1 #include <linux/err.h> 2 #include <linux/module.h> 3 #include <net/ip.h> 4 #include <net/xfrm.h> 5 #include <net/esp.h> 6 #include <asm/scatterlist.h> 7 #include <linux/crypto.h> 8 #include <linux/kernel.h> 9 #include <linux/pfkeyv2.h> 10 #include <linux/random.h> 11 #include <net/icmp.h> 12 #include <net/protocol.h> 13 #include <net/udp.h> 14 15 static int esp_output(struct xfrm_state *x, struct sk_buff *skb) 16 { 17 int err; 18 struct iphdr *top_iph; 19 struct ip_esp_hdr *esph; 20 struct crypto_blkcipher *tfm; 21 struct blkcipher_desc desc; 22 struct esp_data *esp; 23 struct sk_buff *trailer; 24 int blksize; 25 int clen; 26 int alen; 27 int nfrags; 28 29 /* Strip IP+ESP header. */ 30 __skb_pull(skb, skb->h.raw - skb->data); 31 /* Now skb is pure payload to encrypt */ 32 33 err = -ENOMEM; 34 35 /* Round to block size */ 36 clen = skb->len; 37 38 esp = x->data; 39 alen = esp->auth.icv_trunc_len; 40 tfm = esp->conf.tfm; 41 desc.tfm = tfm; 42 desc.flags = 0; 43 blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); 44 clen = ALIGN(clen + 2, blksize); 45 if (esp->conf.padlen) 46 clen = ALIGN(clen, esp->conf.padlen); 47 48 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) 49 goto error; 50 51 /* Fill padding... */ 52 do { 53 int i; 54 for (i=0; i<clen-skb->len - 2; i++) 55 *(u8*)(trailer->tail + i) = i+1; 56 } while (0); 57 *(u8*)(trailer->tail + clen-skb->len - 2) = (clen - skb->len)-2; 58 pskb_put(skb, trailer, clen - skb->len); 59 60 __skb_push(skb, skb->data - skb->nh.raw); 61 top_iph = skb->nh.iph; 62 esph = (struct ip_esp_hdr *)(skb->nh.raw + top_iph->ihl*4); 63 top_iph->tot_len = htons(skb->len + alen); 64 *(u8*)(trailer->tail - 1) = top_iph->protocol; 65 66 /* this is non-NULL only with UDP Encapsulation */ 67 if (x->encap) { 68 struct xfrm_encap_tmpl *encap = x->encap; 69 struct udphdr *uh; 70 u32 *udpdata32; 71 72 uh = (struct udphdr *)esph; 73 uh->source = encap->encap_sport; 74 uh->dest = encap->encap_dport; 75 uh->len = htons(skb->len + alen - top_iph->ihl*4); 76 uh->check = 0; 77 78 switch (encap->encap_type) { 79 default: 80 case UDP_ENCAP_ESPINUDP: 81 esph = (struct ip_esp_hdr *)(uh + 1); 82 break; 83 case UDP_ENCAP_ESPINUDP_NON_IKE: 84 udpdata32 = (u32 *)(uh + 1); 85 udpdata32[0] = udpdata32[1] = 0; 86 esph = (struct ip_esp_hdr *)(udpdata32 + 2); 87 break; 88 } 89 90 top_iph->protocol = IPPROTO_UDP; 91 } else 92 top_iph->protocol = IPPROTO_ESP; 93 94 esph->spi = x->id.spi; 95 esph->seq_no = htonl(++x->replay.oseq); 96 xfrm_aevent_doreplay(x); 97 98 if (esp->conf.ivlen) 99 crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); 100 101 do { 102 struct scatterlist *sg = &esp->sgbuf[0]; 103 104 if (unlikely(nfrags > ESP_NUM_FAST_SG)) { 105 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); 106 if (!sg) 107 goto error; 108 } 109 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); 110 err = crypto_blkcipher_encrypt(&desc, sg, sg, clen); 111 if (unlikely(sg != &esp->sgbuf[0])) 112 kfree(sg); 113 } while (0); 114 115 if (unlikely(err)) 116 goto error; 117 118 if (esp->conf.ivlen) { 119 memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen); 120 crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen); 121 } 122 123 if (esp->auth.icv_full_len) { 124 err = esp_mac_digest(esp, skb, (u8 *)esph - skb->data, 125 sizeof(*esph) + esp->conf.ivlen + clen); 126 memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen); 127 } 128 129 ip_send_check(top_iph); 130 131 error: 132 return err; 133 } 134 135 /* 136 * Note: detecting truncated vs. non-truncated authentication data is very 137 * expensive, so we only support truncated data, which is the recommended 138 * and common case. 139 */ 140 static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 141 { 142 struct iphdr *iph; 143 struct ip_esp_hdr *esph; 144 struct esp_data *esp = x->data; 145 struct crypto_blkcipher *tfm = esp->conf.tfm; 146 struct blkcipher_desc desc = { .tfm = tfm }; 147 struct sk_buff *trailer; 148 int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); 149 int alen = esp->auth.icv_trunc_len; 150 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; 151 int nfrags; 152 int ihl; 153 u8 nexthdr[2]; 154 struct scatterlist *sg; 155 int padlen; 156 int err; 157 158 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) 159 goto out; 160 161 if (elen <= 0 || (elen & (blksize-1))) 162 goto out; 163 164 /* If integrity check is required, do this. */ 165 if (esp->auth.icv_full_len) { 166 u8 sum[alen]; 167 168 err = esp_mac_digest(esp, skb, 0, skb->len - alen); 169 if (err) 170 goto out; 171 172 if (skb_copy_bits(skb, skb->len - alen, sum, alen)) 173 BUG(); 174 175 if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) { 176 x->stats.integrity_failed++; 177 goto out; 178 } 179 } 180 181 if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) 182 goto out; 183 184 skb->ip_summed = CHECKSUM_NONE; 185 186 esph = (struct ip_esp_hdr*)skb->data; 187 188 /* Get ivec. This can be wrong, check against another impls. */ 189 if (esp->conf.ivlen) 190 crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen); 191 192 sg = &esp->sgbuf[0]; 193 194 if (unlikely(nfrags > ESP_NUM_FAST_SG)) { 195 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); 196 if (!sg) 197 goto out; 198 } 199 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); 200 err = crypto_blkcipher_decrypt(&desc, sg, sg, elen); 201 if (unlikely(sg != &esp->sgbuf[0])) 202 kfree(sg); 203 if (unlikely(err)) 204 return err; 205 206 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) 207 BUG(); 208 209 padlen = nexthdr[0]; 210 if (padlen+2 >= elen) 211 goto out; 212 213 /* ... check padding bits here. Silly. :-) */ 214 215 iph = skb->nh.iph; 216 ihl = iph->ihl * 4; 217 218 if (x->encap) { 219 struct xfrm_encap_tmpl *encap = x->encap; 220 struct udphdr *uh = (void *)(skb->nh.raw + ihl); 221 222 /* 223 * 1) if the NAT-T peer's IP or port changed then 224 * advertize the change to the keying daemon. 225 * This is an inbound SA, so just compare 226 * SRC ports. 227 */ 228 if (iph->saddr != x->props.saddr.a4 || 229 uh->source != encap->encap_sport) { 230 xfrm_address_t ipaddr; 231 232 ipaddr.a4 = iph->saddr; 233 km_new_mapping(x, &ipaddr, uh->source); 234 235 /* XXX: perhaps add an extra 236 * policy check here, to see 237 * if we should allow or 238 * reject a packet from a 239 * different source 240 * address/port. 241 */ 242 } 243 244 /* 245 * 2) ignore UDP/TCP checksums in case 246 * of NAT-T in Transport Mode, or 247 * perform other post-processing fixes 248 * as per draft-ietf-ipsec-udp-encaps-06, 249 * section 3.1.2 250 */ 251 if (!x->props.mode) 252 skb->ip_summed = CHECKSUM_UNNECESSARY; 253 } 254 255 iph->protocol = nexthdr[1]; 256 pskb_trim(skb, skb->len - alen - padlen - 2); 257 skb->h.raw = __skb_pull(skb, sizeof(*esph) + esp->conf.ivlen) - ihl; 258 259 return 0; 260 261 out: 262 return -EINVAL; 263 } 264 265 static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) 266 { 267 struct esp_data *esp = x->data; 268 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); 269 270 if (x->props.mode) { 271 mtu = ALIGN(mtu + 2, blksize); 272 } else { 273 /* The worst case. */ 274 mtu = ALIGN(mtu + 2, 4) + blksize - 4; 275 } 276 if (esp->conf.padlen) 277 mtu = ALIGN(mtu, esp->conf.padlen); 278 279 return mtu + x->props.header_len + esp->auth.icv_trunc_len; 280 } 281 282 static void esp4_err(struct sk_buff *skb, u32 info) 283 { 284 struct iphdr *iph = (struct iphdr*)skb->data; 285 struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2)); 286 struct xfrm_state *x; 287 288 if (skb->h.icmph->type != ICMP_DEST_UNREACH || 289 skb->h.icmph->code != ICMP_FRAG_NEEDED) 290 return; 291 292 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); 293 if (!x) 294 return; 295 NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n", 296 ntohl(esph->spi), ntohl(iph->daddr)); 297 xfrm_state_put(x); 298 } 299 300 static void esp_destroy(struct xfrm_state *x) 301 { 302 struct esp_data *esp = x->data; 303 304 if (!esp) 305 return; 306 307 crypto_free_blkcipher(esp->conf.tfm); 308 esp->conf.tfm = NULL; 309 kfree(esp->conf.ivec); 310 esp->conf.ivec = NULL; 311 crypto_free_hash(esp->auth.tfm); 312 esp->auth.tfm = NULL; 313 kfree(esp->auth.work_icv); 314 esp->auth.work_icv = NULL; 315 kfree(esp); 316 } 317 318 static int esp_init_state(struct xfrm_state *x) 319 { 320 struct esp_data *esp = NULL; 321 struct crypto_blkcipher *tfm; 322 323 /* null auth and encryption can have zero length keys */ 324 if (x->aalg) { 325 if (x->aalg->alg_key_len > 512) 326 goto error; 327 } 328 if (x->ealg == NULL) 329 goto error; 330 331 esp = kzalloc(sizeof(*esp), GFP_KERNEL); 332 if (esp == NULL) 333 return -ENOMEM; 334 335 if (x->aalg) { 336 struct xfrm_algo_desc *aalg_desc; 337 struct crypto_hash *hash; 338 339 esp->auth.key = x->aalg->alg_key; 340 esp->auth.key_len = (x->aalg->alg_key_len+7)/8; 341 hash = crypto_alloc_hash(x->aalg->alg_name, 0, 342 CRYPTO_ALG_ASYNC); 343 if (IS_ERR(hash)) 344 goto error; 345 346 esp->auth.tfm = hash; 347 if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) 348 goto error; 349 350 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 351 BUG_ON(!aalg_desc); 352 353 if (aalg_desc->uinfo.auth.icv_fullbits/8 != 354 crypto_hash_digestsize(hash)) { 355 NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n", 356 x->aalg->alg_name, 357 crypto_hash_digestsize(hash), 358 aalg_desc->uinfo.auth.icv_fullbits/8); 359 goto error; 360 } 361 362 esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 363 esp->auth.icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8; 364 365 esp->auth.work_icv = kmalloc(esp->auth.icv_full_len, GFP_KERNEL); 366 if (!esp->auth.work_icv) 367 goto error; 368 } 369 esp->conf.key = x->ealg->alg_key; 370 esp->conf.key_len = (x->ealg->alg_key_len+7)/8; 371 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); 372 if (IS_ERR(tfm)) 373 goto error; 374 esp->conf.tfm = tfm; 375 esp->conf.ivlen = crypto_blkcipher_ivsize(tfm); 376 esp->conf.padlen = 0; 377 if (esp->conf.ivlen) { 378 esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); 379 if (unlikely(esp->conf.ivec == NULL)) 380 goto error; 381 get_random_bytes(esp->conf.ivec, esp->conf.ivlen); 382 } 383 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 384 goto error; 385 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 386 if (x->props.mode) 387 x->props.header_len += sizeof(struct iphdr); 388 if (x->encap) { 389 struct xfrm_encap_tmpl *encap = x->encap; 390 391 switch (encap->encap_type) { 392 default: 393 goto error; 394 case UDP_ENCAP_ESPINUDP: 395 x->props.header_len += sizeof(struct udphdr); 396 break; 397 case UDP_ENCAP_ESPINUDP_NON_IKE: 398 x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32); 399 break; 400 } 401 } 402 x->data = esp; 403 x->props.trailer_len = esp4_get_max_size(x, 0) - x->props.header_len; 404 return 0; 405 406 error: 407 x->data = esp; 408 esp_destroy(x); 409 x->data = NULL; 410 return -EINVAL; 411 } 412 413 static struct xfrm_type esp_type = 414 { 415 .description = "ESP4", 416 .owner = THIS_MODULE, 417 .proto = IPPROTO_ESP, 418 .init_state = esp_init_state, 419 .destructor = esp_destroy, 420 .get_max_size = esp4_get_max_size, 421 .input = esp_input, 422 .output = esp_output 423 }; 424 425 static struct net_protocol esp4_protocol = { 426 .handler = xfrm4_rcv, 427 .err_handler = esp4_err, 428 .no_policy = 1, 429 }; 430 431 static int __init esp4_init(void) 432 { 433 if (xfrm_register_type(&esp_type, AF_INET) < 0) { 434 printk(KERN_INFO "ip esp init: can't add xfrm type\n"); 435 return -EAGAIN; 436 } 437 if (inet_add_protocol(&esp4_protocol, IPPROTO_ESP) < 0) { 438 printk(KERN_INFO "ip esp init: can't add protocol\n"); 439 xfrm_unregister_type(&esp_type, AF_INET); 440 return -EAGAIN; 441 } 442 return 0; 443 } 444 445 static void __exit esp4_fini(void) 446 { 447 if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0) 448 printk(KERN_INFO "ip esp close: can't remove protocol\n"); 449 if (xfrm_unregister_type(&esp_type, AF_INET) < 0) 450 printk(KERN_INFO "ip esp close: can't remove xfrm type\n"); 451 } 452 453 module_init(esp4_init); 454 module_exit(esp4_fini); 455 MODULE_LICENSE("GPL"); 456