2 * xfrm algorithm interface
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
12 #include <linux/config.h>
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/pfkeyv2.h>
16 #include <linux/crypto.h>
18 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
21 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
24 #include <asm/scatterlist.h>
27 * Algorithms supported by IPsec. These entries contain properties which
28 * are used in key negotiation and xfrm processing, and are used to verify
29 * that instantiated crypto transforms have correct parameters for IPsec
32 static struct xfrm_algo_desc aalg_list[] = {
34 .name = "digest_null",
44 .sadb_alg_id = SADB_X_AALG_NULL,
46 .sadb_alg_minbits = 0,
61 .sadb_alg_id = SADB_AALG_MD5HMAC,
63 .sadb_alg_minbits = 128,
64 .sadb_alg_maxbits = 128
78 .sadb_alg_id = SADB_AALG_SHA1HMAC,
80 .sadb_alg_minbits = 160,
81 .sadb_alg_maxbits = 160
95 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
97 .sadb_alg_minbits = 256,
98 .sadb_alg_maxbits = 256
112 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
114 .sadb_alg_minbits = 160,
115 .sadb_alg_maxbits = 160
120 static struct xfrm_algo_desc ealg_list[] = {
122 .name = "cipher_null",
132 .sadb_alg_id = SADB_EALG_NULL,
134 .sadb_alg_minbits = 0,
135 .sadb_alg_maxbits = 0
149 .sadb_alg_id = SADB_EALG_DESCBC,
151 .sadb_alg_minbits = 64,
152 .sadb_alg_maxbits = 64
166 .sadb_alg_id = SADB_EALG_3DESCBC,
168 .sadb_alg_minbits = 192,
169 .sadb_alg_maxbits = 192
183 .sadb_alg_id = SADB_X_EALG_CASTCBC,
185 .sadb_alg_minbits = 40,
186 .sadb_alg_maxbits = 128
200 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
202 .sadb_alg_minbits = 40,
203 .sadb_alg_maxbits = 448
217 .sadb_alg_id = SADB_X_EALG_AESCBC,
219 .sadb_alg_minbits = 128,
220 .sadb_alg_maxbits = 256
234 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
236 .sadb_alg_minbits = 128,
237 .sadb_alg_maxbits = 256,
251 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
253 .sadb_alg_minbits = 128,
254 .sadb_alg_maxbits = 256
259 static struct xfrm_algo_desc calg_list[] = {
267 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
276 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
285 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
289 static inline int aalg_entries(void)
291 return ARRAY_SIZE(aalg_list);
294 static inline int ealg_entries(void)
296 return ARRAY_SIZE(ealg_list);
299 static inline int calg_entries(void)
301 return ARRAY_SIZE(calg_list);
304 /* Todo: generic iterators */
305 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
309 for (i = 0; i < aalg_entries(); i++) {
310 if (aalg_list[i].desc.sadb_alg_id == alg_id) {
311 if (aalg_list[i].available)
312 return &aalg_list[i];
319 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
321 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
325 for (i = 0; i < ealg_entries(); i++) {
326 if (ealg_list[i].desc.sadb_alg_id == alg_id) {
327 if (ealg_list[i].available)
328 return &ealg_list[i];
335 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
337 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
341 for (i = 0; i < calg_entries(); i++) {
342 if (calg_list[i].desc.sadb_alg_id == alg_id) {
343 if (calg_list[i].available)
344 return &calg_list[i];
351 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
353 static struct xfrm_algo_desc *xfrm_get_byname(struct xfrm_algo_desc *list,
354 int entries, char *name,
362 for (i = 0; i < entries; i++) {
363 if (strcmp(name, list[i].name))
366 if (list[i].available)
372 status = crypto_alg_available(name, 0);
376 list[i].available = status;
382 struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
384 return xfrm_get_byname(aalg_list, aalg_entries(), name, probe);
386 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
388 struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
390 return xfrm_get_byname(ealg_list, ealg_entries(), name, probe);
392 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
394 struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
396 return xfrm_get_byname(calg_list, calg_entries(), name, probe);
398 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
400 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
402 if (idx >= aalg_entries())
405 return &aalg_list[idx];
407 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
409 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
411 if (idx >= ealg_entries())
414 return &ealg_list[idx];
416 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
419 * Probe for the availability of crypto algorithms, and set the available
420 * flag for any algorithms found on the system. This is typically called by
421 * pfkey during userspace SA add, update or register.
423 void xfrm_probe_algs(void)
428 BUG_ON(in_softirq());
430 for (i = 0; i < aalg_entries(); i++) {
431 status = crypto_alg_available(aalg_list[i].name, 0);
432 if (aalg_list[i].available != status)
433 aalg_list[i].available = status;
436 for (i = 0; i < ealg_entries(); i++) {
437 status = crypto_alg_available(ealg_list[i].name, 0);
438 if (ealg_list[i].available != status)
439 ealg_list[i].available = status;
442 for (i = 0; i < calg_entries(); i++) {
443 status = crypto_alg_available(calg_list[i].name, 0);
444 if (calg_list[i].available != status)
445 calg_list[i].available = status;
449 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
451 int xfrm_count_auth_supported(void)
455 for (i = 0, n = 0; i < aalg_entries(); i++)
456 if (aalg_list[i].available)
460 EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
462 int xfrm_count_enc_supported(void)
466 for (i = 0, n = 0; i < ealg_entries(); i++)
467 if (ealg_list[i].available)
471 EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
473 /* Move to common area: it is shared with AH. */
475 void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
476 int offset, int len, icv_update_fn_t icv_update)
478 int start = skb_headlen(skb);
479 int i, copy = start - offset;
480 struct scatterlist sg;
482 /* Checksum header. */
487 sg.page = virt_to_page(skb->data + offset);
488 sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
491 icv_update(tfm, &sg, 1);
493 if ((len -= copy) == 0)
498 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
501 BUG_TRAP(start <= offset + len);
503 end = start + skb_shinfo(skb)->frags[i].size;
504 if ((copy = end - offset) > 0) {
505 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
510 sg.page = frag->page;
511 sg.offset = frag->page_offset + offset-start;
514 icv_update(tfm, &sg, 1);
523 if (skb_shinfo(skb)->frag_list) {
524 struct sk_buff *list = skb_shinfo(skb)->frag_list;
526 for (; list; list = list->next) {
529 BUG_TRAP(start <= offset + len);
531 end = start + list->len;
532 if ((copy = end - offset) > 0) {
535 skb_icv_walk(list, tfm, offset-start, copy, icv_update);
536 if ((len -= copy) == 0)
546 EXPORT_SYMBOL_GPL(skb_icv_walk);
548 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
550 /* Looking generic it is not used in another places. */
553 skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
555 int start = skb_headlen(skb);
556 int i, copy = start - offset;
562 sg[elt].page = virt_to_page(skb->data + offset);
563 sg[elt].offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
564 sg[elt].length = copy;
566 if ((len -= copy) == 0)
571 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
574 BUG_TRAP(start <= offset + len);
576 end = start + skb_shinfo(skb)->frags[i].size;
577 if ((copy = end - offset) > 0) {
578 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
582 sg[elt].page = frag->page;
583 sg[elt].offset = frag->page_offset+offset-start;
584 sg[elt].length = copy;
593 if (skb_shinfo(skb)->frag_list) {
594 struct sk_buff *list = skb_shinfo(skb)->frag_list;
596 for (; list; list = list->next) {
599 BUG_TRAP(start <= offset + len);
601 end = start + list->len;
602 if ((copy = end - offset) > 0) {
605 elt += skb_to_sgvec(list, sg+elt, offset - start, copy);
606 if ((len -= copy) == 0)
617 EXPORT_SYMBOL_GPL(skb_to_sgvec);
619 /* Check that skb data bits are writable. If they are not, copy data
620 * to newly created private area. If "tailbits" is given, make sure that
621 * tailbits bytes beyond current end of skb are writable.
623 * Returns amount of elements of scatterlist to load for subsequent
624 * transformations and pointer to writable trailer skb.
627 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
631 struct sk_buff *skb1, **skb_p;
633 /* If skb is cloned or its head is paged, reallocate
634 * head pulling out all the pages (pages are considered not writable
635 * at the moment even if they are anonymous).
637 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
638 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
641 /* Easy case. Most of packets will go this way. */
642 if (!skb_shinfo(skb)->frag_list) {
643 /* A little of trouble, not enough of space for trailer.
644 * This should not happen, when stack is tuned to generate
645 * good frames. OK, on miss we reallocate and reserve even more
646 * space, 128 bytes is fair. */
648 if (skb_tailroom(skb) < tailbits &&
649 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
657 /* Misery. We are in troubles, going to mincer fragments... */
660 skb_p = &skb_shinfo(skb)->frag_list;
663 while ((skb1 = *skb_p) != NULL) {
666 /* The fragment is partially pulled by someone,
667 * this can happen on input. Copy it and everything
670 if (skb_shared(skb1))
673 /* If the skb is the last, worry about trailer. */
675 if (skb1->next == NULL && tailbits) {
676 if (skb_shinfo(skb1)->nr_frags ||
677 skb_shinfo(skb1)->frag_list ||
678 skb_tailroom(skb1) < tailbits)
679 ntail = tailbits + 128;
685 skb_shinfo(skb1)->nr_frags ||
686 skb_shinfo(skb1)->frag_list) {
687 struct sk_buff *skb2;
689 /* Fuck, we are miserable poor guys... */
691 skb2 = skb_copy(skb1, GFP_ATOMIC);
693 skb2 = skb_copy_expand(skb1,
697 if (unlikely(skb2 == NULL))
701 skb_set_owner_w(skb2, skb1->sk);
703 /* Looking around. Are we still alive?
704 * OK, link new skb, drop old one */
706 skb2->next = skb1->next;
718 EXPORT_SYMBOL_GPL(skb_cow_data);
720 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
723 skb->data_len += len;
726 return skb_put(tail, len);
728 EXPORT_SYMBOL_GPL(pskb_put);
Code Review / linux-3.10.git / blob