esp4.c 11.7 KB
Newer Older
1
#include <linux/err.h>
L
Linus Torvalds 已提交
2 3 4 5 6 7
#include <linux/module.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/esp.h>
#include <asm/scatterlist.h>
#include <linux/crypto.h>
H
Herbert Xu 已提交
8
#include <linux/kernel.h>
L
Linus Torvalds 已提交
9 10 11
#include <linux/pfkeyv2.h>
#include <linux/random.h>
#include <net/icmp.h>
12
#include <net/protocol.h>
L
Linus Torvalds 已提交
13 14 15 16 17 18 19
#include <net/udp.h>

static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
{
	int err;
	struct iphdr *top_iph;
	struct ip_esp_hdr *esph;
20 21
	struct crypto_blkcipher *tfm;
	struct blkcipher_desc desc;
L
Linus Torvalds 已提交
22 23
	struct esp_data *esp;
	struct sk_buff *trailer;
24
	u8 *tail;
L
Linus Torvalds 已提交
25 26 27 28 29 30
	int blksize;
	int clen;
	int alen;
	int nfrags;

	/* Strip IP+ESP header. */
31
	__skb_pull(skb, skb_transport_offset(skb));
L
Linus Torvalds 已提交
32 33 34 35 36 37 38 39 40 41
	/* Now skb is pure payload to encrypt */

	err = -ENOMEM;

	/* Round to block size */
	clen = skb->len;

	esp = x->data;
	alen = esp->auth.icv_trunc_len;
	tfm = esp->conf.tfm;
42 43 44
	desc.tfm = tfm;
	desc.flags = 0;
	blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
H
Herbert Xu 已提交
45
	clen = ALIGN(clen + 2, blksize);
L
Linus Torvalds 已提交
46
	if (esp->conf.padlen)
H
Herbert Xu 已提交
47
		clen = ALIGN(clen, esp->conf.padlen);
L
Linus Torvalds 已提交
48 49 50 51 52

	if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0)
		goto error;

	/* Fill padding... */
53
	tail = skb_tail_pointer(trailer);
L
Linus Torvalds 已提交
54 55 56
	do {
		int i;
		for (i=0; i<clen-skb->len - 2; i++)
57
			tail[i] = i + 1;
L
Linus Torvalds 已提交
58
	} while (0);
59
	tail[clen - skb->len - 2] = (clen - skb->len) - 2;
L
Linus Torvalds 已提交
60 61
	pskb_put(skb, trailer, clen - skb->len);

62
	__skb_push(skb, skb->data - skb_network_header(skb));
63
	top_iph = ip_hdr(skb);
64 65
	esph = (struct ip_esp_hdr *)(skb_network_header(skb) +
				     top_iph->ihl * 4);
L
Linus Torvalds 已提交
66
	top_iph->tot_len = htons(skb->len + alen);
67
	*(skb_tail_pointer(trailer) - 1) = top_iph->protocol;
L
Linus Torvalds 已提交
68 69 70 71 72

	/* this is non-NULL only with UDP Encapsulation */
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;
		struct udphdr *uh;
A
Al Viro 已提交
73
		__be32 *udpdata32;
L
Linus Torvalds 已提交
74 75 76 77 78 79 80 81 82 83 84 85 86

		uh = (struct udphdr *)esph;
		uh->source = encap->encap_sport;
		uh->dest = encap->encap_dport;
		uh->len = htons(skb->len + alen - top_iph->ihl*4);
		uh->check = 0;

		switch (encap->encap_type) {
		default:
		case UDP_ENCAP_ESPINUDP:
			esph = (struct ip_esp_hdr *)(uh + 1);
			break;
		case UDP_ENCAP_ESPINUDP_NON_IKE:
A
Al Viro 已提交
87
			udpdata32 = (__be32 *)(uh + 1);
L
Linus Torvalds 已提交
88 89 90 91 92 93 94 95 96 97 98
			udpdata32[0] = udpdata32[1] = 0;
			esph = (struct ip_esp_hdr *)(udpdata32 + 2);
			break;
		}

		top_iph->protocol = IPPROTO_UDP;
	} else
		top_iph->protocol = IPPROTO_ESP;

	esph->spi = x->id.spi;
	esph->seq_no = htonl(++x->replay.oseq);
99
	xfrm_aevent_doreplay(x);
L
Linus Torvalds 已提交
100

101 102 103 104 105
	if (esp->conf.ivlen) {
		if (unlikely(!esp->conf.ivinitted)) {
			get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
			esp->conf.ivinitted = 1;
		}
106
		crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
107
	}
L
Linus Torvalds 已提交
108 109 110 111 112 113 114 115 116 117

	do {
		struct scatterlist *sg = &esp->sgbuf[0];

		if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
			sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
			if (!sg)
				goto error;
		}
		skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
118
		err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
L
Linus Torvalds 已提交
119 120 121 122
		if (unlikely(sg != &esp->sgbuf[0]))
			kfree(sg);
	} while (0);

123 124 125
	if (unlikely(err))
		goto error;

L
Linus Torvalds 已提交
126
	if (esp->conf.ivlen) {
127 128
		memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
		crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
L
Linus Torvalds 已提交
129 130 131
	}

	if (esp->auth.icv_full_len) {
132 133 134
		err = esp_mac_digest(esp, skb, (u8 *)esph - skb->data,
				     sizeof(*esph) + esp->conf.ivlen + clen);
		memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen);
L
Linus Torvalds 已提交
135 136 137 138 139 140 141 142 143 144 145 146 147
	}

	ip_send_check(top_iph);

error:
	return err;
}

/*
 * Note: detecting truncated vs. non-truncated authentication data is very
 * expensive, so we only support truncated data, which is the recommended
 * and common case.
 */
148
static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
L
Linus Torvalds 已提交
149 150 151 152
{
	struct iphdr *iph;
	struct ip_esp_hdr *esph;
	struct esp_data *esp = x->data;
153 154
	struct crypto_blkcipher *tfm = esp->conf.tfm;
	struct blkcipher_desc desc = { .tfm = tfm };
L
Linus Torvalds 已提交
155
	struct sk_buff *trailer;
156
	int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
L
Linus Torvalds 已提交
157 158 159
	int alen = esp->auth.icv_trunc_len;
	int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
	int nfrags;
160
	int ihl;
161 162 163
	u8 nexthdr[2];
	struct scatterlist *sg;
	int padlen;
164
	int err;
L
Linus Torvalds 已提交
165 166 167 168 169 170 171 172 173

	if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
		goto out;

	if (elen <= 0 || (elen & (blksize-1)))
		goto out;

	/* If integrity check is required, do this. */
	if (esp->auth.icv_full_len) {
174
		u8 sum[alen];
L
Linus Torvalds 已提交
175

176 177 178 179 180
		err = esp_mac_digest(esp, skb, 0, skb->len - alen);
		if (err)
			goto out;

		if (skb_copy_bits(skb, skb->len - alen, sum, alen))
L
Linus Torvalds 已提交
181 182
			BUG();

183
		if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
L
Linus Torvalds 已提交
184 185 186 187 188 189 190 191 192 193 194 195 196 197
			x->stats.integrity_failed++;
			goto out;
		}
	}

	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0)
		goto out;

	skb->ip_summed = CHECKSUM_NONE;

	esph = (struct ip_esp_hdr*)skb->data;

	/* Get ivec. This can be wrong, check against another impls. */
	if (esp->conf.ivlen)
198
		crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
L
Linus Torvalds 已提交
199

200
	sg = &esp->sgbuf[0];
L
Linus Torvalds 已提交
201

202 203 204 205 206 207
	if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
		sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
		if (!sg)
			goto out;
	}
	skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
208
	err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
209 210
	if (unlikely(sg != &esp->sgbuf[0]))
		kfree(sg);
211 212
	if (unlikely(err))
		return err;
L
Linus Torvalds 已提交
213

214 215
	if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
		BUG();
L
Linus Torvalds 已提交
216

217 218 219
	padlen = nexthdr[0];
	if (padlen+2 >= elen)
		goto out;
L
Linus Torvalds 已提交
220

221
	/* ... check padding bits here. Silly. :-) */
L
Linus Torvalds 已提交
222

223
	iph = ip_hdr(skb);
224 225
	ihl = iph->ihl * 4;

226 227
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;
228
		struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);
229 230 231 232 233 234 235 236 237 238 239 240 241

		/*
		 * 1) if the NAT-T peer's IP or port changed then
		 *    advertize the change to the keying daemon.
		 *    This is an inbound SA, so just compare
		 *    SRC ports.
		 */
		if (iph->saddr != x->props.saddr.a4 ||
		    uh->source != encap->encap_sport) {
			xfrm_address_t ipaddr;

			ipaddr.a4 = iph->saddr;
			km_new_mapping(x, &ipaddr, uh->source);
242

243 244 245 246 247 248 249
			/* XXX: perhaps add an extra
			 * policy check here, to see
			 * if we should allow or
			 * reject a packet from a
			 * different source
			 * address/port.
			 */
L
Linus Torvalds 已提交
250
		}
251

252 253 254 255 256 257 258
		/*
		 * 2) ignore UDP/TCP checksums in case
		 *    of NAT-T in Transport Mode, or
		 *    perform other post-processing fixes
		 *    as per draft-ietf-ipsec-udp-encaps-06,
		 *    section 3.1.2
		 */
D
Diego Beltrami 已提交
259 260
		if (x->props.mode == XFRM_MODE_TRANSPORT ||
		    x->props.mode == XFRM_MODE_BEET)
261
			skb->ip_summed = CHECKSUM_UNNECESSARY;
L
Linus Torvalds 已提交
262 263
	}

264 265
	iph->protocol = nexthdr[1];
	pskb_trim(skb, skb->len - alen - padlen - 2);
266 267
	__skb_pull(skb, sizeof(*esph) + esp->conf.ivlen);
	skb_set_transport_header(skb, -ihl);
268

L
Linus Torvalds 已提交
269 270 271 272 273 274
	return 0;

out:
	return -EINVAL;
}

275
static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
L
Linus Torvalds 已提交
276 277
{
	struct esp_data *esp = x->data;
278
	u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
279 280 281 282 283 284
	u32 align = max_t(u32, blksize, esp->conf.padlen);
	u32 rem;

	mtu -= x->props.header_len + esp->auth.icv_trunc_len;
	rem = mtu & (align - 1);
	mtu &= ~(align - 1);
D
Diego Beltrami 已提交
285 286 287 288 289 290 291

	switch (x->props.mode) {
	case XFRM_MODE_TUNNEL:
		break;
	default:
	case XFRM_MODE_TRANSPORT:
		/* The worst case */
292 293
		mtu -= blksize - 4;
		mtu += min_t(u32, blksize - 4, rem);
D
Diego Beltrami 已提交
294 295
		break;
	case XFRM_MODE_BEET:
296
		/* The worst case. */
297
		mtu += min_t(u32, IPV4_BEET_PHMAXLEN, rem);
D
Diego Beltrami 已提交
298
		break;
L
Linus Torvalds 已提交
299
	}
D
Diego Beltrami 已提交
300

301
	return mtu - 2;
L
Linus Torvalds 已提交
302 303 304 305 306 307 308 309
}

static void esp4_err(struct sk_buff *skb, u32 info)
{
	struct iphdr *iph = (struct iphdr*)skb->data;
	struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2));
	struct xfrm_state *x;

310 311
	if (icmp_hdr(skb)->type != ICMP_DEST_UNREACH ||
	    icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
L
Linus Torvalds 已提交
312 313 314 315 316
		return;

	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
	if (!x)
		return;
317 318
	NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
		 ntohl(esph->spi), ntohl(iph->daddr));
L
Linus Torvalds 已提交
319 320 321 322 323 324 325 326 327 328
	xfrm_state_put(x);
}

static void esp_destroy(struct xfrm_state *x)
{
	struct esp_data *esp = x->data;

	if (!esp)
		return;

329
	crypto_free_blkcipher(esp->conf.tfm);
330 331 332
	esp->conf.tfm = NULL;
	kfree(esp->conf.ivec);
	esp->conf.ivec = NULL;
333
	crypto_free_hash(esp->auth.tfm);
334 335 336
	esp->auth.tfm = NULL;
	kfree(esp->auth.work_icv);
	esp->auth.work_icv = NULL;
L
Linus Torvalds 已提交
337 338 339
	kfree(esp);
}

H
Herbert Xu 已提交
340
static int esp_init_state(struct xfrm_state *x)
L
Linus Torvalds 已提交
341 342
{
	struct esp_data *esp = NULL;
343
	struct crypto_blkcipher *tfm;
344
	u32 align;
L
Linus Torvalds 已提交
345 346 347 348 349 350 351 352 353

	/* null auth and encryption can have zero length keys */
	if (x->aalg) {
		if (x->aalg->alg_key_len > 512)
			goto error;
	}
	if (x->ealg == NULL)
		goto error;

354
	esp = kzalloc(sizeof(*esp), GFP_KERNEL);
L
Linus Torvalds 已提交
355 356 357 358 359
	if (esp == NULL)
		return -ENOMEM;

	if (x->aalg) {
		struct xfrm_algo_desc *aalg_desc;
360
		struct crypto_hash *hash;
L
Linus Torvalds 已提交
361 362 363

		esp->auth.key = x->aalg->alg_key;
		esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
364 365 366 367 368 369 370
		hash = crypto_alloc_hash(x->aalg->alg_name, 0,
					 CRYPTO_ALG_ASYNC);
		if (IS_ERR(hash))
			goto error;

		esp->auth.tfm = hash;
		if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
L
Linus Torvalds 已提交
371 372 373 374 375 376
			goto error;

		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
		BUG_ON(!aalg_desc);

		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
377
		    crypto_hash_digestsize(hash)) {
378 379
			NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",
				 x->aalg->alg_name,
380
				 crypto_hash_digestsize(hash),
381
				 aalg_desc->uinfo.auth.icv_fullbits/8);
L
Linus Torvalds 已提交
382 383 384 385 386 387 388 389 390 391 392 393
			goto error;
		}

		esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
		esp->auth.icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;

		esp->auth.work_icv = kmalloc(esp->auth.icv_full_len, GFP_KERNEL);
		if (!esp->auth.work_icv)
			goto error;
	}
	esp->conf.key = x->ealg->alg_key;
	esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
394 395
	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm))
L
Linus Torvalds 已提交
396
		goto error;
397 398
	esp->conf.tfm = tfm;
	esp->conf.ivlen = crypto_blkcipher_ivsize(tfm);
L
Linus Torvalds 已提交
399 400 401 402 403
	esp->conf.padlen = 0;
	if (esp->conf.ivlen) {
		esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
		if (unlikely(esp->conf.ivec == NULL))
			goto error;
404
		esp->conf.ivinitted = 0;
L
Linus Torvalds 已提交
405
	}
406
	if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
L
Linus Torvalds 已提交
407 408
		goto error;
	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
409
	if (x->props.mode == XFRM_MODE_TUNNEL)
L
Linus Torvalds 已提交
410
		x->props.header_len += sizeof(struct iphdr);
411 412
	else if (x->props.mode == XFRM_MODE_BEET)
		x->props.header_len += IPV4_BEET_PHMAXLEN;
L
Linus Torvalds 已提交
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;

		switch (encap->encap_type) {
		default:
			goto error;
		case UDP_ENCAP_ESPINUDP:
			x->props.header_len += sizeof(struct udphdr);
			break;
		case UDP_ENCAP_ESPINUDP_NON_IKE:
			x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
			break;
		}
	}
	x->data = esp;
428 429 430 431
	align = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
	if (esp->conf.padlen)
		align = max_t(u32, align, esp->conf.padlen);
	x->props.trailer_len = align + 1 + esp->auth.icv_trunc_len;
L
Linus Torvalds 已提交
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
	return 0;

error:
	x->data = esp;
	esp_destroy(x);
	x->data = NULL;
	return -EINVAL;
}

static struct xfrm_type esp_type =
{
	.description	= "ESP4",
	.owner		= THIS_MODULE,
	.proto	     	= IPPROTO_ESP,
	.init_state	= esp_init_state,
	.destructor	= esp_destroy,
448
	.get_mtu	= esp4_get_mtu,
L
Linus Torvalds 已提交
449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483
	.input		= esp_input,
	.output		= esp_output
};

static struct net_protocol esp4_protocol = {
	.handler	=	xfrm4_rcv,
	.err_handler	=	esp4_err,
	.no_policy	=	1,
};

static int __init esp4_init(void)
{
	if (xfrm_register_type(&esp_type, AF_INET) < 0) {
		printk(KERN_INFO "ip esp init: can't add xfrm type\n");
		return -EAGAIN;
	}
	if (inet_add_protocol(&esp4_protocol, IPPROTO_ESP) < 0) {
		printk(KERN_INFO "ip esp init: can't add protocol\n");
		xfrm_unregister_type(&esp_type, AF_INET);
		return -EAGAIN;
	}
	return 0;
}

static void __exit esp4_fini(void)
{
	if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0)
		printk(KERN_INFO "ip esp close: can't remove protocol\n");
	if (xfrm_unregister_type(&esp_type, AF_INET) < 0)
		printk(KERN_INFO "ip esp close: can't remove xfrm type\n");
}

module_init(esp4_init);
module_exit(esp4_fini);
MODULE_LICENSE("GPL");