2 * xfrm algorithm interface
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/pfkeyv2.h>
15 #include <linux/crypto.h>
16 #include <linux/scatterlist.h>
18 #if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
23 * Algorithms supported by IPsec. These entries contain properties which
24 * are used in key negotiation and xfrm processing, and are used to verify
25 * that instantiated crypto transforms have correct parameters for IPsec
28 static struct xfrm_algo_desc aead_list[] = {
30 .name = "rfc4106(gcm(aes))",
41 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
43 .sadb_alg_minbits = 128,
44 .sadb_alg_maxbits = 256
48 .name = "rfc4106(gcm(aes))",
59 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
61 .sadb_alg_minbits = 128,
62 .sadb_alg_maxbits = 256
66 .name = "rfc4106(gcm(aes))",
77 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
79 .sadb_alg_minbits = 128,
80 .sadb_alg_maxbits = 256
84 .name = "rfc4309(ccm(aes))",
95 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
97 .sadb_alg_minbits = 128,
98 .sadb_alg_maxbits = 256
102 .name = "rfc4309(ccm(aes))",
110 .pfkey_supported = 1,
113 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
115 .sadb_alg_minbits = 128,
116 .sadb_alg_maxbits = 256
120 .name = "rfc4309(ccm(aes))",
124 .icv_truncbits = 128,
128 .pfkey_supported = 1,
131 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
133 .sadb_alg_minbits = 128,
134 .sadb_alg_maxbits = 256
138 .name = "rfc4543(gcm(aes))",
142 .icv_truncbits = 128,
146 .pfkey_supported = 1,
149 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
151 .sadb_alg_minbits = 128,
152 .sadb_alg_maxbits = 256
157 static struct xfrm_algo_desc aalg_list[] = {
159 .name = "digest_null",
168 .pfkey_supported = 1,
171 .sadb_alg_id = SADB_X_AALG_NULL,
173 .sadb_alg_minbits = 0,
174 .sadb_alg_maxbits = 0
188 .pfkey_supported = 1,
191 .sadb_alg_id = SADB_AALG_MD5HMAC,
193 .sadb_alg_minbits = 128,
194 .sadb_alg_maxbits = 128
198 .name = "hmac(sha1)",
208 .pfkey_supported = 1,
211 .sadb_alg_id = SADB_AALG_SHA1HMAC,
213 .sadb_alg_minbits = 160,
214 .sadb_alg_maxbits = 160
218 .name = "hmac(sha256)",
228 .pfkey_supported = 1,
231 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
233 .sadb_alg_minbits = 256,
234 .sadb_alg_maxbits = 256
238 .name = "hmac(sha384)",
242 .icv_truncbits = 192,
247 .pfkey_supported = 1,
250 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
252 .sadb_alg_minbits = 384,
253 .sadb_alg_maxbits = 384
257 .name = "hmac(sha512)",
261 .icv_truncbits = 256,
266 .pfkey_supported = 1,
269 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
271 .sadb_alg_minbits = 512,
272 .sadb_alg_maxbits = 512
276 .name = "hmac(rmd160)",
286 .pfkey_supported = 1,
289 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
291 .sadb_alg_minbits = 160,
292 .sadb_alg_maxbits = 160
305 .pfkey_supported = 1,
308 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
310 .sadb_alg_minbits = 128,
311 .sadb_alg_maxbits = 128
325 .pfkey_supported = 0,
329 static struct xfrm_algo_desc ealg_list[] = {
331 .name = "ecb(cipher_null)",
332 .compat = "cipher_null",
341 .pfkey_supported = 1,
344 .sadb_alg_id = SADB_EALG_NULL,
346 .sadb_alg_minbits = 0,
347 .sadb_alg_maxbits = 0
361 .pfkey_supported = 1,
364 .sadb_alg_id = SADB_EALG_DESCBC,
366 .sadb_alg_minbits = 64,
367 .sadb_alg_maxbits = 64
371 .name = "cbc(des3_ede)",
372 .compat = "des3_ede",
381 .pfkey_supported = 1,
384 .sadb_alg_id = SADB_EALG_3DESCBC,
386 .sadb_alg_minbits = 192,
387 .sadb_alg_maxbits = 192
391 .name = "cbc(cast5)",
401 .pfkey_supported = 1,
404 .sadb_alg_id = SADB_X_EALG_CASTCBC,
406 .sadb_alg_minbits = 40,
407 .sadb_alg_maxbits = 128
411 .name = "cbc(blowfish)",
412 .compat = "blowfish",
421 .pfkey_supported = 1,
424 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
426 .sadb_alg_minbits = 40,
427 .sadb_alg_maxbits = 448
441 .pfkey_supported = 1,
444 .sadb_alg_id = SADB_X_EALG_AESCBC,
446 .sadb_alg_minbits = 128,
447 .sadb_alg_maxbits = 256
451 .name = "cbc(serpent)",
461 .pfkey_supported = 1,
464 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
466 .sadb_alg_minbits = 128,
467 .sadb_alg_maxbits = 256,
471 .name = "cbc(camellia)",
472 .compat = "camellia",
481 .pfkey_supported = 1,
484 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
486 .sadb_alg_minbits = 128,
487 .sadb_alg_maxbits = 256
491 .name = "cbc(twofish)",
501 .pfkey_supported = 1,
504 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
506 .sadb_alg_minbits = 128,
507 .sadb_alg_maxbits = 256
511 .name = "rfc3686(ctr(aes))",
516 .defkeybits = 160, /* 128-bit key + 32-bit nonce */
520 .pfkey_supported = 1,
523 .sadb_alg_id = SADB_X_EALG_AESCTR,
525 .sadb_alg_minbits = 160,
526 .sadb_alg_maxbits = 288
531 static struct xfrm_algo_desc calg_list[] = {
539 .pfkey_supported = 1,
540 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
549 .pfkey_supported = 1,
550 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
559 .pfkey_supported = 1,
560 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
564 static inline int aalg_entries(void)
566 return ARRAY_SIZE(aalg_list);
569 static inline int ealg_entries(void)
571 return ARRAY_SIZE(ealg_list);
574 static inline int calg_entries(void)
576 return ARRAY_SIZE(calg_list);
579 struct xfrm_algo_list {
580 struct xfrm_algo_desc *algs;
586 static const struct xfrm_algo_list xfrm_aead_list = {
588 .entries = ARRAY_SIZE(aead_list),
589 .type = CRYPTO_ALG_TYPE_AEAD,
590 .mask = CRYPTO_ALG_TYPE_MASK,
593 static const struct xfrm_algo_list xfrm_aalg_list = {
595 .entries = ARRAY_SIZE(aalg_list),
596 .type = CRYPTO_ALG_TYPE_HASH,
597 .mask = CRYPTO_ALG_TYPE_HASH_MASK,
600 static const struct xfrm_algo_list xfrm_ealg_list = {
602 .entries = ARRAY_SIZE(ealg_list),
603 .type = CRYPTO_ALG_TYPE_BLKCIPHER,
604 .mask = CRYPTO_ALG_TYPE_BLKCIPHER_MASK,
607 static const struct xfrm_algo_list xfrm_calg_list = {
609 .entries = ARRAY_SIZE(calg_list),
610 .type = CRYPTO_ALG_TYPE_COMPRESS,
611 .mask = CRYPTO_ALG_TYPE_MASK,
614 static struct xfrm_algo_desc *xfrm_find_algo(
615 const struct xfrm_algo_list *algo_list,
616 int match(const struct xfrm_algo_desc *entry, const void *data),
617 const void *data, int probe)
619 struct xfrm_algo_desc *list = algo_list->algs;
622 for (i = 0; i < algo_list->entries; i++) {
623 if (!match(list + i, data))
626 if (list[i].available)
632 status = crypto_has_alg(list[i].name, algo_list->type,
637 list[i].available = status;
643 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
646 return entry->desc.sadb_alg_id == (unsigned long)data;
649 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
651 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
652 (void *)(unsigned long)alg_id, 1);
654 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
656 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
658 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
659 (void *)(unsigned long)alg_id, 1);
661 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
663 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
665 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
666 (void *)(unsigned long)alg_id, 1);
668 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
670 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
673 const char *name = data;
675 return name && (!strcmp(name, entry->name) ||
676 (entry->compat && !strcmp(name, entry->compat)));
679 struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
681 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
684 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
686 struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
688 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
691 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
693 struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
695 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
698 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
700 struct xfrm_aead_name {
705 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
708 const struct xfrm_aead_name *aead = data;
709 const char *name = aead->name;
711 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
712 !strcmp(name, entry->name);
715 struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
717 struct xfrm_aead_name data = {
722 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
725 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
727 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
729 if (idx >= aalg_entries())
732 return &aalg_list[idx];
734 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
736 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
738 if (idx >= ealg_entries())
741 return &ealg_list[idx];
743 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
746 * Probe for the availability of crypto algorithms, and set the available
747 * flag for any algorithms found on the system. This is typically called by
748 * pfkey during userspace SA add, update or register.
750 void xfrm_probe_algs(void)
754 BUG_ON(in_softirq());
756 for (i = 0; i < aalg_entries(); i++) {
757 status = crypto_has_hash(aalg_list[i].name, 0,
759 if (aalg_list[i].available != status)
760 aalg_list[i].available = status;
763 for (i = 0; i < ealg_entries(); i++) {
764 status = crypto_has_ablkcipher(ealg_list[i].name, 0, 0);
765 if (ealg_list[i].available != status)
766 ealg_list[i].available = status;
769 for (i = 0; i < calg_entries(); i++) {
770 status = crypto_has_comp(calg_list[i].name, 0,
772 if (calg_list[i].available != status)
773 calg_list[i].available = status;
776 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
778 int xfrm_count_pfkey_auth_supported(void)
782 for (i = 0, n = 0; i < aalg_entries(); i++)
783 if (aalg_list[i].available && aalg_list[i].pfkey_supported)
787 EXPORT_SYMBOL_GPL(xfrm_count_pfkey_auth_supported);
789 int xfrm_count_pfkey_enc_supported(void)
793 for (i = 0, n = 0; i < ealg_entries(); i++)
794 if (ealg_list[i].available && ealg_list[i].pfkey_supported)
798 EXPORT_SYMBOL_GPL(xfrm_count_pfkey_enc_supported);
800 MODULE_LICENSE("GPL");
Code Review / kvmfornfv.git / blob