esp4.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790
  1. #define pr_fmt(fmt) "IPsec: " fmt
  2. #include <crypto/aead.h>
  3. #include <crypto/authenc.h>
  4. #include <linux/err.h>
  5. #include <linux/module.h>
  6. #include <net/ip.h>
  7. #include <net/xfrm.h>
  8. #include <net/esp.h>
  9. #include <linux/scatterlist.h>
  10. #include <linux/kernel.h>
  11. #include <linux/pfkeyv2.h>
  12. #include <linux/rtnetlink.h>
  13. #include <linux/slab.h>
  14. #include <linux/spinlock.h>
  15. #include <linux/in6.h>
  16. #include <net/icmp.h>
  17. #include <net/protocol.h>
  18. #include <net/udp.h>
  19. struct esp_skb_cb {
  20. struct xfrm_skb_cb xfrm;
  21. void *tmp;
  22. };
  23. struct esp_output_extra {
  24. __be32 seqhi;
  25. u32 esphoff;
  26. };
  27. #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
  28. static u32 esp4_get_mtu(struct xfrm_state *x, int mtu);
  29. /*
  30. * Allocate an AEAD request structure with extra space for SG and IV.
  31. *
  32. * For alignment considerations the IV is placed at the front, followed
  33. * by the request and finally the SG list.
  34. *
  35. * TODO: Use spare space in skb for this where possible.
  36. */
  37. static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int extralen)
  38. {
  39. unsigned int len;
  40. len = extralen;
  41. len += crypto_aead_ivsize(aead);
  42. if (len) {
  43. len += crypto_aead_alignmask(aead) &
  44. ~(crypto_tfm_ctx_alignment() - 1);
  45. len = ALIGN(len, crypto_tfm_ctx_alignment());
  46. }
  47. len += sizeof(struct aead_request) + crypto_aead_reqsize(aead);
  48. len = ALIGN(len, __alignof__(struct scatterlist));
  49. len += sizeof(struct scatterlist) * nfrags;
  50. return kmalloc(len, GFP_ATOMIC);
  51. }
  52. static inline void *esp_tmp_extra(void *tmp)
  53. {
  54. return PTR_ALIGN(tmp, __alignof__(struct esp_output_extra));
  55. }
  56. static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int extralen)
  57. {
  58. return crypto_aead_ivsize(aead) ?
  59. PTR_ALIGN((u8 *)tmp + extralen,
  60. crypto_aead_alignmask(aead) + 1) : tmp + extralen;
  61. }
  62. static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
  63. {
  64. struct aead_request *req;
  65. req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
  66. crypto_tfm_ctx_alignment());
  67. aead_request_set_tfm(req, aead);
  68. return req;
  69. }
  70. static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
  71. struct aead_request *req)
  72. {
  73. return (void *)ALIGN((unsigned long)(req + 1) +
  74. crypto_aead_reqsize(aead),
  75. __alignof__(struct scatterlist));
  76. }
  77. static void esp_output_done(struct crypto_async_request *base, int err)
  78. {
  79. struct sk_buff *skb = base->data;
  80. kfree(ESP_SKB_CB(skb)->tmp);
  81. xfrm_output_resume(skb, err);
  82. }
  83. /* Move ESP header back into place. */
  84. static void esp_restore_header(struct sk_buff *skb, unsigned int offset)
  85. {
  86. struct ip_esp_hdr *esph = (void *)(skb->data + offset);
  87. void *tmp = ESP_SKB_CB(skb)->tmp;
  88. __be32 *seqhi = esp_tmp_extra(tmp);
  89. esph->seq_no = esph->spi;
  90. esph->spi = *seqhi;
  91. }
  92. static void esp_output_restore_header(struct sk_buff *skb)
  93. {
  94. void *tmp = ESP_SKB_CB(skb)->tmp;
  95. struct esp_output_extra *extra = esp_tmp_extra(tmp);
  96. esp_restore_header(skb, skb_transport_offset(skb) + extra->esphoff -
  97. sizeof(__be32));
  98. }
  99. static void esp_output_done_esn(struct crypto_async_request *base, int err)
  100. {
  101. struct sk_buff *skb = base->data;
  102. esp_output_restore_header(skb);
  103. esp_output_done(base, err);
  104. }
  105. static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
  106. {
  107. int err;
  108. struct esp_output_extra *extra;
  109. struct ip_esp_hdr *esph;
  110. struct crypto_aead *aead;
  111. struct aead_request *req;
  112. struct scatterlist *sg;
  113. struct sk_buff *trailer;
  114. void *tmp;
  115. u8 *iv;
  116. u8 *tail;
  117. int blksize;
  118. int clen;
  119. int alen;
  120. int plen;
  121. int ivlen;
  122. int tfclen;
  123. int nfrags;
  124. int assoclen;
  125. int extralen;
  126. __be64 seqno;
  127. /* skb is pure payload to encrypt */
  128. aead = x->data;
  129. alen = crypto_aead_authsize(aead);
  130. ivlen = crypto_aead_ivsize(aead);
  131. tfclen = 0;
  132. if (x->tfcpad) {
  133. struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
  134. u32 padto;
  135. padto = min(x->tfcpad, esp4_get_mtu(x, dst->child_mtu_cached));
  136. if (skb->len < padto)
  137. tfclen = padto - skb->len;
  138. }
  139. blksize = ALIGN(crypto_aead_blocksize(aead), 4);
  140. clen = ALIGN(skb->len + 2 + tfclen, blksize);
  141. plen = clen - skb->len - tfclen;
  142. err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
  143. if (err < 0)
  144. goto error;
  145. nfrags = err;
  146. assoclen = sizeof(*esph);
  147. extralen = 0;
  148. if (x->props.flags & XFRM_STATE_ESN) {
  149. extralen += sizeof(*extra);
  150. assoclen += sizeof(__be32);
  151. }
  152. tmp = esp_alloc_tmp(aead, nfrags, extralen);
  153. if (!tmp) {
  154. err = -ENOMEM;
  155. goto error;
  156. }
  157. extra = esp_tmp_extra(tmp);
  158. iv = esp_tmp_iv(aead, tmp, extralen);
  159. req = esp_tmp_req(aead, iv);
  160. sg = esp_req_sg(aead, req);
  161. /* Fill padding... */
  162. tail = skb_tail_pointer(trailer);
  163. if (tfclen) {
  164. memset(tail, 0, tfclen);
  165. tail += tfclen;
  166. }
  167. do {
  168. int i;
  169. for (i = 0; i < plen - 2; i++)
  170. tail[i] = i + 1;
  171. } while (0);
  172. tail[plen - 2] = plen - 2;
  173. tail[plen - 1] = *skb_mac_header(skb);
  174. pskb_put(skb, trailer, clen - skb->len + alen);
  175. skb_push(skb, -skb_network_offset(skb));
  176. esph = ip_esp_hdr(skb);
  177. *skb_mac_header(skb) = IPPROTO_ESP;
  178. /* this is non-NULL only with UDP Encapsulation */
  179. if (x->encap) {
  180. struct xfrm_encap_tmpl *encap = x->encap;
  181. struct udphdr *uh;
  182. __be32 *udpdata32;
  183. __be16 sport, dport;
  184. int encap_type;
  185. spin_lock_bh(&x->lock);
  186. sport = encap->encap_sport;
  187. dport = encap->encap_dport;
  188. encap_type = encap->encap_type;
  189. spin_unlock_bh(&x->lock);
  190. uh = (struct udphdr *)esph;
  191. uh->source = sport;
  192. uh->dest = dport;
  193. uh->len = htons(skb->len - skb_transport_offset(skb));
  194. uh->check = 0;
  195. switch (encap_type) {
  196. default:
  197. case UDP_ENCAP_ESPINUDP:
  198. esph = (struct ip_esp_hdr *)(uh + 1);
  199. break;
  200. case UDP_ENCAP_ESPINUDP_NON_IKE:
  201. udpdata32 = (__be32 *)(uh + 1);
  202. udpdata32[0] = udpdata32[1] = 0;
  203. esph = (struct ip_esp_hdr *)(udpdata32 + 2);
  204. break;
  205. }
  206. *skb_mac_header(skb) = IPPROTO_UDP;
  207. }
  208. esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
  209. aead_request_set_callback(req, 0, esp_output_done, skb);
  210. /* For ESN we move the header forward by 4 bytes to
  211. * accomodate the high bits. We will move it back after
  212. * encryption.
  213. */
  214. if ((x->props.flags & XFRM_STATE_ESN)) {
  215. extra->esphoff = (unsigned char *)esph -
  216. skb_transport_header(skb);
  217. esph = (struct ip_esp_hdr *)((unsigned char *)esph - 4);
  218. extra->seqhi = esph->spi;
  219. esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.hi);
  220. aead_request_set_callback(req, 0, esp_output_done_esn, skb);
  221. }
  222. esph->spi = x->id.spi;
  223. sg_init_table(sg, nfrags);
  224. err = skb_to_sgvec(skb, sg,
  225. (unsigned char *)esph - skb->data,
  226. assoclen + ivlen + clen + alen);
  227. if (unlikely(err < 0))
  228. goto error;
  229. aead_request_set_crypt(req, sg, sg, ivlen + clen, iv);
  230. aead_request_set_ad(req, assoclen);
  231. seqno = cpu_to_be64(XFRM_SKB_CB(skb)->seq.output.low +
  232. ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
  233. memset(iv, 0, ivlen);
  234. memcpy(iv + ivlen - min(ivlen, 8), (u8 *)&seqno + 8 - min(ivlen, 8),
  235. min(ivlen, 8));
  236. ESP_SKB_CB(skb)->tmp = tmp;
  237. err = crypto_aead_encrypt(req);
  238. switch (err) {
  239. case -EINPROGRESS:
  240. goto error;
  241. case -EBUSY:
  242. err = NET_XMIT_DROP;
  243. break;
  244. case 0:
  245. if ((x->props.flags & XFRM_STATE_ESN))
  246. esp_output_restore_header(skb);
  247. }
  248. kfree(tmp);
  249. error:
  250. return err;
  251. }
  252. static int esp_input_done2(struct sk_buff *skb, int err)
  253. {
  254. const struct iphdr *iph;
  255. struct xfrm_state *x = xfrm_input_state(skb);
  256. struct crypto_aead *aead = x->data;
  257. int alen = crypto_aead_authsize(aead);
  258. int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
  259. int elen = skb->len - hlen;
  260. int ihl;
  261. u8 nexthdr[2];
  262. int padlen;
  263. kfree(ESP_SKB_CB(skb)->tmp);
  264. if (unlikely(err))
  265. goto out;
  266. if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
  267. BUG();
  268. err = -EINVAL;
  269. padlen = nexthdr[0];
  270. if (padlen + 2 + alen >= elen)
  271. goto out;
  272. /* ... check padding bits here. Silly. :-) */
  273. iph = ip_hdr(skb);
  274. ihl = iph->ihl * 4;
  275. if (x->encap) {
  276. struct xfrm_encap_tmpl *encap = x->encap;
  277. struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);
  278. /*
  279. * 1) if the NAT-T peer's IP or port changed then
  280. * advertize the change to the keying daemon.
  281. * This is an inbound SA, so just compare
  282. * SRC ports.
  283. */
  284. if (iph->saddr != x->props.saddr.a4 ||
  285. uh->source != encap->encap_sport) {
  286. xfrm_address_t ipaddr;
  287. ipaddr.a4 = iph->saddr;
  288. km_new_mapping(x, &ipaddr, uh->source);
  289. /* XXX: perhaps add an extra
  290. * policy check here, to see
  291. * if we should allow or
  292. * reject a packet from a
  293. * different source
  294. * address/port.
  295. */
  296. }
  297. /*
  298. * 2) ignore UDP/TCP checksums in case
  299. * of NAT-T in Transport Mode, or
  300. * perform other post-processing fixes
  301. * as per draft-ietf-ipsec-udp-encaps-06,
  302. * section 3.1.2
  303. */
  304. if (x->props.mode == XFRM_MODE_TRANSPORT)
  305. skb->ip_summed = CHECKSUM_UNNECESSARY;
  306. }
  307. pskb_trim(skb, skb->len - alen - padlen - 2);
  308. __skb_pull(skb, hlen);
  309. if (x->props.mode == XFRM_MODE_TUNNEL)
  310. skb_reset_transport_header(skb);
  311. else
  312. skb_set_transport_header(skb, -ihl);
  313. err = nexthdr[1];
  314. /* RFC4303: Drop dummy packets without any error */
  315. if (err == IPPROTO_NONE)
  316. err = -EINVAL;
  317. out:
  318. return err;
  319. }
  320. static void esp_input_done(struct crypto_async_request *base, int err)
  321. {
  322. struct sk_buff *skb = base->data;
  323. xfrm_input_resume(skb, esp_input_done2(skb, err));
  324. }
  325. static void esp_input_restore_header(struct sk_buff *skb)
  326. {
  327. esp_restore_header(skb, 0);
  328. __skb_pull(skb, 4);
  329. }
  330. static void esp_input_done_esn(struct crypto_async_request *base, int err)
  331. {
  332. struct sk_buff *skb = base->data;
  333. esp_input_restore_header(skb);
  334. esp_input_done(base, err);
  335. }
  336. /*
  337. * Note: detecting truncated vs. non-truncated authentication data is very
  338. * expensive, so we only support truncated data, which is the recommended
  339. * and common case.
  340. */
  341. static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
  342. {
  343. struct ip_esp_hdr *esph;
  344. struct crypto_aead *aead = x->data;
  345. struct aead_request *req;
  346. struct sk_buff *trailer;
  347. int ivlen = crypto_aead_ivsize(aead);
  348. int elen = skb->len - sizeof(*esph) - ivlen;
  349. int nfrags;
  350. int assoclen;
  351. int seqhilen;
  352. __be32 *seqhi;
  353. void *tmp;
  354. u8 *iv;
  355. struct scatterlist *sg;
  356. int err = -EINVAL;
  357. if (!pskb_may_pull(skb, sizeof(*esph) + ivlen))
  358. goto out;
  359. if (elen <= 0)
  360. goto out;
  361. err = skb_cow_data(skb, 0, &trailer);
  362. if (err < 0)
  363. goto out;
  364. nfrags = err;
  365. assoclen = sizeof(*esph);
  366. seqhilen = 0;
  367. if (x->props.flags & XFRM_STATE_ESN) {
  368. seqhilen += sizeof(__be32);
  369. assoclen += seqhilen;
  370. }
  371. err = -ENOMEM;
  372. tmp = esp_alloc_tmp(aead, nfrags, seqhilen);
  373. if (!tmp)
  374. goto out;
  375. ESP_SKB_CB(skb)->tmp = tmp;
  376. seqhi = esp_tmp_extra(tmp);
  377. iv = esp_tmp_iv(aead, tmp, seqhilen);
  378. req = esp_tmp_req(aead, iv);
  379. sg = esp_req_sg(aead, req);
  380. skb->ip_summed = CHECKSUM_NONE;
  381. esph = (struct ip_esp_hdr *)skb->data;
  382. aead_request_set_callback(req, 0, esp_input_done, skb);
  383. /* For ESN we move the header forward by 4 bytes to
  384. * accomodate the high bits. We will move it back after
  385. * decryption.
  386. */
  387. if ((x->props.flags & XFRM_STATE_ESN)) {
  388. esph = (void *)skb_push(skb, 4);
  389. *seqhi = esph->spi;
  390. esph->spi = esph->seq_no;
  391. esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
  392. aead_request_set_callback(req, 0, esp_input_done_esn, skb);
  393. }
  394. sg_init_table(sg, nfrags);
  395. err = skb_to_sgvec(skb, sg, 0, skb->len);
  396. if (unlikely(err < 0))
  397. goto out;
  398. aead_request_set_crypt(req, sg, sg, elen + ivlen, iv);
  399. aead_request_set_ad(req, assoclen);
  400. err = crypto_aead_decrypt(req);
  401. if (err == -EINPROGRESS)
  402. goto out;
  403. if ((x->props.flags & XFRM_STATE_ESN))
  404. esp_input_restore_header(skb);
  405. err = esp_input_done2(skb, err);
  406. out:
  407. return err;
  408. }
  409. static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
  410. {
  411. struct crypto_aead *aead = x->data;
  412. u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
  413. unsigned int net_adj;
  414. switch (x->props.mode) {
  415. case XFRM_MODE_TRANSPORT:
  416. case XFRM_MODE_BEET:
  417. net_adj = sizeof(struct iphdr);
  418. break;
  419. case XFRM_MODE_TUNNEL:
  420. net_adj = 0;
  421. break;
  422. default:
  423. BUG();
  424. }
  425. return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
  426. net_adj) & ~(blksize - 1)) + net_adj - 2;
  427. }
  428. static int esp4_err(struct sk_buff *skb, u32 info)
  429. {
  430. struct net *net = dev_net(skb->dev);
  431. const struct iphdr *iph = (const struct iphdr *)skb->data;
  432. struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
  433. struct xfrm_state *x;
  434. switch (icmp_hdr(skb)->type) {
  435. case ICMP_DEST_UNREACH:
  436. if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
  437. return 0;
  438. case ICMP_REDIRECT:
  439. break;
  440. default:
  441. return 0;
  442. }
  443. x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
  444. esph->spi, IPPROTO_ESP, AF_INET);
  445. if (!x)
  446. return 0;
  447. if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
  448. ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
  449. else
  450. ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0);
  451. xfrm_state_put(x);
  452. return 0;
  453. }
  454. static void esp_destroy(struct xfrm_state *x)
  455. {
  456. struct crypto_aead *aead = x->data;
  457. if (!aead)
  458. return;
  459. crypto_free_aead(aead);
  460. }
  461. static int esp_init_aead(struct xfrm_state *x)
  462. {
  463. char aead_name[CRYPTO_MAX_ALG_NAME];
  464. struct crypto_aead *aead;
  465. int err;
  466. err = -ENAMETOOLONG;
  467. if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
  468. x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)
  469. goto error;
  470. aead = crypto_alloc_aead(aead_name, 0, 0);
  471. err = PTR_ERR(aead);
  472. if (IS_ERR(aead))
  473. goto error;
  474. x->data = aead;
  475. err = crypto_aead_setkey(aead, x->aead->alg_key,
  476. (x->aead->alg_key_len + 7) / 8);
  477. if (err)
  478. goto error;
  479. err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
  480. if (err)
  481. goto error;
  482. error:
  483. return err;
  484. }
  485. static int esp_init_authenc(struct xfrm_state *x)
  486. {
  487. struct crypto_aead *aead;
  488. struct crypto_authenc_key_param *param;
  489. struct rtattr *rta;
  490. char *key;
  491. char *p;
  492. char authenc_name[CRYPTO_MAX_ALG_NAME];
  493. unsigned int keylen;
  494. int err;
  495. err = -EINVAL;
  496. if (!x->ealg)
  497. goto error;
  498. err = -ENAMETOOLONG;
  499. if ((x->props.flags & XFRM_STATE_ESN)) {
  500. if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
  501. "%s%sauthencesn(%s,%s)%s",
  502. x->geniv ?: "", x->geniv ? "(" : "",
  503. x->aalg ? x->aalg->alg_name : "digest_null",
  504. x->ealg->alg_name,
  505. x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
  506. goto error;
  507. } else {
  508. if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
  509. "%s%sauthenc(%s,%s)%s",
  510. x->geniv ?: "", x->geniv ? "(" : "",
  511. x->aalg ? x->aalg->alg_name : "digest_null",
  512. x->ealg->alg_name,
  513. x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
  514. goto error;
  515. }
  516. aead = crypto_alloc_aead(authenc_name, 0, 0);
  517. err = PTR_ERR(aead);
  518. if (IS_ERR(aead))
  519. goto error;
  520. x->data = aead;
  521. keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
  522. (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
  523. err = -ENOMEM;
  524. key = kmalloc(keylen, GFP_KERNEL);
  525. if (!key)
  526. goto error;
  527. p = key;
  528. rta = (void *)p;
  529. rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
  530. rta->rta_len = RTA_LENGTH(sizeof(*param));
  531. param = RTA_DATA(rta);
  532. p += RTA_SPACE(sizeof(*param));
  533. if (x->aalg) {
  534. struct xfrm_algo_desc *aalg_desc;
  535. memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
  536. p += (x->aalg->alg_key_len + 7) / 8;
  537. aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
  538. BUG_ON(!aalg_desc);
  539. err = -EINVAL;
  540. if (aalg_desc->uinfo.auth.icv_fullbits / 8 !=
  541. crypto_aead_authsize(aead)) {
  542. pr_info("ESP: %s digestsize %u != %hu\n",
  543. x->aalg->alg_name,
  544. crypto_aead_authsize(aead),
  545. aalg_desc->uinfo.auth.icv_fullbits / 8);
  546. goto free_key;
  547. }
  548. err = crypto_aead_setauthsize(
  549. aead, x->aalg->alg_trunc_len / 8);
  550. if (err)
  551. goto free_key;
  552. }
  553. param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
  554. memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
  555. err = crypto_aead_setkey(aead, key, keylen);
  556. free_key:
  557. kfree(key);
  558. error:
  559. return err;
  560. }
  561. static int esp_init_state(struct xfrm_state *x)
  562. {
  563. struct crypto_aead *aead;
  564. u32 align;
  565. int err;
  566. x->data = NULL;
  567. if (x->aead)
  568. err = esp_init_aead(x);
  569. else
  570. err = esp_init_authenc(x);
  571. if (err)
  572. goto error;
  573. aead = x->data;
  574. x->props.header_len = sizeof(struct ip_esp_hdr) +
  575. crypto_aead_ivsize(aead);
  576. if (x->props.mode == XFRM_MODE_TUNNEL)
  577. x->props.header_len += sizeof(struct iphdr);
  578. else if (x->props.mode == XFRM_MODE_BEET && x->sel.family != AF_INET6)
  579. x->props.header_len += IPV4_BEET_PHMAXLEN;
  580. if (x->encap) {
  581. struct xfrm_encap_tmpl *encap = x->encap;
  582. switch (encap->encap_type) {
  583. default:
  584. goto error;
  585. case UDP_ENCAP_ESPINUDP:
  586. x->props.header_len += sizeof(struct udphdr);
  587. break;
  588. case UDP_ENCAP_ESPINUDP_NON_IKE:
  589. x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
  590. break;
  591. }
  592. }
  593. align = ALIGN(crypto_aead_blocksize(aead), 4);
  594. x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
  595. error:
  596. return err;
  597. }
  598. static int esp4_rcv_cb(struct sk_buff *skb, int err)
  599. {
  600. return 0;
  601. }
  602. static const struct xfrm_type esp_type =
  603. {
  604. .description = "ESP4",
  605. .owner = THIS_MODULE,
  606. .proto = IPPROTO_ESP,
  607. .flags = XFRM_TYPE_REPLAY_PROT,
  608. .init_state = esp_init_state,
  609. .destructor = esp_destroy,
  610. .get_mtu = esp4_get_mtu,
  611. .input = esp_input,
  612. .output = esp_output
  613. };
  614. static struct xfrm4_protocol esp4_protocol = {
  615. .handler = xfrm4_rcv,
  616. .input_handler = xfrm_input,
  617. .cb_handler = esp4_rcv_cb,
  618. .err_handler = esp4_err,
  619. .priority = 0,
  620. };
  621. static int __init esp4_init(void)
  622. {
  623. if (xfrm_register_type(&esp_type, AF_INET) < 0) {
  624. pr_info("%s: can't add xfrm type\n", __func__);
  625. return -EAGAIN;
  626. }
  627. if (xfrm4_protocol_register(&esp4_protocol, IPPROTO_ESP) < 0) {
  628. pr_info("%s: can't add protocol\n", __func__);
  629. xfrm_unregister_type(&esp_type, AF_INET);
  630. return -EAGAIN;
  631. }
  632. return 0;
  633. }
  634. static void __exit esp4_fini(void)
  635. {
  636. if (xfrm4_protocol_deregister(&esp4_protocol, IPPROTO_ESP) < 0)
  637. pr_info("%s: can't remove protocol\n", __func__);
  638. if (xfrm_unregister_type(&esp_type, AF_INET) < 0)
  639. pr_info("%s: can't remove xfrm type\n", __func__);
  640. }
  641. module_init(esp4_init);
  642. module_exit(esp4_fini);
  643. MODULE_LICENSE("GPL");
  644. MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_ESP);