crypto: gcm - Add RFC4543 wrapper for GCM
[linux-2.6.git] / net / xfrm / xfrm_algo.c
1 /*
2  * xfrm algorithm interface
3  *
4  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
17 #include <net/xfrm.h>
18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
19 #include <net/ah.h>
20 #endif
21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
22 #include <net/esp.h>
23 #endif
24
25 /*
26  * Algorithms supported by IPsec.  These entries contain properties which
27  * are used in key negotiation and xfrm processing, and are used to verify
28  * that instantiated crypto transforms have correct parameters for IPsec
29  * purposes.
30  */
31 static struct xfrm_algo_desc aead_list[] = {
32 {
33         .name = "rfc4106(gcm(aes))",
34
35         .uinfo = {
36                 .aead = {
37                         .icv_truncbits = 64,
38                 }
39         },
40
41         .desc = {
42                 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43                 .sadb_alg_ivlen = 8,
44                 .sadb_alg_minbits = 128,
45                 .sadb_alg_maxbits = 256
46         }
47 },
48 {
49         .name = "rfc4106(gcm(aes))",
50
51         .uinfo = {
52                 .aead = {
53                         .icv_truncbits = 96,
54                 }
55         },
56
57         .desc = {
58                 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
59                 .sadb_alg_ivlen = 8,
60                 .sadb_alg_minbits = 128,
61                 .sadb_alg_maxbits = 256
62         }
63 },
64 {
65         .name = "rfc4106(gcm(aes))",
66
67         .uinfo = {
68                 .aead = {
69                         .icv_truncbits = 128,
70                 }
71         },
72
73         .desc = {
74                 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
75                 .sadb_alg_ivlen = 8,
76                 .sadb_alg_minbits = 128,
77                 .sadb_alg_maxbits = 256
78         }
79 },
80 {
81         .name = "rfc4309(ccm(aes))",
82
83         .uinfo = {
84                 .aead = {
85                         .icv_truncbits = 64,
86                 }
87         },
88
89         .desc = {
90                 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
91                 .sadb_alg_ivlen = 8,
92                 .sadb_alg_minbits = 128,
93                 .sadb_alg_maxbits = 256
94         }
95 },
96 {
97         .name = "rfc4309(ccm(aes))",
98
99         .uinfo = {
100                 .aead = {
101                         .icv_truncbits = 96,
102                 }
103         },
104
105         .desc = {
106                 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
107                 .sadb_alg_ivlen = 8,
108                 .sadb_alg_minbits = 128,
109                 .sadb_alg_maxbits = 256
110         }
111 },
112 {
113         .name = "rfc4309(ccm(aes))",
114
115         .uinfo = {
116                 .aead = {
117                         .icv_truncbits = 128,
118                 }
119         },
120
121         .desc = {
122                 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
123                 .sadb_alg_ivlen = 8,
124                 .sadb_alg_minbits = 128,
125                 .sadb_alg_maxbits = 256
126         }
127 },
128 {
129         .name = "rfc4543(gcm(aes))",
130
131         .uinfo = {
132                 .aead = {
133                         .icv_truncbits = 128,
134                 }
135         },
136
137         .desc = {
138                 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
139                 .sadb_alg_ivlen = 8,
140                 .sadb_alg_minbits = 128,
141                 .sadb_alg_maxbits = 256
142         }
143 },
144 };
145
146 static struct xfrm_algo_desc aalg_list[] = {
147 {
148         .name = "digest_null",
149
150         .uinfo = {
151                 .auth = {
152                         .icv_truncbits = 0,
153                         .icv_fullbits = 0,
154                 }
155         },
156
157         .desc = {
158                 .sadb_alg_id = SADB_X_AALG_NULL,
159                 .sadb_alg_ivlen = 0,
160                 .sadb_alg_minbits = 0,
161                 .sadb_alg_maxbits = 0
162         }
163 },
164 {
165         .name = "hmac(md5)",
166         .compat = "md5",
167
168         .uinfo = {
169                 .auth = {
170                         .icv_truncbits = 96,
171                         .icv_fullbits = 128,
172                 }
173         },
174
175         .desc = {
176                 .sadb_alg_id = SADB_AALG_MD5HMAC,
177                 .sadb_alg_ivlen = 0,
178                 .sadb_alg_minbits = 128,
179                 .sadb_alg_maxbits = 128
180         }
181 },
182 {
183         .name = "hmac(sha1)",
184         .compat = "sha1",
185
186         .uinfo = {
187                 .auth = {
188                         .icv_truncbits = 96,
189                         .icv_fullbits = 160,
190                 }
191         },
192
193         .desc = {
194                 .sadb_alg_id = SADB_AALG_SHA1HMAC,
195                 .sadb_alg_ivlen = 0,
196                 .sadb_alg_minbits = 160,
197                 .sadb_alg_maxbits = 160
198         }
199 },
200 {
201         .name = "hmac(sha256)",
202         .compat = "sha256",
203
204         .uinfo = {
205                 .auth = {
206                         .icv_truncbits = 96,
207                         .icv_fullbits = 256,
208                 }
209         },
210
211         .desc = {
212                 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
213                 .sadb_alg_ivlen = 0,
214                 .sadb_alg_minbits = 256,
215                 .sadb_alg_maxbits = 256
216         }
217 },
218 {
219         .name = "hmac(sha384)",
220
221         .uinfo = {
222                 .auth = {
223                         .icv_truncbits = 192,
224                         .icv_fullbits = 384,
225                 }
226         },
227
228         .desc = {
229                 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
230                 .sadb_alg_ivlen = 0,
231                 .sadb_alg_minbits = 384,
232                 .sadb_alg_maxbits = 384
233         }
234 },
235 {
236         .name = "hmac(sha512)",
237
238         .uinfo = {
239                 .auth = {
240                         .icv_truncbits = 256,
241                         .icv_fullbits = 512,
242                 }
243         },
244
245         .desc = {
246                 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
247                 .sadb_alg_ivlen = 0,
248                 .sadb_alg_minbits = 512,
249                 .sadb_alg_maxbits = 512
250         }
251 },
252 {
253         .name = "hmac(rmd160)",
254         .compat = "rmd160",
255
256         .uinfo = {
257                 .auth = {
258                         .icv_truncbits = 96,
259                         .icv_fullbits = 160,
260                 }
261         },
262
263         .desc = {
264                 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
265                 .sadb_alg_ivlen = 0,
266                 .sadb_alg_minbits = 160,
267                 .sadb_alg_maxbits = 160
268         }
269 },
270 {
271         .name = "xcbc(aes)",
272
273         .uinfo = {
274                 .auth = {
275                         .icv_truncbits = 96,
276                         .icv_fullbits = 128,
277                 }
278         },
279
280         .desc = {
281                 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
282                 .sadb_alg_ivlen = 0,
283                 .sadb_alg_minbits = 128,
284                 .sadb_alg_maxbits = 128
285         }
286 },
287 };
288
289 static struct xfrm_algo_desc ealg_list[] = {
290 {
291         .name = "ecb(cipher_null)",
292         .compat = "cipher_null",
293
294         .uinfo = {
295                 .encr = {
296                         .blockbits = 8,
297                         .defkeybits = 0,
298                 }
299         },
300
301         .desc = {
302                 .sadb_alg_id =  SADB_EALG_NULL,
303                 .sadb_alg_ivlen = 0,
304                 .sadb_alg_minbits = 0,
305                 .sadb_alg_maxbits = 0
306         }
307 },
308 {
309         .name = "cbc(des)",
310         .compat = "des",
311
312         .uinfo = {
313                 .encr = {
314                         .blockbits = 64,
315                         .defkeybits = 64,
316                 }
317         },
318
319         .desc = {
320                 .sadb_alg_id = SADB_EALG_DESCBC,
321                 .sadb_alg_ivlen = 8,
322                 .sadb_alg_minbits = 64,
323                 .sadb_alg_maxbits = 64
324         }
325 },
326 {
327         .name = "cbc(des3_ede)",
328         .compat = "des3_ede",
329
330         .uinfo = {
331                 .encr = {
332                         .blockbits = 64,
333                         .defkeybits = 192,
334                 }
335         },
336
337         .desc = {
338                 .sadb_alg_id = SADB_EALG_3DESCBC,
339                 .sadb_alg_ivlen = 8,
340                 .sadb_alg_minbits = 192,
341                 .sadb_alg_maxbits = 192
342         }
343 },
344 {
345         .name = "cbc(cast5)",
346         .compat = "cast5",
347
348         .uinfo = {
349                 .encr = {
350                         .blockbits = 64,
351                         .defkeybits = 128,
352                 }
353         },
354
355         .desc = {
356                 .sadb_alg_id = SADB_X_EALG_CASTCBC,
357                 .sadb_alg_ivlen = 8,
358                 .sadb_alg_minbits = 40,
359                 .sadb_alg_maxbits = 128
360         }
361 },
362 {
363         .name = "cbc(blowfish)",
364         .compat = "blowfish",
365
366         .uinfo = {
367                 .encr = {
368                         .blockbits = 64,
369                         .defkeybits = 128,
370                 }
371         },
372
373         .desc = {
374                 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
375                 .sadb_alg_ivlen = 8,
376                 .sadb_alg_minbits = 40,
377                 .sadb_alg_maxbits = 448
378         }
379 },
380 {
381         .name = "cbc(aes)",
382         .compat = "aes",
383
384         .uinfo = {
385                 .encr = {
386                         .blockbits = 128,
387                         .defkeybits = 128,
388                 }
389         },
390
391         .desc = {
392                 .sadb_alg_id = SADB_X_EALG_AESCBC,
393                 .sadb_alg_ivlen = 8,
394                 .sadb_alg_minbits = 128,
395                 .sadb_alg_maxbits = 256
396         }
397 },
398 {
399         .name = "cbc(serpent)",
400         .compat = "serpent",
401
402         .uinfo = {
403                 .encr = {
404                         .blockbits = 128,
405                         .defkeybits = 128,
406                 }
407         },
408
409         .desc = {
410                 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
411                 .sadb_alg_ivlen = 8,
412                 .sadb_alg_minbits = 128,
413                 .sadb_alg_maxbits = 256,
414         }
415 },
416 {
417         .name = "cbc(camellia)",
418         .compat = "camellia",
419
420         .uinfo = {
421                 .encr = {
422                         .blockbits = 128,
423                         .defkeybits = 128,
424                 }
425         },
426
427         .desc = {
428                 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
429                 .sadb_alg_ivlen = 8,
430                 .sadb_alg_minbits = 128,
431                 .sadb_alg_maxbits = 256
432         }
433 },
434 {
435         .name = "cbc(twofish)",
436         .compat = "twofish",
437
438         .uinfo = {
439                 .encr = {
440                         .blockbits = 128,
441                         .defkeybits = 128,
442                 }
443         },
444
445         .desc = {
446                 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
447                 .sadb_alg_ivlen = 8,
448                 .sadb_alg_minbits = 128,
449                 .sadb_alg_maxbits = 256
450         }
451 },
452 {
453         .name = "rfc3686(ctr(aes))",
454
455         .uinfo = {
456                 .encr = {
457                         .blockbits = 128,
458                         .defkeybits = 160, /* 128-bit key + 32-bit nonce */
459                 }
460         },
461
462         .desc = {
463                 .sadb_alg_id = SADB_X_EALG_AESCTR,
464                 .sadb_alg_ivlen = 8,
465                 .sadb_alg_minbits = 128,
466                 .sadb_alg_maxbits = 256
467         }
468 },
469 };
470
471 static struct xfrm_algo_desc calg_list[] = {
472 {
473         .name = "deflate",
474         .uinfo = {
475                 .comp = {
476                         .threshold = 90,
477                 }
478         },
479         .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
480 },
481 {
482         .name = "lzs",
483         .uinfo = {
484                 .comp = {
485                         .threshold = 90,
486                 }
487         },
488         .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
489 },
490 {
491         .name = "lzjh",
492         .uinfo = {
493                 .comp = {
494                         .threshold = 50,
495                 }
496         },
497         .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
498 },
499 };
500
501 static inline int aead_entries(void)
502 {
503         return ARRAY_SIZE(aead_list);
504 }
505
506 static inline int aalg_entries(void)
507 {
508         return ARRAY_SIZE(aalg_list);
509 }
510
511 static inline int ealg_entries(void)
512 {
513         return ARRAY_SIZE(ealg_list);
514 }
515
516 static inline int calg_entries(void)
517 {
518         return ARRAY_SIZE(calg_list);
519 }
520
521 struct xfrm_algo_list {
522         struct xfrm_algo_desc *algs;
523         int entries;
524         u32 type;
525         u32 mask;
526 };
527
528 static const struct xfrm_algo_list xfrm_aead_list = {
529         .algs = aead_list,
530         .entries = ARRAY_SIZE(aead_list),
531         .type = CRYPTO_ALG_TYPE_AEAD,
532         .mask = CRYPTO_ALG_TYPE_MASK,
533 };
534
535 static const struct xfrm_algo_list xfrm_aalg_list = {
536         .algs = aalg_list,
537         .entries = ARRAY_SIZE(aalg_list),
538         .type = CRYPTO_ALG_TYPE_HASH,
539         .mask = CRYPTO_ALG_TYPE_HASH_MASK,
540 };
541
542 static const struct xfrm_algo_list xfrm_ealg_list = {
543         .algs = ealg_list,
544         .entries = ARRAY_SIZE(ealg_list),
545         .type = CRYPTO_ALG_TYPE_BLKCIPHER,
546         .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
547 };
548
549 static const struct xfrm_algo_list xfrm_calg_list = {
550         .algs = calg_list,
551         .entries = ARRAY_SIZE(calg_list),
552         .type = CRYPTO_ALG_TYPE_COMPRESS,
553         .mask = CRYPTO_ALG_TYPE_MASK,
554 };
555
556 static struct xfrm_algo_desc *xfrm_find_algo(
557         const struct xfrm_algo_list *algo_list,
558         int match(const struct xfrm_algo_desc *entry, const void *data),
559         const void *data, int probe)
560 {
561         struct xfrm_algo_desc *list = algo_list->algs;
562         int i, status;
563
564         for (i = 0; i < algo_list->entries; i++) {
565                 if (!match(list + i, data))
566                         continue;
567
568                 if (list[i].available)
569                         return &list[i];
570
571                 if (!probe)
572                         break;
573
574                 status = crypto_has_alg(list[i].name, algo_list->type,
575                                         algo_list->mask);
576                 if (!status)
577                         break;
578
579                 list[i].available = status;
580                 return &list[i];
581         }
582         return NULL;
583 }
584
585 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
586                              const void *data)
587 {
588         return entry->desc.sadb_alg_id == (unsigned long)data;
589 }
590
591 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
592 {
593         return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
594                               (void *)(unsigned long)alg_id, 1);
595 }
596 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
597
598 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
599 {
600         return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
601                               (void *)(unsigned long)alg_id, 1);
602 }
603 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
604
605 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
606 {
607         return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
608                               (void *)(unsigned long)alg_id, 1);
609 }
610 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
611
612 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
613                                const void *data)
614 {
615         const char *name = data;
616
617         return name && (!strcmp(name, entry->name) ||
618                         (entry->compat && !strcmp(name, entry->compat)));
619 }
620
621 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
622 {
623         return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
624                               probe);
625 }
626 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
627
628 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
629 {
630         return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
631                               probe);
632 }
633 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
634
635 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
636 {
637         return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
638                               probe);
639 }
640 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
641
642 struct xfrm_aead_name {
643         const char *name;
644         int icvbits;
645 };
646
647 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
648                                 const void *data)
649 {
650         const struct xfrm_aead_name *aead = data;
651         const char *name = aead->name;
652
653         return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
654                !strcmp(name, entry->name);
655 }
656
657 struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, int probe)
658 {
659         struct xfrm_aead_name data = {
660                 .name = name,
661                 .icvbits = icv_len,
662         };
663
664         return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
665                               probe);
666 }
667 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
668
669 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
670 {
671         if (idx >= aalg_entries())
672                 return NULL;
673
674         return &aalg_list[idx];
675 }
676 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
677
678 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
679 {
680         if (idx >= ealg_entries())
681                 return NULL;
682
683         return &ealg_list[idx];
684 }
685 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
686
687 /*
688  * Probe for the availability of crypto algorithms, and set the available
689  * flag for any algorithms found on the system.  This is typically called by
690  * pfkey during userspace SA add, update or register.
691  */
692 void xfrm_probe_algs(void)
693 {
694         int i, status;
695
696         BUG_ON(in_softirq());
697
698         for (i = 0; i < aalg_entries(); i++) {
699                 status = crypto_has_hash(aalg_list[i].name, 0,
700                                          CRYPTO_ALG_ASYNC);
701                 if (aalg_list[i].available != status)
702                         aalg_list[i].available = status;
703         }
704
705         for (i = 0; i < ealg_entries(); i++) {
706                 status = crypto_has_blkcipher(ealg_list[i].name, 0,
707                                               CRYPTO_ALG_ASYNC);
708                 if (ealg_list[i].available != status)
709                         ealg_list[i].available = status;
710         }
711
712         for (i = 0; i < calg_entries(); i++) {
713                 status = crypto_has_comp(calg_list[i].name, 0,
714                                          CRYPTO_ALG_ASYNC);
715                 if (calg_list[i].available != status)
716                         calg_list[i].available = status;
717         }
718 }
719 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
720
721 int xfrm_count_auth_supported(void)
722 {
723         int i, n;
724
725         for (i = 0, n = 0; i < aalg_entries(); i++)
726                 if (aalg_list[i].available)
727                         n++;
728         return n;
729 }
730 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
731
732 int xfrm_count_enc_supported(void)
733 {
734         int i, n;
735
736         for (i = 0, n = 0; i < ealg_entries(); i++)
737                 if (ealg_list[i].available)
738                         n++;
739         return n;
740 }
741 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
742
743 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
744
745 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
746 {
747         if (tail != skb) {
748                 skb->data_len += len;
749                 skb->len += len;
750         }
751         return skb_put(tail, len);
752 }
753 EXPORT_SYMBOL_GPL(pskb_put);
754 #endif