
16 static int esp_output(struct xfrm_state
*x
, struct sk_buff
*skb
)
19 struct iphdr
*top_iph
;
20 struct ip_esp_hdr
*esph
;
21 struct crypto_blkcipher
*tfm
;
22 struct blkcipher_desc desc
;
24 struct sk_buff
*trailer
;
31 /* Strip IP+ESP header. */
32 __skb_pull(skb
, skb_transport_offset(skb
));
33 /* Now skb is pure payload to encrypt */
37 /* Round to block size */
41 alen
= esp
->auth
.icv_trunc_len
;
45 blksize
= ALIGN(crypto_blkcipher_blocksize(tfm
), 4);
46 clen
= ALIGN(clen
+ 2, blksize
);
48 clen
= ALIGN(clen
, esp
->conf
.padlen
);
50 if ((nfrags
= skb_cow_data(skb
, clen
-skb
->len
+alen
, &trailer
)) < 0)
54 tail
= skb_tail_pointer(trailer
);
57 for (i
=0; i
<clen
-skb
->len
- 2; i
++)
60 tail
[clen
- skb
->len
- 2] = (clen
- skb
->len
) - 2;
61 pskb_put(skb
, trailer
, clen
- skb
->len
);
63 __skb_push(skb
, skb
->data
- skb_network_header(skb
));
64 top_iph
= ip_hdr(skb
);
65 esph
= (struct ip_esp_hdr
*)(skb_network_header(skb
) +
67 top_iph
->tot_len
= htons(skb
->len
+ alen
);
68 *(skb_tail_pointer(trailer
) - 1) = top_iph
->protocol
;
70 /* this is non-NULL only with UDP Encapsulation */
72 struct xfrm_encap_tmpl
*encap
= x
->encap
;
76 uh
= (struct udphdr
*)esph
;
77 uh
->source
= encap
->encap_sport
;
78 uh
->dest
= encap
->encap_dport
;
79 uh
->len
= htons(skb
->len
+ alen
- top_iph
->ihl
*4);
82 switch (encap
->encap_type
) {
84 case UDP_ENCAP_ESPINUDP
:
85 esph
= (struct ip_esp_hdr
*)(uh
+ 1);
87 case UDP_ENCAP_ESPINUDP_NON_IKE
:
88 udpdata32
= (__be32
*)(uh
+ 1);
89 udpdata32
[0] = udpdata32
[1] = 0;
90 esph
= (struct ip_esp_hdr
*)(udpdata32
+ 2);
94 top_iph
->protocol
= IPPROTO_UDP
;
96 top_iph
->protocol
= IPPROTO_ESP
;
98 esph
->spi
= x
->id
.spi
;
99 esph
->seq_no
= htonl(++x
->replay
.oseq
);
100 xfrm_aevent_doreplay(x
);
102 if (esp
->conf
.ivlen
) {
103 if (unlikely(!esp
->conf
.ivinitted
)) {
104 get_random_bytes(esp
->conf
.ivec
, esp
->conf
.ivlen
);
105 esp
->conf
.ivinitted
= 1;
107 crypto_blkcipher_set_iv(tfm
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
111 struct scatterlist
*sg
= &esp
->sgbuf
[0];
113 if (unlikely(nfrags
> ESP_NUM_FAST_SG
)) {
114 sg
= kmalloc(sizeof(struct scatterlist
)*nfrags
, GFP_ATOMIC
);
118 skb_to_sgvec(skb
, sg
, esph
->enc_data
+esp
->conf
.ivlen
-skb
->data
, clen
);
119 err
= crypto_blkcipher_encrypt(&desc
, sg
, sg
, clen
);
120 if (unlikely(sg
!= &esp
->sgbuf
[0]))
127 if (esp
->conf
.ivlen
) {
128 memcpy(esph
->enc_data
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
129 crypto_blkcipher_get_iv(tfm
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
132 if (esp
->auth
.icv_full_len
) {
133 err
= esp_mac_digest(esp
, skb
, (u8
*)esph
- skb
->data
,
134 sizeof(*esph
) + esp
->conf
.ivlen
+ clen
);
135 memcpy(pskb_put(skb
, trailer
, alen
), esp
->auth
.work_icv
, alen
);
138 ip_send_check(top_iph
);
145 * Note: detecting truncated vs. non-truncated authentication data is very
146 * expensive, so we only support truncated data, which is the recommended
149 static int esp_input(struct xfrm_state
*x
, struct sk_buff
*skb
)
152 struct ip_esp_hdr
*esph
;
153 struct esp_data
*esp
= x
->data
;
154 struct crypto_blkcipher
*tfm
= esp
->conf
.tfm
;
155 struct blkcipher_desc desc
= { .tfm
= tfm
};
156 struct sk_buff
*trailer
;
157 int blksize
= ALIGN(crypto_blkcipher_blocksize(tfm
), 4);
158 int alen
= esp
->auth
.icv_trunc_len
;
159 int elen
= skb
->len
- sizeof(struct ip_esp_hdr
) - esp
->conf
.ivlen
- alen
;
163 struct scatterlist
*sg
;
167 if (!pskb_may_pull(skb
, sizeof(struct ip_esp_hdr
)))
170 if (elen
<= 0 || (elen
& (blksize
-1)))
173 /* If integrity check is required, do this. */
174 if (esp
->auth
.icv_full_len
) {
177 err
= esp_mac_digest(esp
, skb
, 0, skb
->len
- alen
);
181 if (skb_copy_bits(skb
, skb
->len
- alen
, sum
, alen
))
184 if (unlikely(memcmp(esp
->auth
.work_icv
, sum
, alen
))) {
185 x
->stats
.integrity_failed
++;
190 if ((nfrags
= skb_cow_data(skb
, 0, &trailer
)) < 0)
193 skb
->ip_summed
= CHECKSUM_NONE
;
195 esph
= (struct ip_esp_hdr
*)skb
->data
;
197 /* Get ivec. This can be wrong, check against another impls. */
199 crypto_blkcipher_set_iv(tfm
, esph
->enc_data
, esp
->conf
.ivlen
);
203 if (unlikely(nfrags
> ESP_NUM_FAST_SG
)) {
204 sg
= kmalloc(sizeof(struct scatterlist
)*nfrags
, GFP_ATOMIC
);
208 skb_to_sgvec(skb
, sg
, sizeof(struct ip_esp_hdr
) + esp
->conf
.ivlen
, elen
);
209 err
= crypto_blkcipher_decrypt(&desc
, sg
, sg
, elen
);
210 if (unlikely(sg
!= &esp
->sgbuf
[0]))
215 if (skb_copy_bits(skb
, skb
->len
-alen
-2, nexthdr
, 2))
219 if (padlen
+2 >= elen
)
222 /* ... check padding bits here. Silly. :-) */
224 /* RFC4303: Drop dummy packets without any error */
225 if (nexthdr
[1] == IPPROTO_NONE
)
232 struct xfrm_encap_tmpl
*encap
= x
->encap
;
233 struct udphdr
*uh
= (void *)(skb_network_header(skb
) + ihl
);
236 * 1) if the NAT-T peer's IP or port changed then
237 * advertize the change to the keying daemon.
238 * This is an inbound SA, so just compare
241 if (iph
->saddr
!= x
->props
.saddr
.a4
||
242 uh
->source
!= encap
->encap_sport
) {
243 xfrm_address_t ipaddr
;
245 ipaddr
.a4
= iph
->saddr
;
246 km_new_mapping(x
, &ipaddr
, uh
->source
);
248 /* XXX: perhaps add an extra
249 * policy check here, to see
250 * if we should allow or
251 * reject a packet from a
258 * 2) ignore UDP/TCP checksums in case
259 * of NAT-T in Transport Mode, or
260 * perform other post-processing fixes
261 * as per draft-ietf-ipsec-udp-encaps-06,
264 if (x
->props
.mode
== XFRM_MODE_TRANSPORT
||
265 x
->props
.mode
== XFRM_MODE_BEET
)
266 skb
->ip_summed
= CHECKSUM_UNNECESSARY
;
269 iph
->protocol
= nexthdr
[1];
270 pskb_trim(skb
, skb
->len
- alen
- padlen
- 2);
271 __skb_pull(skb
, sizeof(*esph
) + esp
->conf
.ivlen
);
272 skb_set_transport_header(skb
, -ihl
);
280 static u32
esp4_get_mtu(struct xfrm_state
*x
, int mtu
)
282 struct esp_data
*esp
= x
->data
;
283 u32 blksize
= ALIGN(crypto_blkcipher_blocksize(esp
->conf
.tfm
), 4);
284 u32 align
= max_t(u32
, blksize
, esp
->conf
.padlen
);
287 mtu
-= x
->props
.header_len
+ esp
->auth
.icv_trunc_len
;
288 rem
= mtu
& (align
- 1);
291 switch (x
->props
.mode
) {
292 case XFRM_MODE_TUNNEL
:
295 case XFRM_MODE_TRANSPORT
:
298 mtu
+= min_t(u32
, blksize
- 4, rem
);
301 /* The worst case. */
302 mtu
+= min_t(u32
, IPV4_BEET_PHMAXLEN
, rem
);
309 static void esp4_err(struct sk_buff
*skb
, u32 info
)
311 struct iphdr
*iph
= (struct iphdr
*)skb
->data
;
312 struct ip_esp_hdr
*esph
= (struct ip_esp_hdr
*)(skb
->data
+(iph
->ihl
<<2));
313 struct xfrm_state
*x
;
315 if (icmp_hdr(skb
)->type
!= ICMP_DEST_UNREACH
||
316 icmp_hdr(skb
)->code
!= ICMP_FRAG_NEEDED
)
319 x
= xfrm_state_lookup((xfrm_address_t
*)&iph
->daddr
, esph
->spi
, IPPROTO_ESP
, AF_INET
);
322 NETDEBUG(KERN_DEBUG
"pmtu discovery on SA ESP/%08x/%08x\n",
323 ntohl(esph
->spi
), ntohl(iph
->daddr
));
327 static void esp_destroy(struct xfrm_state
*x
)
329 struct esp_data
*esp
= x
->data
;
334 crypto_free_blkcipher(esp
->conf
.tfm
);
335 esp
->conf
.tfm
= NULL
;
336 kfree(esp
->conf
.ivec
);
337 esp
->conf
.ivec
= NULL
;
338 crypto_free_hash(esp
->auth
.tfm
);
339 esp
->auth
.tfm
= NULL
;
340 kfree(esp
->auth
.work_icv
);
341 esp
->auth
.work_icv
= NULL
;
345 static int esp_init_state(struct xfrm_state
*x
)
347 struct esp_data
*esp
= NULL
;
348 struct crypto_blkcipher
*tfm
;
351 /* null auth and encryption can have zero length keys */
353 if (x
->aalg
->alg_key_len
> 512)
359 esp
= kzalloc(sizeof(*esp
), GFP_KERNEL
);
364 struct xfrm_algo_desc
*aalg_desc
;
365 struct crypto_hash
*hash
;
367 esp
->auth
.key
= x
->aalg
->alg_key
;
368 esp
->auth
.key_len
= (x
->aalg
->alg_key_len
+7)/8;
369 hash
= crypto_alloc_hash(x
->aalg
->alg_name
, 0,
374 esp
->auth
.tfm
= hash
;
375 if (crypto_hash_setkey(hash
, esp
->auth
.key
, esp
->auth
.key_len
))
378 aalg_desc
= xfrm_aalg_get_byname(x
->aalg
->alg_name
, 0);
381 if (aalg_desc
->uinfo
.auth
.icv_fullbits
/8 !=
382 crypto_hash_digestsize(hash
)) {
383 NETDEBUG(KERN_INFO
"ESP: %s digestsize %u != %hu\n",
385 crypto_hash_digestsize(hash
),
386 aalg_desc
->uinfo
.auth
.icv_fullbits
/8);
390 esp
->auth
.icv_full_len
= aalg_desc
->uinfo
.auth
.icv_fullbits
/8;
391 esp
->auth
.icv_trunc_len
= aalg_desc
->uinfo
.auth
.icv_truncbits
/8;
393 esp
->auth
.work_icv
= kmalloc(esp
->auth
.icv_full_len
, GFP_KERNEL
);
394 if (!esp
->auth
.work_icv
)
397 esp
->conf
.key
= x
->ealg
->alg_key
;
398 esp
->conf
.key_len
= (x
->ealg
->alg_key_len
+7)/8;
399 tfm
= crypto_alloc_blkcipher(x
->ealg
->alg_name
, 0, CRYPTO_ALG_ASYNC
);
403 esp
->conf
.ivlen
= crypto_blkcipher_ivsize(tfm
);
404 esp
->conf
.padlen
= 0;
405 if (esp
->conf
.ivlen
) {
406 esp
->conf
.ivec
= kmalloc(esp
->conf
.ivlen
, GFP_KERNEL
);
407 if (unlikely(esp
->conf
.ivec
== NULL
))
409 esp
->conf
.ivinitted
= 0;
411 if (crypto_blkcipher_setkey(tfm
, esp
->conf
.key
, esp
->conf
.key_len
))
413 x
->props
.header_len
= sizeof(struct ip_esp_hdr
) + esp
->conf
.ivlen
;
414 if (x
->props
.mode
== XFRM_MODE_TUNNEL
)
415 x
->props
.header_len
+= sizeof(struct iphdr
);
416 else if (x
->props
.mode
== XFRM_MODE_BEET
)
417 x
->props
.header_len
+= IPV4_BEET_PHMAXLEN
;
419 struct xfrm_encap_tmpl
*encap
= x
->encap
;
421 switch (encap
->encap_type
) {
424 case UDP_ENCAP_ESPINUDP
:
425 x
->props
.header_len
+= sizeof(struct udphdr
);
427 case UDP_ENCAP_ESPINUDP_NON_IKE
:
428 x
->props
.header_len
+= sizeof(struct udphdr
) + 2 * sizeof(u32
);
433 align
= ALIGN(crypto_blkcipher_blocksize(esp
->conf
.tfm
), 4);
434 if (esp
->conf
.padlen
)
435 align
= max_t(u32
, align
, esp
->conf
.padlen
);
436 x
->props
.trailer_len
= align
+ 1 + esp
->auth
.icv_trunc_len
;
446 static struct xfrm_type esp_type
=
448 .description
= "ESP4",
449 .owner
= THIS_MODULE
,
450 .proto
= IPPROTO_ESP
,
451 .init_state
= esp_init_state
,
452 .destructor
= esp_destroy
,
453 .get_mtu
= esp4_get_mtu
,
458 static struct net_protocol esp4_protocol
= {
459 .handler
= xfrm4_rcv
,
460 .err_handler
= esp4_err
,
464 static int __init
esp4_init(void)
466 if (xfrm_register_type(&esp_type
, AF_INET
) < 0) {
467 printk(KERN_INFO
"ip esp init: can't add xfrm type\n");
470 if (inet_add_protocol(&esp4_protocol
, IPPROTO_ESP
) < 0) {
471 printk(KERN_INFO
"ip esp init: can't add protocol\n");
472 xfrm_unregister_type(&esp_type
, AF_INET
);
478 static void __exit
esp4_fini(void)
480 if (inet_del_protocol(&esp4_protocol
, IPPROTO_ESP
) < 0)
481 printk(KERN_INFO
"ip esp close: can't remove protocol\n");
482 if (xfrm_unregister_type(&esp_type
, AF_INET
) < 0)
483 printk(KERN_INFO
"ip esp close: can't remove xfrm type\n");
486 module_init(esp4_init
);
487 module_exit(esp4_fini
);
488 MODULE_LICENSE("GPL");