esp4.c 11.4 KB
Newer Older
1
#include <linux/err.h>
L
Linus Torvalds 已提交
2 3 4 5 6 7
#include <linux/module.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/esp.h>
#include <asm/scatterlist.h>
#include <linux/crypto.h>
H
Herbert Xu 已提交
8
#include <linux/kernel.h>
L
Linus Torvalds 已提交
9 10
#include <linux/pfkeyv2.h>
#include <linux/random.h>
11
#include <linux/spinlock.h>
L
Linus Torvalds 已提交
12
#include <net/icmp.h>
13
#include <net/protocol.h>
L
Linus Torvalds 已提交
14 15 16 17 18 19
#include <net/udp.h>

static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
{
	int err;
	struct ip_esp_hdr *esph;
20 21
	struct crypto_blkcipher *tfm;
	struct blkcipher_desc desc;
L
Linus Torvalds 已提交
22 23
	struct esp_data *esp;
	struct sk_buff *trailer;
24
	u8 *tail;
L
Linus Torvalds 已提交
25 26 27 28 29
	int blksize;
	int clen;
	int alen;
	int nfrags;

30
	/* skb is pure payload to encrypt */
L
Linus Torvalds 已提交
31 32 33 34 35 36 37 38 39

	err = -ENOMEM;

	/* Round to block size */
	clen = skb->len;

	esp = x->data;
	alen = esp->auth.icv_trunc_len;
	tfm = esp->conf.tfm;
40 41 42
	desc.tfm = tfm;
	desc.flags = 0;
	blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
H
Herbert Xu 已提交
43
	clen = ALIGN(clen + 2, blksize);
L
Linus Torvalds 已提交
44
	if (esp->conf.padlen)
H
Herbert Xu 已提交
45
		clen = ALIGN(clen, esp->conf.padlen);
L
Linus Torvalds 已提交
46 47 48 49 50

	if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0)
		goto error;

	/* Fill padding... */
51
	tail = skb_tail_pointer(trailer);
L
Linus Torvalds 已提交
52 53 54
	do {
		int i;
		for (i=0; i<clen-skb->len - 2; i++)
55
			tail[i] = i + 1;
L
Linus Torvalds 已提交
56
	} while (0);
57
	tail[clen - skb->len - 2] = (clen - skb->len) - 2;
L
Linus Torvalds 已提交
58 59
	pskb_put(skb, trailer, clen - skb->len);

60
	skb_push(skb, -skb_network_offset(skb));
61
	esph = ip_esp_hdr(skb);
62 63
	*(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
	*skb_mac_header(skb) = IPPROTO_ESP;
L
Linus Torvalds 已提交
64

65 66
	spin_lock_bh(&x->lock);

L
Linus Torvalds 已提交
67 68 69 70
	/* this is non-NULL only with UDP Encapsulation */
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;
		struct udphdr *uh;
A
Al Viro 已提交
71
		__be32 *udpdata32;
L
Linus Torvalds 已提交
72 73 74 75

		uh = (struct udphdr *)esph;
		uh->source = encap->encap_sport;
		uh->dest = encap->encap_dport;
76
		uh->len = htons(skb->len + alen - skb_transport_offset(skb));
L
Linus Torvalds 已提交
77 78 79 80 81 82 83 84
		uh->check = 0;

		switch (encap->encap_type) {
		default:
		case UDP_ENCAP_ESPINUDP:
			esph = (struct ip_esp_hdr *)(uh + 1);
			break;
		case UDP_ENCAP_ESPINUDP_NON_IKE:
A
Al Viro 已提交
85
			udpdata32 = (__be32 *)(uh + 1);
L
Linus Torvalds 已提交
86 87 88 89 90
			udpdata32[0] = udpdata32[1] = 0;
			esph = (struct ip_esp_hdr *)(udpdata32 + 2);
			break;
		}

91 92
		*skb_mac_header(skb) = IPPROTO_UDP;
	}
L
Linus Torvalds 已提交
93 94

	esph->spi = x->id.spi;
95
	esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
L
Linus Torvalds 已提交
96

97 98 99 100 101
	if (esp->conf.ivlen) {
		if (unlikely(!esp->conf.ivinitted)) {
			get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
			esp->conf.ivinitted = 1;
		}
102
		crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
103
	}
L
Linus Torvalds 已提交
104 105 106 107 108 109 110

	do {
		struct scatterlist *sg = &esp->sgbuf[0];

		if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
			sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
			if (!sg)
111
				goto unlock;
L
Linus Torvalds 已提交
112
		}
113
		sg_init_table(sg, nfrags);
L
Linus Torvalds 已提交
114
		skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
115
		err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
L
Linus Torvalds 已提交
116 117 118 119
		if (unlikely(sg != &esp->sgbuf[0]))
			kfree(sg);
	} while (0);

120
	if (unlikely(err))
121
		goto unlock;
122

L
Linus Torvalds 已提交
123
	if (esp->conf.ivlen) {
124 125
		memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
		crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
L
Linus Torvalds 已提交
126 127 128
	}

	if (esp->auth.icv_full_len) {
129 130 131
		err = esp_mac_digest(esp, skb, (u8 *)esph - skb->data,
				     sizeof(*esph) + esp->conf.ivlen + clen);
		memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen);
L
Linus Torvalds 已提交
132 133
	}

134 135 136
unlock:
	spin_unlock_bh(&x->lock);

L
Linus Torvalds 已提交
137 138 139 140 141 142 143 144 145
error:
	return err;
}

/*
 * Note: detecting truncated vs. non-truncated authentication data is very
 * expensive, so we only support truncated data, which is the recommended
 * and common case.
 */
146
static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
L
Linus Torvalds 已提交
147 148 149 150
{
	struct iphdr *iph;
	struct ip_esp_hdr *esph;
	struct esp_data *esp = x->data;
151 152
	struct crypto_blkcipher *tfm = esp->conf.tfm;
	struct blkcipher_desc desc = { .tfm = tfm };
L
Linus Torvalds 已提交
153
	struct sk_buff *trailer;
154
	int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
L
Linus Torvalds 已提交
155
	int alen = esp->auth.icv_trunc_len;
156
	int elen = skb->len - sizeof(*esph) - esp->conf.ivlen - alen;
L
Linus Torvalds 已提交
157
	int nfrags;
158
	int ihl;
159 160 161
	u8 nexthdr[2];
	struct scatterlist *sg;
	int padlen;
162
	int err;
L
Linus Torvalds 已提交
163

164
	if (!pskb_may_pull(skb, sizeof(*esph)))
L
Linus Torvalds 已提交
165 166 167 168 169 170 171
		goto out;

	if (elen <= 0 || (elen & (blksize-1)))
		goto out;

	/* If integrity check is required, do this. */
	if (esp->auth.icv_full_len) {
172
		u8 sum[alen];
L
Linus Torvalds 已提交
173

174 175 176 177 178
		err = esp_mac_digest(esp, skb, 0, skb->len - alen);
		if (err)
			goto out;

		if (skb_copy_bits(skb, skb->len - alen, sum, alen))
L
Linus Torvalds 已提交
179 180
			BUG();

181
		if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
L
Linus Torvalds 已提交
182 183 184 185 186 187 188 189 190 191
			x->stats.integrity_failed++;
			goto out;
		}
	}

	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0)
		goto out;

	skb->ip_summed = CHECKSUM_NONE;

192
	esph = (struct ip_esp_hdr *)skb->data;
L
Linus Torvalds 已提交
193 194 195

	/* Get ivec. This can be wrong, check against another impls. */
	if (esp->conf.ivlen)
196
		crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
L
Linus Torvalds 已提交
197

198
	sg = &esp->sgbuf[0];
L
Linus Torvalds 已提交
199

200 201 202 203 204
	if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
		sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
		if (!sg)
			goto out;
	}
205
	sg_init_table(sg, nfrags);
206
	skb_to_sgvec(skb, sg, sizeof(*esph) + esp->conf.ivlen, elen);
207
	err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
208 209
	if (unlikely(sg != &esp->sgbuf[0]))
		kfree(sg);
210 211
	if (unlikely(err))
		return err;
L
Linus Torvalds 已提交
212

213 214
	if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
		BUG();
L
Linus Torvalds 已提交
215

216 217 218
	padlen = nexthdr[0];
	if (padlen+2 >= elen)
		goto out;
L
Linus Torvalds 已提交
219

220
	/* ... check padding bits here. Silly. :-) */
L
Linus Torvalds 已提交
221

222
	iph = ip_hdr(skb);
223 224
	ihl = iph->ihl * 4;

225 226
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;
227
		struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);
228 229 230 231 232 233 234 235 236 237 238 239 240

		/*
		 * 1) if the NAT-T peer's IP or port changed then
		 *    advertize the change to the keying daemon.
		 *    This is an inbound SA, so just compare
		 *    SRC ports.
		 */
		if (iph->saddr != x->props.saddr.a4 ||
		    uh->source != encap->encap_sport) {
			xfrm_address_t ipaddr;

			ipaddr.a4 = iph->saddr;
			km_new_mapping(x, &ipaddr, uh->source);
241

242 243 244 245 246 247 248
			/* XXX: perhaps add an extra
			 * policy check here, to see
			 * if we should allow or
			 * reject a packet from a
			 * different source
			 * address/port.
			 */
L
Linus Torvalds 已提交
249
		}
250

251 252 253 254 255 256 257
		/*
		 * 2) ignore UDP/TCP checksums in case
		 *    of NAT-T in Transport Mode, or
		 *    perform other post-processing fixes
		 *    as per draft-ietf-ipsec-udp-encaps-06,
		 *    section 3.1.2
		 */
258
		if (x->props.mode == XFRM_MODE_TRANSPORT)
259
			skb->ip_summed = CHECKSUM_UNNECESSARY;
L
Linus Torvalds 已提交
260 261
	}

262
	pskb_trim(skb, skb->len - alen - padlen - 2);
263 264
	__skb_pull(skb, sizeof(*esph) + esp->conf.ivlen);
	skb_set_transport_header(skb, -ihl);
265

266
	return nexthdr[1];
L
Linus Torvalds 已提交
267 268 269 270 271

out:
	return -EINVAL;
}

272
static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
L
Linus Torvalds 已提交
273 274
{
	struct esp_data *esp = x->data;
275
	u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
276 277 278 279 280 281
	u32 align = max_t(u32, blksize, esp->conf.padlen);
	u32 rem;

	mtu -= x->props.header_len + esp->auth.icv_trunc_len;
	rem = mtu & (align - 1);
	mtu &= ~(align - 1);
D
Diego Beltrami 已提交
282 283 284 285 286 287 288

	switch (x->props.mode) {
	case XFRM_MODE_TUNNEL:
		break;
	default:
	case XFRM_MODE_TRANSPORT:
		/* The worst case */
289 290
		mtu -= blksize - 4;
		mtu += min_t(u32, blksize - 4, rem);
D
Diego Beltrami 已提交
291 292
		break;
	case XFRM_MODE_BEET:
293
		/* The worst case. */
294
		mtu += min_t(u32, IPV4_BEET_PHMAXLEN, rem);
D
Diego Beltrami 已提交
295
		break;
L
Linus Torvalds 已提交
296
	}
D
Diego Beltrami 已提交
297

298
	return mtu - 2;
L
Linus Torvalds 已提交
299 300 301 302 303 304 305 306
}

static void esp4_err(struct sk_buff *skb, u32 info)
{
	struct iphdr *iph = (struct iphdr*)skb->data;
	struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2));
	struct xfrm_state *x;

307 308
	if (icmp_hdr(skb)->type != ICMP_DEST_UNREACH ||
	    icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
L
Linus Torvalds 已提交
309 310 311 312 313
		return;

	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
	if (!x)
		return;
314 315
	NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
		 ntohl(esph->spi), ntohl(iph->daddr));
L
Linus Torvalds 已提交
316 317 318 319 320 321 322 323 324 325
	xfrm_state_put(x);
}

static void esp_destroy(struct xfrm_state *x)
{
	struct esp_data *esp = x->data;

	if (!esp)
		return;

326
	crypto_free_blkcipher(esp->conf.tfm);
327 328 329
	esp->conf.tfm = NULL;
	kfree(esp->conf.ivec);
	esp->conf.ivec = NULL;
330
	crypto_free_hash(esp->auth.tfm);
331 332 333
	esp->auth.tfm = NULL;
	kfree(esp->auth.work_icv);
	esp->auth.work_icv = NULL;
L
Linus Torvalds 已提交
334 335 336
	kfree(esp);
}

H
Herbert Xu 已提交
337
static int esp_init_state(struct xfrm_state *x)
L
Linus Torvalds 已提交
338 339
{
	struct esp_data *esp = NULL;
340
	struct crypto_blkcipher *tfm;
341
	u32 align;
L
Linus Torvalds 已提交
342 343 344 345

	if (x->ealg == NULL)
		goto error;

346
	esp = kzalloc(sizeof(*esp), GFP_KERNEL);
L
Linus Torvalds 已提交
347 348 349 350 351
	if (esp == NULL)
		return -ENOMEM;

	if (x->aalg) {
		struct xfrm_algo_desc *aalg_desc;
352
		struct crypto_hash *hash;
L
Linus Torvalds 已提交
353

354 355 356 357 358 359
		hash = crypto_alloc_hash(x->aalg->alg_name, 0,
					 CRYPTO_ALG_ASYNC);
		if (IS_ERR(hash))
			goto error;

		esp->auth.tfm = hash;
360 361
		if (crypto_hash_setkey(hash, x->aalg->alg_key,
				       (x->aalg->alg_key_len + 7) / 8))
L
Linus Torvalds 已提交
362 363 364 365 366 367
			goto error;

		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
		BUG_ON(!aalg_desc);

		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
368
		    crypto_hash_digestsize(hash)) {
369 370
			NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",
				 x->aalg->alg_name,
371
				 crypto_hash_digestsize(hash),
372
				 aalg_desc->uinfo.auth.icv_fullbits/8);
L
Linus Torvalds 已提交
373 374 375 376 377 378 379 380 381 382
			goto error;
		}

		esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
		esp->auth.icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;

		esp->auth.work_icv = kmalloc(esp->auth.icv_full_len, GFP_KERNEL);
		if (!esp->auth.work_icv)
			goto error;
	}
383

384 385
	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm))
L
Linus Torvalds 已提交
386
		goto error;
387 388
	esp->conf.tfm = tfm;
	esp->conf.ivlen = crypto_blkcipher_ivsize(tfm);
L
Linus Torvalds 已提交
389 390 391 392 393
	esp->conf.padlen = 0;
	if (esp->conf.ivlen) {
		esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
		if (unlikely(esp->conf.ivec == NULL))
			goto error;
394
		esp->conf.ivinitted = 0;
L
Linus Torvalds 已提交
395
	}
396 397
	if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
				    (x->ealg->alg_key_len + 7) / 8))
L
Linus Torvalds 已提交
398 399
		goto error;
	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
400
	if (x->props.mode == XFRM_MODE_TUNNEL)
L
Linus Torvalds 已提交
401
		x->props.header_len += sizeof(struct iphdr);
402 403
	else if (x->props.mode == XFRM_MODE_BEET)
		x->props.header_len += IPV4_BEET_PHMAXLEN;
L
Linus Torvalds 已提交
404 405 406 407 408 409 410 411 412 413 414 415 416 417 418
	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;

		switch (encap->encap_type) {
		default:
			goto error;
		case UDP_ENCAP_ESPINUDP:
			x->props.header_len += sizeof(struct udphdr);
			break;
		case UDP_ENCAP_ESPINUDP_NON_IKE:
			x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
			break;
		}
	}
	x->data = esp;
419 420 421 422
	align = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
	if (esp->conf.padlen)
		align = max_t(u32, align, esp->conf.padlen);
	x->props.trailer_len = align + 1 + esp->auth.icv_trunc_len;
L
Linus Torvalds 已提交
423 424 425 426 427 428 429 430 431 432 433 434 435 436
	return 0;

error:
	x->data = esp;
	esp_destroy(x);
	x->data = NULL;
	return -EINVAL;
}

static struct xfrm_type esp_type =
{
	.description	= "ESP4",
	.owner		= THIS_MODULE,
	.proto	     	= IPPROTO_ESP,
437
	.flags		= XFRM_TYPE_REPLAY_PROT,
L
Linus Torvalds 已提交
438 439
	.init_state	= esp_init_state,
	.destructor	= esp_destroy,
440
	.get_mtu	= esp4_get_mtu,
L
Linus Torvalds 已提交
441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475
	.input		= esp_input,
	.output		= esp_output
};

static struct net_protocol esp4_protocol = {
	.handler	=	xfrm4_rcv,
	.err_handler	=	esp4_err,
	.no_policy	=	1,
};

static int __init esp4_init(void)
{
	if (xfrm_register_type(&esp_type, AF_INET) < 0) {
		printk(KERN_INFO "ip esp init: can't add xfrm type\n");
		return -EAGAIN;
	}
	if (inet_add_protocol(&esp4_protocol, IPPROTO_ESP) < 0) {
		printk(KERN_INFO "ip esp init: can't add protocol\n");
		xfrm_unregister_type(&esp_type, AF_INET);
		return -EAGAIN;
	}
	return 0;
}

static void __exit esp4_fini(void)
{
	if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0)
		printk(KERN_INFO "ip esp close: can't remove protocol\n");
	if (xfrm_unregister_type(&esp_type, AF_INET) < 0)
		printk(KERN_INFO "ip esp close: can't remove xfrm type\n");
}

module_init(esp4_init);
module_exit(esp4_fini);
MODULE_LICENSE("GPL");
476
MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_ESP);