2 * Copyright (C)2002 USAGI/WIDE Project
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Mitsuru KANDA @USAGI : IPv6 Support
21 * Kazunori MIYAZAWA @USAGI :
22 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
24 * This file is derived from net/ipv4/esp.c
27 #include <linux/err.h>
28 #include <linux/module.h>
32 #include <asm/scatterlist.h>
33 #include <linux/crypto.h>
34 #include <linux/kernel.h>
35 #include <linux/pfkeyv2.h>
36 #include <linux/random.h>
39 #include <net/protocol.h>
40 #include <linux/icmpv6.h>
42 static int esp6_output(struct xfrm_state
*x
, struct sk_buff
*skb
)
45 struct ipv6hdr
*top_iph
;
46 struct ipv6_esp_hdr
*esph
;
47 struct crypto_blkcipher
*tfm
;
48 struct blkcipher_desc desc
;
49 struct sk_buff
*trailer
;
54 struct esp_data
*esp
= x
->data
;
55 int hdr_len
= (skb_transport_offset(skb
) +
56 sizeof(*esph
) + esp
->conf
.ivlen
);
58 /* Strip IP+ESP header. */
59 __skb_pull(skb
, hdr_len
);
61 /* Now skb is pure payload to encrypt */
64 /* Round to block size */
67 alen
= esp
->auth
.icv_trunc_len
;
71 blksize
= ALIGN(crypto_blkcipher_blocksize(tfm
), 4);
72 clen
= ALIGN(clen
+ 2, blksize
);
74 clen
= ALIGN(clen
, esp
->conf
.padlen
);
76 if ((nfrags
= skb_cow_data(skb
, clen
-skb
->len
+alen
, &trailer
)) < 0) {
83 for (i
=0; i
<clen
-skb
->len
- 2; i
++)
84 *(u8
*)(trailer
->tail
+ i
) = i
+1;
86 *(u8
*)(trailer
->tail
+ clen
-skb
->len
- 2) = (clen
- skb
->len
)-2;
87 pskb_put(skb
, trailer
, clen
- skb
->len
);
89 top_iph
= (struct ipv6hdr
*)__skb_push(skb
, hdr_len
);
90 esph
= (struct ipv6_esp_hdr
*)skb_transport_header(skb
);
91 top_iph
->payload_len
= htons(skb
->len
+ alen
- sizeof(*top_iph
));
92 *(u8
*)(trailer
->tail
- 1) = *skb_network_header(skb
);
93 *skb_network_header(skb
) = IPPROTO_ESP
;
95 esph
->spi
= x
->id
.spi
;
96 esph
->seq_no
= htonl(++x
->replay
.oseq
);
97 xfrm_aevent_doreplay(x
);
99 if (esp
->conf
.ivlen
) {
100 if (unlikely(!esp
->conf
.ivinitted
)) {
101 get_random_bytes(esp
->conf
.ivec
, esp
->conf
.ivlen
);
102 esp
->conf
.ivinitted
= 1;
104 crypto_blkcipher_set_iv(tfm
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
108 struct scatterlist
*sg
= &esp
->sgbuf
[0];
110 if (unlikely(nfrags
> ESP_NUM_FAST_SG
)) {
111 sg
= kmalloc(sizeof(struct scatterlist
)*nfrags
, GFP_ATOMIC
);
115 skb_to_sgvec(skb
, sg
, esph
->enc_data
+esp
->conf
.ivlen
-skb
->data
, clen
);
116 err
= crypto_blkcipher_encrypt(&desc
, sg
, sg
, clen
);
117 if (unlikely(sg
!= &esp
->sgbuf
[0]))
124 if (esp
->conf
.ivlen
) {
125 memcpy(esph
->enc_data
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
126 crypto_blkcipher_get_iv(tfm
, esp
->conf
.ivec
, esp
->conf
.ivlen
);
129 if (esp
->auth
.icv_full_len
) {
130 err
= esp_mac_digest(esp
, skb
, (u8
*)esph
- skb
->data
,
131 sizeof(*esph
) + esp
->conf
.ivlen
+ clen
);
132 memcpy(pskb_put(skb
, trailer
, alen
), esp
->auth
.work_icv
, alen
);
139 static int esp6_input(struct xfrm_state
*x
, struct sk_buff
*skb
)
142 struct ipv6_esp_hdr
*esph
;
143 struct esp_data
*esp
= x
->data
;
144 struct crypto_blkcipher
*tfm
= esp
->conf
.tfm
;
145 struct blkcipher_desc desc
= { .tfm
= tfm
};
146 struct sk_buff
*trailer
;
147 int blksize
= ALIGN(crypto_blkcipher_blocksize(tfm
), 4);
148 int alen
= esp
->auth
.icv_trunc_len
;
149 int elen
= skb
->len
- sizeof(struct ipv6_esp_hdr
) - esp
->conf
.ivlen
- alen
;
150 int hdr_len
= skb_network_header_len(skb
);
154 if (!pskb_may_pull(skb
, sizeof(struct ipv6_esp_hdr
))) {
159 if (elen
<= 0 || (elen
& (blksize
-1))) {
164 /* If integrity check is required, do this. */
165 if (esp
->auth
.icv_full_len
) {
168 ret
= esp_mac_digest(esp
, skb
, 0, skb
->len
- alen
);
172 if (skb_copy_bits(skb
, skb
->len
- alen
, sum
, alen
))
175 if (unlikely(memcmp(esp
->auth
.work_icv
, sum
, alen
))) {
176 x
->stats
.integrity_failed
++;
182 if ((nfrags
= skb_cow_data(skb
, 0, &trailer
)) < 0) {
187 skb
->ip_summed
= CHECKSUM_NONE
;
189 esph
= (struct ipv6_esp_hdr
*)skb
->data
;
192 /* Get ivec. This can be wrong, check against another impls. */
194 crypto_blkcipher_set_iv(tfm
, esph
->enc_data
, esp
->conf
.ivlen
);
198 struct scatterlist
*sg
= &esp
->sgbuf
[0];
201 if (unlikely(nfrags
> ESP_NUM_FAST_SG
)) {
202 sg
= kmalloc(sizeof(struct scatterlist
)*nfrags
, GFP_ATOMIC
);
208 skb_to_sgvec(skb
, sg
, sizeof(struct ipv6_esp_hdr
) + esp
->conf
.ivlen
, elen
);
209 ret
= crypto_blkcipher_decrypt(&desc
, sg
, sg
, elen
);
210 if (unlikely(sg
!= &esp
->sgbuf
[0]))
215 if (skb_copy_bits(skb
, skb
->len
-alen
-2, nexthdr
, 2))
219 if (padlen
+2 >= elen
) {
220 LIMIT_NETDEBUG(KERN_WARNING
"ipsec esp packet is garbage padlen=%d, elen=%d\n", padlen
+2, elen
);
224 /* ... check padding bits here. Silly. :-) */
226 pskb_trim(skb
, skb
->len
- alen
- padlen
- 2);
230 __skb_pull(skb
, sizeof(*esph
) + esp
->conf
.ivlen
);
231 skb_set_transport_header(skb
, -hdr_len
);
236 static u32
esp6_get_max_size(struct xfrm_state
*x
, int mtu
)
238 struct esp_data
*esp
= x
->data
;
239 u32 blksize
= ALIGN(crypto_blkcipher_blocksize(esp
->conf
.tfm
), 4);
241 if (x
->props
.mode
== XFRM_MODE_TUNNEL
) {
242 mtu
= ALIGN(mtu
+ 2, blksize
);
244 /* The worst case. */
245 u32 padsize
= ((blksize
- 1) & 7) + 1;
246 mtu
= ALIGN(mtu
+ 2, padsize
) + blksize
- padsize
;
248 if (esp
->conf
.padlen
)
249 mtu
= ALIGN(mtu
, esp
->conf
.padlen
);
251 return mtu
+ x
->props
.header_len
+ esp
->auth
.icv_trunc_len
;
254 static void esp6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
255 int type
, int code
, int offset
, __be32 info
)
257 struct ipv6hdr
*iph
= (struct ipv6hdr
*)skb
->data
;
258 struct ipv6_esp_hdr
*esph
= (struct ipv6_esp_hdr
*)(skb
->data
+offset
);
259 struct xfrm_state
*x
;
261 if (type
!= ICMPV6_DEST_UNREACH
&&
262 type
!= ICMPV6_PKT_TOOBIG
)
265 x
= xfrm_state_lookup((xfrm_address_t
*)&iph
->daddr
, esph
->spi
, IPPROTO_ESP
, AF_INET6
);
268 printk(KERN_DEBUG
"pmtu discovery on SA ESP/%08x/" NIP6_FMT
"\n",
269 ntohl(esph
->spi
), NIP6(iph
->daddr
));
273 static void esp6_destroy(struct xfrm_state
*x
)
275 struct esp_data
*esp
= x
->data
;
280 crypto_free_blkcipher(esp
->conf
.tfm
);
281 esp
->conf
.tfm
= NULL
;
282 kfree(esp
->conf
.ivec
);
283 esp
->conf
.ivec
= NULL
;
284 crypto_free_hash(esp
->auth
.tfm
);
285 esp
->auth
.tfm
= NULL
;
286 kfree(esp
->auth
.work_icv
);
287 esp
->auth
.work_icv
= NULL
;
291 static int esp6_init_state(struct xfrm_state
*x
)
293 struct esp_data
*esp
= NULL
;
294 struct crypto_blkcipher
*tfm
;
296 /* null auth and encryption can have zero length keys */
298 if (x
->aalg
->alg_key_len
> 512)
307 esp
= kzalloc(sizeof(*esp
), GFP_KERNEL
);
312 struct xfrm_algo_desc
*aalg_desc
;
313 struct crypto_hash
*hash
;
315 esp
->auth
.key
= x
->aalg
->alg_key
;
316 esp
->auth
.key_len
= (x
->aalg
->alg_key_len
+7)/8;
317 hash
= crypto_alloc_hash(x
->aalg
->alg_name
, 0,
322 esp
->auth
.tfm
= hash
;
323 if (crypto_hash_setkey(hash
, esp
->auth
.key
, esp
->auth
.key_len
))
326 aalg_desc
= xfrm_aalg_get_byname(x
->aalg
->alg_name
, 0);
329 if (aalg_desc
->uinfo
.auth
.icv_fullbits
/8 !=
330 crypto_hash_digestsize(hash
)) {
331 NETDEBUG(KERN_INFO
"ESP: %s digestsize %u != %hu\n",
333 crypto_hash_digestsize(hash
),
334 aalg_desc
->uinfo
.auth
.icv_fullbits
/8);
338 esp
->auth
.icv_full_len
= aalg_desc
->uinfo
.auth
.icv_fullbits
/8;
339 esp
->auth
.icv_trunc_len
= aalg_desc
->uinfo
.auth
.icv_truncbits
/8;
341 esp
->auth
.work_icv
= kmalloc(esp
->auth
.icv_full_len
, GFP_KERNEL
);
342 if (!esp
->auth
.work_icv
)
345 esp
->conf
.key
= x
->ealg
->alg_key
;
346 esp
->conf
.key_len
= (x
->ealg
->alg_key_len
+7)/8;
347 tfm
= crypto_alloc_blkcipher(x
->ealg
->alg_name
, 0, CRYPTO_ALG_ASYNC
);
351 esp
->conf
.ivlen
= crypto_blkcipher_ivsize(tfm
);
352 esp
->conf
.padlen
= 0;
353 if (esp
->conf
.ivlen
) {
354 esp
->conf
.ivec
= kmalloc(esp
->conf
.ivlen
, GFP_KERNEL
);
355 if (unlikely(esp
->conf
.ivec
== NULL
))
357 esp
->conf
.ivinitted
= 0;
359 if (crypto_blkcipher_setkey(tfm
, esp
->conf
.key
, esp
->conf
.key_len
))
361 x
->props
.header_len
= sizeof(struct ipv6_esp_hdr
) + esp
->conf
.ivlen
;
362 if (x
->props
.mode
== XFRM_MODE_TUNNEL
)
363 x
->props
.header_len
+= sizeof(struct ipv6hdr
);
374 static struct xfrm_type esp6_type
=
376 .description
= "ESP6",
377 .owner
= THIS_MODULE
,
378 .proto
= IPPROTO_ESP
,
379 .init_state
= esp6_init_state
,
380 .destructor
= esp6_destroy
,
381 .get_max_size
= esp6_get_max_size
,
383 .output
= esp6_output
,
384 .hdr_offset
= xfrm6_find_1stfragopt
,
387 static struct inet6_protocol esp6_protocol
= {
388 .handler
= xfrm6_rcv
,
389 .err_handler
= esp6_err
,
390 .flags
= INET6_PROTO_NOPOLICY
,
393 static int __init
esp6_init(void)
395 if (xfrm_register_type(&esp6_type
, AF_INET6
) < 0) {
396 printk(KERN_INFO
"ipv6 esp init: can't add xfrm type\n");
399 if (inet6_add_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0) {
400 printk(KERN_INFO
"ipv6 esp init: can't add protocol\n");
401 xfrm_unregister_type(&esp6_type
, AF_INET6
);
408 static void __exit
esp6_fini(void)
410 if (inet6_del_protocol(&esp6_protocol
, IPPROTO_ESP
) < 0)
411 printk(KERN_INFO
"ipv6 esp close: can't remove protocol\n");
412 if (xfrm_unregister_type(&esp6_type
, AF_INET6
) < 0)
413 printk(KERN_INFO
"ipv6 esp close: can't remove xfrm type\n");
416 module_init(esp6_init
);
417 module_exit(esp6_fini
);
419 MODULE_LICENSE("GPL");