1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * xfrm algorithm interface
5 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 #include <crypto/hash.h>
9 #include <crypto/skcipher.h>
10 #include <linux/module.h>
11 #include <linux/kernel.h>
12 #include <linux/pfkeyv2.h>
13 #include <linux/crypto.h>
14 #include <linux/scatterlist.h>
16 #if IS_ENABLED(CONFIG_INET_ESP) || IS_ENABLED(CONFIG_INET6_ESP)
21 * Algorithms supported by IPsec. These entries contain properties which
22 * are used in key negotiation and xfrm processing, and are used to verify
23 * that instantiated crypto transforms have correct parameters for IPsec
26 static struct xfrm_algo_desc aead_list[] = {
28 .name = "rfc4106(gcm(aes))",
40 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV8,
42 .sadb_alg_minbits = 128,
43 .sadb_alg_maxbits = 256
47 .name = "rfc4106(gcm(aes))",
59 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV12,
61 .sadb_alg_minbits = 128,
62 .sadb_alg_maxbits = 256
66 .name = "rfc4106(gcm(aes))",
78 .sadb_alg_id = SADB_X_EALG_AES_GCM_ICV16,
80 .sadb_alg_minbits = 128,
81 .sadb_alg_maxbits = 256
85 .name = "rfc4309(ccm(aes))",
97 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV8,
99 .sadb_alg_minbits = 128,
100 .sadb_alg_maxbits = 256
104 .name = "rfc4309(ccm(aes))",
113 .pfkey_supported = 1,
116 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV12,
118 .sadb_alg_minbits = 128,
119 .sadb_alg_maxbits = 256
123 .name = "rfc4309(ccm(aes))",
128 .icv_truncbits = 128,
132 .pfkey_supported = 1,
135 .sadb_alg_id = SADB_X_EALG_AES_CCM_ICV16,
137 .sadb_alg_minbits = 128,
138 .sadb_alg_maxbits = 256
142 .name = "rfc4543(gcm(aes))",
147 .icv_truncbits = 128,
151 .pfkey_supported = 1,
154 .sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC,
156 .sadb_alg_minbits = 128,
157 .sadb_alg_maxbits = 256
161 .name = "rfc7539esp(chacha20,poly1305)",
166 .icv_truncbits = 128,
170 .pfkey_supported = 0,
174 static struct xfrm_algo_desc aalg_list[] = {
176 .name = "digest_null",
185 .pfkey_supported = 1,
188 .sadb_alg_id = SADB_X_AALG_NULL,
190 .sadb_alg_minbits = 0,
191 .sadb_alg_maxbits = 0
205 .pfkey_supported = 1,
208 .sadb_alg_id = SADB_AALG_MD5HMAC,
210 .sadb_alg_minbits = 128,
211 .sadb_alg_maxbits = 128
215 .name = "hmac(sha1)",
225 .pfkey_supported = 1,
228 .sadb_alg_id = SADB_AALG_SHA1HMAC,
230 .sadb_alg_minbits = 160,
231 .sadb_alg_maxbits = 160
235 .name = "hmac(sha256)",
245 .pfkey_supported = 1,
248 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
250 .sadb_alg_minbits = 256,
251 .sadb_alg_maxbits = 256
255 .name = "hmac(sha384)",
259 .icv_truncbits = 192,
264 .pfkey_supported = 1,
267 .sadb_alg_id = SADB_X_AALG_SHA2_384HMAC,
269 .sadb_alg_minbits = 384,
270 .sadb_alg_maxbits = 384
274 .name = "hmac(sha512)",
278 .icv_truncbits = 256,
283 .pfkey_supported = 1,
286 .sadb_alg_id = SADB_X_AALG_SHA2_512HMAC,
288 .sadb_alg_minbits = 512,
289 .sadb_alg_maxbits = 512
293 .name = "hmac(rmd160)",
303 .pfkey_supported = 1,
306 .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC,
308 .sadb_alg_minbits = 160,
309 .sadb_alg_maxbits = 160
322 .pfkey_supported = 1,
325 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
327 .sadb_alg_minbits = 128,
328 .sadb_alg_maxbits = 128
342 .pfkey_supported = 0,
346 static struct xfrm_algo_desc ealg_list[] = {
348 .name = "ecb(cipher_null)",
349 .compat = "cipher_null",
358 .pfkey_supported = 1,
361 .sadb_alg_id = SADB_EALG_NULL,
363 .sadb_alg_minbits = 0,
364 .sadb_alg_maxbits = 0
379 .pfkey_supported = 1,
382 .sadb_alg_id = SADB_EALG_DESCBC,
384 .sadb_alg_minbits = 64,
385 .sadb_alg_maxbits = 64
389 .name = "cbc(des3_ede)",
390 .compat = "des3_ede",
400 .pfkey_supported = 1,
403 .sadb_alg_id = SADB_EALG_3DESCBC,
405 .sadb_alg_minbits = 192,
406 .sadb_alg_maxbits = 192
410 .name = "cbc(cast5)",
421 .pfkey_supported = 1,
424 .sadb_alg_id = SADB_X_EALG_CASTCBC,
426 .sadb_alg_minbits = 40,
427 .sadb_alg_maxbits = 128
431 .name = "cbc(blowfish)",
432 .compat = "blowfish",
442 .pfkey_supported = 1,
445 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
447 .sadb_alg_minbits = 40,
448 .sadb_alg_maxbits = 448
463 .pfkey_supported = 1,
466 .sadb_alg_id = SADB_X_EALG_AESCBC,
468 .sadb_alg_minbits = 128,
469 .sadb_alg_maxbits = 256
473 .name = "cbc(serpent)",
484 .pfkey_supported = 1,
487 .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
489 .sadb_alg_minbits = 128,
490 .sadb_alg_maxbits = 256,
494 .name = "cbc(camellia)",
495 .compat = "camellia",
505 .pfkey_supported = 1,
508 .sadb_alg_id = SADB_X_EALG_CAMELLIACBC,
510 .sadb_alg_minbits = 128,
511 .sadb_alg_maxbits = 256
515 .name = "cbc(twofish)",
526 .pfkey_supported = 1,
529 .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
531 .sadb_alg_minbits = 128,
532 .sadb_alg_maxbits = 256
536 .name = "rfc3686(ctr(aes))",
542 .defkeybits = 160, /* 128-bit key + 32-bit nonce */
546 .pfkey_supported = 1,
549 .sadb_alg_id = SADB_X_EALG_AESCTR,
551 .sadb_alg_minbits = 160,
552 .sadb_alg_maxbits = 288
557 static struct xfrm_algo_desc calg_list[] = {
565 .pfkey_supported = 1,
566 .desc = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
575 .pfkey_supported = 1,
576 .desc = { .sadb_alg_id = SADB_X_CALG_LZS }
585 .pfkey_supported = 1,
586 .desc = { .sadb_alg_id = SADB_X_CALG_LZJH }
590 static inline int aalg_entries(void)
592 return ARRAY_SIZE(aalg_list);
595 static inline int ealg_entries(void)
597 return ARRAY_SIZE(ealg_list);
600 static inline int calg_entries(void)
602 return ARRAY_SIZE(calg_list);
605 struct xfrm_algo_list {
606 struct xfrm_algo_desc *algs;
612 static const struct xfrm_algo_list xfrm_aead_list = {
614 .entries = ARRAY_SIZE(aead_list),
615 .type = CRYPTO_ALG_TYPE_AEAD,
616 .mask = CRYPTO_ALG_TYPE_MASK,
619 static const struct xfrm_algo_list xfrm_aalg_list = {
621 .entries = ARRAY_SIZE(aalg_list),
622 .type = CRYPTO_ALG_TYPE_HASH,
623 .mask = CRYPTO_ALG_TYPE_HASH_MASK,
626 static const struct xfrm_algo_list xfrm_ealg_list = {
628 .entries = ARRAY_SIZE(ealg_list),
629 .type = CRYPTO_ALG_TYPE_SKCIPHER,
630 .mask = CRYPTO_ALG_TYPE_MASK,
633 static const struct xfrm_algo_list xfrm_calg_list = {
635 .entries = ARRAY_SIZE(calg_list),
636 .type = CRYPTO_ALG_TYPE_COMPRESS,
637 .mask = CRYPTO_ALG_TYPE_MASK,
640 static struct xfrm_algo_desc *xfrm_find_algo(
641 const struct xfrm_algo_list *algo_list,
642 int match(const struct xfrm_algo_desc *entry, const void *data),
643 const void *data, int probe)
645 struct xfrm_algo_desc *list = algo_list->algs;
648 for (i = 0; i < algo_list->entries; i++) {
649 if (!match(list + i, data))
652 if (list[i].available)
658 status = crypto_has_alg(list[i].name, algo_list->type,
663 list[i].available = status;
669 static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,
672 return entry->desc.sadb_alg_id == (unsigned long)data;
675 struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)
677 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,
678 (void *)(unsigned long)alg_id, 1);
680 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
682 struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)
684 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,
685 (void *)(unsigned long)alg_id, 1);
687 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
689 struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)
691 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,
692 (void *)(unsigned long)alg_id, 1);
694 EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
696 static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,
699 const char *name = data;
701 return name && (!strcmp(name, entry->name) ||
702 (entry->compat && !strcmp(name, entry->compat)));
705 struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)
707 return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,
710 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
712 struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)
714 return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,
717 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
719 struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)
721 return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,
724 EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
726 struct xfrm_aead_name {
731 static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,
734 const struct xfrm_aead_name *aead = data;
735 const char *name = aead->name;
737 return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&
738 !strcmp(name, entry->name);
741 struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)
743 struct xfrm_aead_name data = {
748 return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,
751 EXPORT_SYMBOL_GPL(xfrm_aead_get_byname);
753 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
755 if (idx >= aalg_entries())
758 return &aalg_list[idx];
760 EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
762 struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
764 if (idx >= ealg_entries())
767 return &ealg_list[idx];
769 EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
772 * Probe for the availability of crypto algorithms, and set the available
773 * flag for any algorithms found on the system. This is typically called by
774 * pfkey during userspace SA add, update or register.
776 void xfrm_probe_algs(void)
780 BUG_ON(in_softirq());
782 for (i = 0; i < aalg_entries(); i++) {
783 status = crypto_has_ahash(aalg_list[i].name, 0, 0);
784 if (aalg_list[i].available != status)
785 aalg_list[i].available = status;
788 for (i = 0; i < ealg_entries(); i++) {
789 status = crypto_has_skcipher(ealg_list[i].name, 0, 0);
790 if (ealg_list[i].available != status)
791 ealg_list[i].available = status;
794 for (i = 0; i < calg_entries(); i++) {
795 status = crypto_has_comp(calg_list[i].name, 0,
797 if (calg_list[i].available != status)
798 calg_list[i].available = status;
801 EXPORT_SYMBOL_GPL(xfrm_probe_algs);
803 int xfrm_count_pfkey_auth_supported(void)
807 for (i = 0, n = 0; i < aalg_entries(); i++)
808 if (aalg_list[i].available && aalg_list[i].pfkey_supported)
812 EXPORT_SYMBOL_GPL(xfrm_count_pfkey_auth_supported);
814 int xfrm_count_pfkey_enc_supported(void)
818 for (i = 0, n = 0; i < ealg_entries(); i++)
819 if (ealg_list[i].available && ealg_list[i].pfkey_supported)
823 EXPORT_SYMBOL_GPL(xfrm_count_pfkey_enc_supported);
825 MODULE_LICENSE("GPL");
projects / linux-2.6-microblaze.git / blob