xfrm: fix __xfrm_route_forward()
[linux-2.6.git] / net / xfrm / xfrm_algo.c
index b5c5347..58064d9 100644 (file)
  * that instantiated crypto transforms have correct parameters for IPsec
  * purposes.
  */
+static struct xfrm_algo_desc aead_list[] = {
+{
+       .name = "rfc4106(gcm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 64,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4106(gcm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 96,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4106(gcm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 128,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4309(ccm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 64,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4309(ccm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 96,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4309(ccm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 128,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+{
+       .name = "rfc4543(gcm(aes))",
+
+       .uinfo = {
+               .aead = {
+                       .icv_truncbits = 128,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
+};
+
 static struct xfrm_algo_desc aalg_list[] = {
 {
-       .name = "hmac(digest_null)",
-       .compat = "digest_null",
+       .name = "digest_null",
 
        .uinfo = {
                .auth = {
@@ -102,8 +216,42 @@ static struct xfrm_algo_desc aalg_list[] = {
        }
 },
 {
-       .name = "hmac(ripemd160)",
-       .compat = "ripemd160",
+       .name = "hmac(sha384)",
+
+       .uinfo = {
+               .auth = {
+                       .icv_truncbits = 192,
+                       .icv_fullbits = 384,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
+               .sadb_alg_ivlen = 0,
+               .sadb_alg_minbits = 384,
+               .sadb_alg_maxbits = 384
+       }
+},
+{
+       .name = "hmac(sha512)",
+
+       .uinfo = {
+               .auth = {
+                       .icv_truncbits = 256,
+                       .icv_fullbits = 512,
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
+               .sadb_alg_ivlen = 0,
+               .sadb_alg_minbits = 512,
+               .sadb_alg_maxbits = 512
+       }
+},
+{
+       .name = "hmac(rmd160)",
+       .compat = "rmd160",
 
        .uinfo = {
                .auth = {
@@ -194,8 +342,8 @@ static struct xfrm_algo_desc ealg_list[] = {
        }
 },
 {
-       .name = "cbc(cast128)",
-       .compat = "cast128",
+       .name = "cbc(cast5)",
+       .compat = "cast5",
 
        .uinfo = {
                .encr = {
@@ -267,6 +415,7 @@ static struct xfrm_algo_desc ealg_list[] = {
 },
 {
        .name = "cbc(camellia)",
+       .compat = "camellia",
 
        .uinfo = {
                .encr = {
@@ -300,6 +449,23 @@ static struct xfrm_algo_desc ealg_list[] = {
                .sadb_alg_maxbits = 256
        }
 },
+{
+       .name = "rfc3686(ctr(aes))",
+
+       .uinfo = {
+               .encr = {
+                       .blockbits = 128,
+                       .defkeybits = 160, /* 128-bit key + 32-bit nonce */
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AESCTR,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
 };
 
 static struct xfrm_algo_desc calg_list[] = {
@@ -332,6 +498,11 @@ static struct xfrm_algo_desc calg_list[] = {
 },
 };
 
+static inline int aead_entries(void)
+{
+       return ARRAY_SIZE(aead_list);
+}
+
 static inline int aalg_entries(void)
 {
        return ARRAY_SIZE(aalg_list);
@@ -354,25 +525,32 @@ struct xfrm_algo_list {
        u32 mask;
 };
 
+static const struct xfrm_algo_list xfrm_aead_list = {
+       .algs = aead_list,
+       .entries = ARRAY_SIZE(aead_list),
+       .type = CRYPTO_ALG_TYPE_AEAD,
+       .mask = CRYPTO_ALG_TYPE_MASK,
+};
+
 static const struct xfrm_algo_list xfrm_aalg_list = {
        .algs = aalg_list,
        .entries = ARRAY_SIZE(aalg_list),
        .type = CRYPTO_ALG_TYPE_HASH,
-       .mask = CRYPTO_ALG_TYPE_HASH_MASK | CRYPTO_ALG_ASYNC,
+       .mask = CRYPTO_ALG_TYPE_HASH_MASK,
 };
 
 static const struct xfrm_algo_list xfrm_ealg_list = {
        .algs = ealg_list,
        .entries = ARRAY_SIZE(ealg_list),
        .type = CRYPTO_ALG_TYPE_BLKCIPHER,
-       .mask = CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC,
+       .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
 };
 
 static const struct xfrm_algo_list xfrm_calg_list = {
        .algs = calg_list,
        .entries = ARRAY_SIZE(calg_list),
        .type = CRYPTO_ALG_TYPE_COMPRESS,
-       .mask = CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC,
+       .mask = CRYPTO_ALG_TYPE_MASK,
 };
 
 static struct xfrm_algo_desc *xfrm_find_algo(
@@ -440,27 +618,54 @@ static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
                        (entry->compat && !strcmp(name, entry->compat)));
 }
 
-struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
+struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
 {
        return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
                              probe);
 }
 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
 
-struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
+struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
 {
        return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
                              probe);
 }
 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
 
-struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
+struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
 {
        return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
                              probe);
 }
 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
 
+struct xfrm_aead_name {
+       const char *name;
+       int icvbits;
+};
+
+static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
+                               const void *data)
+{
+       const struct xfrm_aead_name *aead = data;
+       const char *name = aead->name;
+
+       return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
+              !strcmp(name, entry->name);
+}
+
+struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
+{
+       struct xfrm_aead_name data = {
+               .name = name,
+               .icvbits = icv_len,
+       };
+
+       return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
+                             probe);
+}
+EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
+
 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
 {
        if (idx >= aalg_entries())
@@ -535,87 +740,6 @@ int xfrm_count_enc_supported(void)
 }
 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
 
-/* Move to common area: it is shared with AH. */
-
-int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
-                int offset, int len, icv_update_fn_t icv_update)
-{
-       int start = skb_headlen(skb);
-       int i, copy = start - offset;
-       int err;
-       struct scatterlist sg;
-
-       /* Checksum header. */
-       if (copy > 0) {
-               if (copy > len)
-                       copy = len;
-
-               sg_init_one(&sg, skb->data + offset, copy);
-
-               err = icv_update(desc, &sg, copy);
-               if (unlikely(err))
-                       return err;
-
-               if ((len -= copy) == 0)
-                       return 0;
-               offset += copy;
-       }
-
-       for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
-               int end;
-
-               BUG_TRAP(start <= offset + len);
-
-               end = start + skb_shinfo(skb)->frags[i].size;
-               if ((copy = end - offset) > 0) {
-                       skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
-
-                       if (copy > len)
-                               copy = len;
-
-                       sg_init_table(&sg, 1);
-                       sg_set_page(&sg, frag->page, copy,
-                                   frag->page_offset + offset-start);
-
-                       err = icv_update(desc, &sg, copy);
-                       if (unlikely(err))
-                               return err;
-
-                       if (!(len -= copy))
-                               return 0;
-                       offset += copy;
-               }
-               start = end;
-       }
-
-       if (skb_shinfo(skb)->frag_list) {
-               struct sk_buff *list = skb_shinfo(skb)->frag_list;
-
-               for (; list; list = list->next) {
-                       int end;
-
-                       BUG_TRAP(start <= offset + len);
-
-                       end = start + list->len;
-                       if ((copy = end - offset) > 0) {
-                               if (copy > len)
-                                       copy = len;
-                               err = skb_icv_walk(list, desc, offset-start,
-                                                  copy, icv_update);
-                               if (unlikely(err))
-                                       return err;
-                               if ((len -= copy) == 0)
-                                       return 0;
-                               offset += copy;
-                       }
-                       start = end;
-               }
-       }
-       BUG_ON(len);
-       return 0;
-}
-EXPORT_SYMBOL_GPL(skb_icv_walk);
-
 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
 
 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)