Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
3bab27b6
Commit
3bab27b6
authored
Jan 08, 2003
by
James Morris
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPSEC]: Clean up key manager algorithm handling.
parent
e55ee9fd
Changes
7
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
597 additions
and
221 deletions
+597
-221
include/linux/pfkeyv2.h
include/linux/pfkeyv2.h
+17
-9
include/net/xfrm.h
include/net/xfrm.h
+41
-0
net/ipv4/Makefile
net/ipv4/Makefile
+1
-1
net/ipv4/ah.c
net/ipv4/ah.c
+75
-43
net/ipv4/xfrm_algo.c
net/ipv4/xfrm_algo.c
+348
-0
net/key/af_key.c
net/key/af_key.c
+106
-168
net/netsyms.c
net/netsyms.c
+9
-0
No files found.
include/linux/pfkeyv2.h
View file @
3bab27b6
...
@@ -242,17 +242,25 @@ struct sadb_x_ipsecrequest {
...
@@ -242,17 +242,25 @@ struct sadb_x_ipsecrequest {
#define SADB_SATYPE_MAX 9
#define SADB_SATYPE_MAX 9
/* Authentication algorithms */
/* Authentication algorithms */
#define SADB_AALG_NONE 0
#define SADB_AALG_NONE 0
#define SADB_AALG_MD5HMAC 2
#define SADB_AALG_MD5HMAC 2
#define SADB_AALG_SHA1HMAC 3
#define SADB_AALG_SHA1HMAC 3
#define SADB_AALG_MAX 3
#define SADB_X_AALG_SHA2_256HMAC 5
#define SADB_X_AALG_SHA2_384HMAC 6
#define SADB_X_AALG_SHA2_512HMAC 7
#define SADB_X_AALG_RIPEMD160HMAC 8
#define SADB_X_AALG_NULL 251
/* kame */
#define SADB_AALG_MAX 251
/* Encryption algorithms */
/* Encryption algorithms */
#define SADB_EALG_NONE 0
#define SADB_EALG_NONE 0
#define SADB_EALG_DESCBC 1
#define SADB_EALG_DESCBC 1
#define SADB_EALG_3DESCBC 2
#define SADB_EALG_3DESCBC 2
#define SADB_EALG_NULL 11
#define SADB_X_EALG_CASTCBC 6
#define SADB_EALG_MAX 11
#define SADB_X_EALG_BLOWFISHCBC 7
#define SADB_EALG_NULL 11
#define SADB_X_EALG_AESCBC 12
#define SADB_EALG_MAX 12
/* Extension Header values */
/* Extension Header values */
#define SADB_EXT_RESERVED 0
#define SADB_EXT_RESERVED 0
...
...
include/net/xfrm.h
View file @
3bab27b6
#ifndef _NET_XFRM_H
#define _NET_XFRM_H
#include <linux/xfrm.h>
#include <linux/xfrm.h>
#include <linux/spinlock.h>
#include <linux/spinlock.h>
#include <linux/list.h>
#include <linux/list.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/netdevice.h>
#include <linux/crypto.h>
#include <linux/crypto.h>
#include <linux/pfkeyv2.h>
#include <net/dst.h>
#include <net/dst.h>
#include <net/route.h>
#include <net/route.h>
#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
extern
struct
semaphore
xfrm_cfg_sem
;
extern
struct
semaphore
xfrm_cfg_sem
;
/* Organization of SPD aka "XFRM rules"
/* Organization of SPD aka "XFRM rules"
...
@@ -347,6 +353,29 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
...
@@ -347,6 +353,29 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
}
}
}
}
/*
* xfrm algorithm information
*/
struct
xfrm_algo_auth_info
{
u16
icv_truncbits
;
u16
icv_fullbits
;
};
struct
xfrm_algo_encr_info
{
u16
blockbits
;
u16
defkeybits
;
};
struct
xfrm_algo_desc
{
char
*
name
;
u8
available
:
1
;
union
{
struct
xfrm_algo_auth_info
auth
;
struct
xfrm_algo_encr_info
encr
;
}
uinfo
;
struct
sadb_alg
desc
;
};
extern
void
xfrm_state_init
(
void
);
extern
void
xfrm_state_init
(
void
);
extern
void
xfrm_input_init
(
void
);
extern
void
xfrm_input_init
(
void
);
extern
int
xfrm_state_walk
(
u8
proto
,
int
(
*
func
)(
struct
xfrm_state
*
,
int
,
void
*
),
void
*
);
extern
int
xfrm_state_walk
(
u8
proto
,
int
(
*
func
)(
struct
xfrm_state
*
,
int
,
void
*
),
void
*
);
...
@@ -385,3 +414,15 @@ extern wait_queue_head_t km_waitq;
...
@@ -385,3 +414,15 @@ extern wait_queue_head_t km_waitq;
extern
void
km_warn_expired
(
struct
xfrm_state
*
x
);
extern
void
km_warn_expired
(
struct
xfrm_state
*
x
);
extern
void
km_expired
(
struct
xfrm_state
*
x
);
extern
void
km_expired
(
struct
xfrm_state
*
x
);
extern
int
km_query
(
struct
xfrm_state
*
x
,
struct
xfrm_tmpl
*
,
struct
xfrm_policy
*
pol
);
extern
int
km_query
(
struct
xfrm_state
*
x
,
struct
xfrm_tmpl
*
,
struct
xfrm_policy
*
pol
);
extern
void
xfrm_probe_algs
(
void
);
extern
int
xfrm_count_auth_supported
(
void
);
extern
int
xfrm_count_enc_supported
(
void
);
extern
struct
xfrm_algo_desc
*
xfrm_aalg_get_byidx
(
unsigned
int
idx
);
extern
struct
xfrm_algo_desc
*
xfrm_ealg_get_byidx
(
unsigned
int
idx
);
extern
struct
xfrm_algo_desc
*
xfrm_aalg_get_byid
(
int
alg_id
);
extern
struct
xfrm_algo_desc
*
xfrm_ealg_get_byid
(
int
alg_id
);
extern
struct
xfrm_algo_desc
*
xfrm_aalg_get_byname
(
char
*
name
);
extern
struct
xfrm_algo_desc
*
xfrm_ealg_get_byname
(
char
*
name
);
#endif
/* _NET_XFRM_H */
net/ipv4/Makefile
View file @
3bab27b6
...
@@ -22,4 +22,4 @@ obj-$(CONFIG_IP_PNP) += ipconfig.o
...
@@ -22,4 +22,4 @@ obj-$(CONFIG_IP_PNP) += ipconfig.o
obj-$(CONFIG_NETFILTER)
+=
netfilter/
obj-$(CONFIG_NETFILTER)
+=
netfilter/
obj-$(CONFIG_XFRM_USER)
+=
xfrm_user.o
obj-$(CONFIG_XFRM_USER)
+=
xfrm_user.o
obj-y
+=
xfrm_policy.o xfrm_state.o xfrm_input.o
obj-y
+=
xfrm_policy.o xfrm_state.o xfrm_input.o
xfrm_algo.o
net/ipv4/ah.c
View file @
3bab27b6
...
@@ -7,26 +7,31 @@
...
@@ -7,26 +7,31 @@
#include <net/icmp.h>
#include <net/icmp.h>
#include <asm/scatterlist.h>
#include <asm/scatterlist.h>
#define AH_HLEN_NOICV 12
typedef
void
(
icv_update_fn_t
)(
struct
crypto_tfm
*
,
struct
scatterlist
*
,
unsigned
int
);
struct
ah_data
struct
ah_data
{
{
u8
*
key
;
u8
*
key
;
int
key_len
;
int
key_len
;
u8
*
work_digest
;
u8
*
work_icv
;
int
digest_len
;
int
icv_full_len
;
int
icv_trunc_len
;
void
(
*
digest
)(
struct
ah_data
*
,
void
(
*
icv
)(
struct
ah_data
*
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
u8
*
icv
);
u8
*
digest
);
struct
crypto_tfm
*
tfm
;
struct
crypto_tfm
*
tfm
;
};
};
/* Clear mutable options and find final destination to substitute
/* Clear mutable options and find final destination to substitute
* into IP header for
digest
calculation. Options are already checked
* into IP header for
icv
calculation. Options are already checked
* for validity, so paranoia is not required. */
* for validity, so paranoia is not required. */
int
ip_clear_mutable_options
(
struct
iphdr
*
iph
,
u32
*
daddr
)
static
int
ip_clear_mutable_options
(
struct
iphdr
*
iph
,
u32
*
daddr
)
{
{
unsigned
char
*
optptr
=
(
unsigned
char
*
)(
iph
+
1
);
unsigned
char
*
optptr
=
(
unsigned
char
*
)(
iph
+
1
);
int
l
=
iph
->
ihl
*
4
-
20
;
int
l
=
iph
->
ihl
*
4
-
20
;
...
@@ -66,7 +71,8 @@ int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
...
@@ -66,7 +71,8 @@ int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
return
0
;
return
0
;
}
}
void
skb_ah_walk
(
const
struct
sk_buff
*
skb
,
struct
crypto_tfm
*
tfm
)
static
void
skb_ah_walk
(
const
struct
sk_buff
*
skb
,
struct
crypto_tfm
*
tfm
,
icv_update_fn_t
icv_update
)
{
{
int
offset
=
0
;
int
offset
=
0
;
int
len
=
skb
->
len
;
int
len
=
skb
->
len
;
...
@@ -83,7 +89,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
...
@@ -83,7 +89,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
sg
.
offset
=
(
unsigned
long
)(
skb
->
data
+
offset
)
%
PAGE_SIZE
;
sg
.
offset
=
(
unsigned
long
)(
skb
->
data
+
offset
)
%
PAGE_SIZE
;
sg
.
length
=
copy
;
sg
.
length
=
copy
;
crypto_hmac
_update
(
tfm
,
&
sg
,
1
);
icv
_update
(
tfm
,
&
sg
,
1
);
if
((
len
-=
copy
)
==
0
)
if
((
len
-=
copy
)
==
0
)
return
;
return
;
...
@@ -106,7 +112,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
...
@@ -106,7 +112,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
sg
.
offset
=
frag
->
page_offset
+
offset
-
start
;
sg
.
offset
=
frag
->
page_offset
+
offset
-
start
;
sg
.
length
=
copy
;
sg
.
length
=
copy
;
crypto_hmac
_update
(
tfm
,
&
sg
,
1
);
icv
_update
(
tfm
,
&
sg
,
1
);
if
(
!
(
len
-=
copy
))
if
(
!
(
len
-=
copy
))
return
;
return
;
...
@@ -127,7 +133,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
...
@@ -127,7 +133,7 @@ void skb_ah_walk(const struct sk_buff *skb, struct crypto_tfm *tfm)
if
((
copy
=
end
-
offset
)
>
0
)
{
if
((
copy
=
end
-
offset
)
>
0
)
{
if
(
copy
>
len
)
if
(
copy
>
len
)
copy
=
len
;
copy
=
len
;
skb_ah_walk
(
list
,
tfm
);
skb_ah_walk
(
list
,
tfm
,
icv_update
);
if
((
len
-=
copy
)
==
0
)
if
((
len
-=
copy
)
==
0
)
return
;
return
;
offset
+=
copy
;
offset
+=
copy
;
...
@@ -144,14 +150,14 @@ ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)
...
@@ -144,14 +150,14 @@ ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)
{
{
struct
crypto_tfm
*
tfm
=
ahp
->
tfm
;
struct
crypto_tfm
*
tfm
=
ahp
->
tfm
;
memset
(
auth_data
,
0
,
ahp
->
digest
_len
);
memset
(
auth_data
,
0
,
ahp
->
icv_trunc
_len
);
crypto_hmac_init
(
tfm
,
ahp
->
key
,
&
ahp
->
key_len
);
crypto_hmac_init
(
tfm
,
ahp
->
key
,
&
ahp
->
key_len
);
skb_ah_walk
(
skb
,
tfm
);
skb_ah_walk
(
skb
,
tfm
,
crypto_hmac_update
);
crypto_hmac_final
(
tfm
,
ahp
->
key
,
&
ahp
->
key_len
,
ahp
->
work_
digest
);
crypto_hmac_final
(
tfm
,
ahp
->
key
,
&
ahp
->
key_len
,
ahp
->
work_
icv
);
memcpy
(
auth_data
,
ahp
->
work_
digest
,
ahp
->
digest
_len
);
memcpy
(
auth_data
,
ahp
->
work_
icv
,
ahp
->
icv_trunc
_len
);
}
}
int
ah_output
(
struct
sk_buff
*
skb
)
static
int
ah_output
(
struct
sk_buff
*
skb
)
{
{
int
err
;
int
err
;
struct
dst_entry
*
dst
=
skb
->
dst
;
struct
dst_entry
*
dst
=
skb
->
dst
;
...
@@ -210,11 +216,13 @@ int ah_output(struct sk_buff *skb)
...
@@ -210,11 +216,13 @@ int ah_output(struct sk_buff *skb)
ah
->
nexthdr
=
iph
->
protocol
;
ah
->
nexthdr
=
iph
->
protocol
;
}
}
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah
->
hdrlen
=
(((
ahp
->
digest_len
+
12
+
7
)
&~
7
)
>>
2
)
-
2
;
ah
->
hdrlen
=
(
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
)
>>
2
)
-
2
;
ah
->
reserved
=
0
;
ah
->
reserved
=
0
;
ah
->
spi
=
x
->
id
.
spi
;
ah
->
spi
=
x
->
id
.
spi
;
ah
->
seq_no
=
htonl
(
++
x
->
replay
.
oseq
);
ah
->
seq_no
=
htonl
(
++
x
->
replay
.
oseq
);
ahp
->
digest
(
ahp
,
skb
,
ah
->
auth_data
);
ahp
->
icv
(
ahp
,
skb
,
ah
->
auth_data
);
top_iph
->
tos
=
iph
->
tos
;
top_iph
->
tos
=
iph
->
tos
;
top_iph
->
ttl
=
iph
->
ttl
;
top_iph
->
ttl
=
iph
->
ttl
;
if
(
x
->
props
.
mode
)
{
if
(
x
->
props
.
mode
)
{
...
@@ -246,6 +254,7 @@ int ah_output(struct sk_buff *skb)
...
@@ -246,6 +254,7 @@ int ah_output(struct sk_buff *skb)
int
ah_input
(
struct
xfrm_state
*
x
,
struct
sk_buff
*
skb
)
int
ah_input
(
struct
xfrm_state
*
x
,
struct
sk_buff
*
skb
)
{
{
int
ah_hlen
;
struct
iphdr
*
iph
;
struct
iphdr
*
iph
;
struct
ip_auth_hdr
*
ah
;
struct
ip_auth_hdr
*
ah
;
struct
ah_data
*
ahp
;
struct
ah_data
*
ahp
;
...
@@ -255,13 +264,14 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -255,13 +264,14 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
goto
out
;
goto
out
;
ah
=
(
struct
ip_auth_hdr
*
)
skb
->
data
;
ah
=
(
struct
ip_auth_hdr
*
)
skb
->
data
;
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah_hlen
=
(
ah
->
hdrlen
+
2
)
<<
2
;
if
(((
ah
->
hdrlen
+
2
)
<<
2
)
!=
((
ahp
->
digest_len
+
12
+
7
)
&~
7
))
if
(
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_full_len
+
AH_HLEN_NOICV
)
&&
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
))
goto
out
;
goto
out
;
if
(
!
pskb_may_pull
(
skb
,
(
ah
->
hdrlen
+
2
)
<<
2
))
if
(
!
pskb_may_pull
(
skb
,
ah_hlen
))
goto
out
;
goto
out
;
/* We are going to _remove_ AH header to keep sockets happy,
/* We are going to _remove_ AH header to keep sockets happy,
...
@@ -285,17 +295,18 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -285,17 +295,18 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
goto
out
;
goto
out
;
}
}
{
{
u8
auth_data
[
ahp
->
digest_len
];
u8
auth_data
[
ahp
->
icv_trunc_len
];
memcpy
(
auth_data
,
ah
->
auth_data
,
ahp
->
digest_len
);
memcpy
(
auth_data
,
ah
->
auth_data
,
ahp
->
icv_trunc_len
);
skb_push
(
skb
,
skb
->
data
-
skb
->
nh
.
raw
);
skb_push
(
skb
,
skb
->
data
-
skb
->
nh
.
raw
);
ahp
->
digest
(
ahp
,
skb
,
ah
->
auth_data
);
ahp
->
icv
(
ahp
,
skb
,
ah
->
auth_data
);
if
(
memcmp
(
ah
->
auth_data
,
auth_data
,
ahp
->
digest
_len
))
{
if
(
memcmp
(
ah
->
auth_data
,
auth_data
,
ahp
->
icv_trunc
_len
))
{
x
->
stats
.
integrity_failed
++
;
x
->
stats
.
integrity_failed
++
;
goto
out
;
goto
out
;
}
}
}
}
((
struct
iphdr
*
)
work_buf
)
->
protocol
=
ah
->
nexthdr
;
((
struct
iphdr
*
)
work_buf
)
->
protocol
=
ah
->
nexthdr
;
skb
->
nh
.
raw
=
skb_pull
(
skb
,
(
ah
->
hdrlen
+
2
)
<<
2
);
skb
->
nh
.
raw
=
skb_pull
(
skb
,
ah_hlen
);
memcpy
(
skb
->
nh
.
raw
,
work_buf
,
iph
->
ihl
*
4
);
memcpy
(
skb
->
nh
.
raw
,
work_buf
,
iph
->
ihl
*
4
);
skb
->
nh
.
iph
->
tot_len
=
htons
(
skb
->
len
);
skb
->
nh
.
iph
->
tot_len
=
htons
(
skb
->
len
);
skb_pull
(
skb
,
skb
->
nh
.
iph
->
ihl
*
4
);
skb_pull
(
skb
,
skb
->
nh
.
iph
->
ihl
*
4
);
...
@@ -325,12 +336,13 @@ void ah4_err(struct sk_buff *skb, u32 info)
...
@@ -325,12 +336,13 @@ void ah4_err(struct sk_buff *skb, u32 info)
xfrm_state_put
(
x
);
xfrm_state_put
(
x
);
}
}
int
ah_init_state
(
struct
xfrm_state
*
x
,
void
*
args
)
static
int
ah_init_state
(
struct
xfrm_state
*
x
,
void
*
args
)
{
{
struct
ah_data
*
ahp
=
NULL
;
struct
ah_data
*
ahp
=
NULL
;
struct
xfrm_algo_desc
*
aalg_desc
;
if
(
x
->
aalg
==
NULL
||
x
->
aalg
->
alg_key_len
==
0
||
/* null auth can use a zero length key */
x
->
aalg
->
alg_key_len
>
512
)
if
(
x
->
aalg
->
alg_key_len
>
512
)
goto
error
;
goto
error
;
ahp
=
kmalloc
(
sizeof
(
*
ahp
),
GFP_KERNEL
);
ahp
=
kmalloc
(
sizeof
(
*
ahp
),
GFP_KERNEL
);
...
@@ -344,13 +356,33 @@ int ah_init_state(struct xfrm_state *x, void *args)
...
@@ -344,13 +356,33 @@ int ah_init_state(struct xfrm_state *x, void *args)
ahp
->
tfm
=
crypto_alloc_tfm
(
x
->
aalg
->
alg_name
,
0
);
ahp
->
tfm
=
crypto_alloc_tfm
(
x
->
aalg
->
alg_name
,
0
);
if
(
!
ahp
->
tfm
)
if
(
!
ahp
->
tfm
)
goto
error
;
goto
error
;
ahp
->
digest
=
ah_hmac_digest
;
ahp
->
icv
=
ah_hmac_digest
;
ahp
->
digest_len
=
12
;
ahp
->
work_digest
=
kmalloc
(
crypto_tfm_alg_digestsize
(
ahp
->
tfm
),
/*
GFP_KERNEL
);
* Lookup the algorithm description maintained by pfkey,
if
(
!
ahp
->
work_digest
)
* verify crypto transform properties, and store information
* we need for AH processing. This lookup cannot fail here
* after a successful crypto_alloc_tfm().
*/
aalg_desc
=
xfrm_aalg_get_byname
(
x
->
aalg
->
alg_name
);
BUG_ON
(
!
aalg_desc
);
if
(
aalg_desc
->
uinfo
.
auth
.
icv_fullbits
/
8
!=
crypto_tfm_alg_digestsize
(
ahp
->
tfm
))
{
printk
(
KERN_INFO
"AH: %s digestsize %u != %hu
\n
"
,
x
->
aalg
->
alg_name
,
crypto_tfm_alg_digestsize
(
ahp
->
tfm
),
aalg_desc
->
uinfo
.
auth
.
icv_fullbits
/
8
);
goto
error
;
}
ahp
->
icv_full_len
=
aalg_desc
->
uinfo
.
auth
.
icv_fullbits
/
8
;
ahp
->
icv_trunc_len
=
aalg_desc
->
uinfo
.
auth
.
icv_truncbits
/
8
;
ahp
->
work_icv
=
kmalloc
(
ahp
->
icv_full_len
,
GFP_KERNEL
);
if
(
!
ahp
->
work_icv
)
goto
error
;
goto
error
;
x
->
props
.
header_len
=
(
12
+
ahp
->
digest_len
+
7
)
&~
7
;
x
->
props
.
header_len
=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
);
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
20
;
x
->
props
.
header_len
+=
20
;
x
->
data
=
ahp
;
x
->
data
=
ahp
;
...
@@ -359,8 +391,8 @@ int ah_init_state(struct xfrm_state *x, void *args)
...
@@ -359,8 +391,8 @@ int ah_init_state(struct xfrm_state *x, void *args)
error:
error:
if
(
ahp
)
{
if
(
ahp
)
{
if
(
ahp
->
work_
digest
)
if
(
ahp
->
work_
icv
)
kfree
(
ahp
->
work_
digest
);
kfree
(
ahp
->
work_
icv
);
if
(
ahp
->
tfm
)
if
(
ahp
->
tfm
)
crypto_free_tfm
(
ahp
->
tfm
);
crypto_free_tfm
(
ahp
->
tfm
);
kfree
(
ahp
);
kfree
(
ahp
);
...
@@ -368,13 +400,13 @@ int ah_init_state(struct xfrm_state *x, void *args)
...
@@ -368,13 +400,13 @@ int ah_init_state(struct xfrm_state *x, void *args)
return
-
EINVAL
;
return
-
EINVAL
;
}
}
void
ah_destroy
(
struct
xfrm_state
*
x
)
static
void
ah_destroy
(
struct
xfrm_state
*
x
)
{
{
struct
ah_data
*
ahp
=
x
->
data
;
struct
ah_data
*
ahp
=
x
->
data
;
if
(
ahp
->
work_
digest
)
{
if
(
ahp
->
work_
icv
)
{
kfree
(
ahp
->
work_
digest
);
kfree
(
ahp
->
work_
icv
);
ahp
->
work_
digest
=
NULL
;
ahp
->
work_
icv
=
NULL
;
}
}
if
(
ahp
->
tfm
)
{
if
(
ahp
->
tfm
)
{
crypto_free_tfm
(
ahp
->
tfm
);
crypto_free_tfm
(
ahp
->
tfm
);
...
@@ -399,7 +431,7 @@ static struct inet_protocol ah4_protocol = {
...
@@ -399,7 +431,7 @@ static struct inet_protocol ah4_protocol = {
.
no_policy
=
1
,
.
no_policy
=
1
,
};
};
int
__init
ah4_init
(
void
)
static
int
__init
ah4_init
(
void
)
{
{
SET_MODULE_OWNER
(
&
ah_type
);
SET_MODULE_OWNER
(
&
ah_type
);
if
(
xfrm_register_type
(
&
ah_type
)
<
0
)
{
if
(
xfrm_register_type
(
&
ah_type
)
<
0
)
{
...
...
net/ipv4/xfrm_algo.c
0 → 100644
View file @
3bab27b6
/*
* xfrm algorithm interface
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*/
#include <linux/kernel.h>
#include <linux/pfkeyv2.h>
#include <net/xfrm.h>
/*
* Algorithms supported by IPsec. These entries contain properties which
* are used in key negotiation and xfrm processing, and are used to verify
* that instantiated crypto transforms have correct parameters for IPsec
* purposes.
*/
static
struct
xfrm_algo_desc
aalg_list
[]
=
{
{
.
name
=
"digest_null"
,
.
uinfo
=
{
.
auth
=
{
.
icv_truncbits
=
0
,
.
icv_fullbits
=
0
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_AALG_NULL
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
0
,
.
sadb_alg_maxbits
=
0
}
},
{
.
name
=
"md5"
,
.
uinfo
=
{
.
auth
=
{
.
icv_truncbits
=
96
,
.
icv_fullbits
=
128
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_AALG_MD5HMAC
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
128
,
.
sadb_alg_maxbits
=
128
}
},
{
.
name
=
"sha1"
,
.
uinfo
=
{
.
auth
=
{
.
icv_truncbits
=
96
,
.
icv_fullbits
=
160
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_AALG_SHA1HMAC
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
160
,
.
sadb_alg_maxbits
=
160
}
},
{
.
name
=
"sha256"
,
.
uinfo
=
{
.
auth
=
{
.
icv_truncbits
=
128
,
.
icv_fullbits
=
256
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_AALG_SHA2_256HMAC
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
256
,
.
sadb_alg_maxbits
=
256
}
},
{
.
name
=
"ripemd160"
,
.
uinfo
=
{
.
auth
=
{
.
icv_truncbits
=
96
,
.
icv_fullbits
=
160
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_AALG_RIPEMD160HMAC
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
160
,
.
sadb_alg_maxbits
=
160
}
},
};
static
struct
xfrm_algo_desc
ealg_list
[]
=
{
{
.
name
=
"cipher_null"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
8
,
.
defkeybits
=
0
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_EALG_NULL
,
.
sadb_alg_ivlen
=
0
,
.
sadb_alg_minbits
=
0
,
.
sadb_alg_maxbits
=
0
}
},
{
.
name
=
"des"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
64
,
.
defkeybits
=
64
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_EALG_DESCBC
,
.
sadb_alg_ivlen
=
8
,
.
sadb_alg_minbits
=
64
,
.
sadb_alg_maxbits
=
64
}
},
{
.
name
=
"des3_ede"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
64
,
.
defkeybits
=
192
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_EALG_3DESCBC
,
.
sadb_alg_ivlen
=
8
,
.
sadb_alg_minbits
=
192
,
.
sadb_alg_maxbits
=
192
}
},
{
.
name
=
"cast128"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
64
,
.
defkeybits
=
128
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_EALG_CASTCBC
,
.
sadb_alg_ivlen
=
8
,
.
sadb_alg_minbits
=
40
,
.
sadb_alg_maxbits
=
128
}
},
{
.
name
=
"blowfish"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
64
,
.
defkeybits
=
128
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_EALG_BLOWFISHCBC
,
.
sadb_alg_ivlen
=
8
,
.
sadb_alg_minbits
=
40
,
.
sadb_alg_maxbits
=
448
}
},
{
.
name
=
"aes"
,
.
uinfo
=
{
.
encr
=
{
.
blockbits
=
128
,
.
defkeybits
=
128
,
}
},
.
desc
=
{
.
sadb_alg_id
=
SADB_X_EALG_AESCBC
,
.
sadb_alg_ivlen
=
8
,
.
sadb_alg_minbits
=
128
,
.
sadb_alg_maxbits
=
256
}
},
};
static
inline
int
aalg_entries
(
void
)
{
return
sizeof
(
aalg_list
)
/
sizeof
(
aalg_list
[
0
]);
}
static
inline
int
ealg_entries
(
void
)
{
return
sizeof
(
ealg_list
)
/
sizeof
(
ealg_list
[
0
]);
}
struct
xfrm_algo_desc
*
xfrm_aalg_get_byid
(
int
alg_id
)
{
int
i
;
for
(
i
=
0
;
i
<
aalg_entries
();
i
++
)
{
if
(
aalg_list
[
i
].
desc
.
sadb_alg_id
==
alg_id
)
{
if
(
aalg_list
[
i
].
available
)
return
&
aalg_list
[
i
];
else
break
;
}
}
return
NULL
;
}
struct
xfrm_algo_desc
*
xfrm_ealg_get_byid
(
int
alg_id
)
{
int
i
;
for
(
i
=
0
;
i
<
ealg_entries
();
i
++
)
{
if
(
ealg_list
[
i
].
desc
.
sadb_alg_id
==
alg_id
)
{
if
(
ealg_list
[
i
].
available
)
return
&
ealg_list
[
i
];
else
break
;
}
}
return
NULL
;
}
struct
xfrm_algo_desc
*
xfrm_aalg_get_byname
(
char
*
name
)
{
int
i
;
if
(
!
name
)
return
NULL
;
for
(
i
=
0
;
i
<
aalg_entries
();
i
++
)
{
if
(
strcmp
(
name
,
aalg_list
[
i
].
name
)
==
0
)
{
if
(
aalg_list
[
i
].
available
)
return
&
aalg_list
[
i
];
else
break
;
}
}
return
NULL
;
}
struct
xfrm_algo_desc
*
xfrm_ealg_get_byname
(
char
*
name
)
{
int
i
;
if
(
!
name
)
return
NULL
;
for
(
i
=
0
;
i
<
ealg_entries
();
i
++
)
{
if
(
strcmp
(
name
,
ealg_list
[
i
].
name
)
==
0
)
{
if
(
ealg_list
[
i
].
available
)
return
&
ealg_list
[
i
];
else
break
;
}
}
return
NULL
;
}
struct
xfrm_algo_desc
*
xfrm_aalg_get_byidx
(
unsigned
int
idx
)
{
if
(
idx
>=
aalg_entries
())
return
NULL
;
return
&
aalg_list
[
idx
];
}
struct
xfrm_algo_desc
*
xfrm_ealg_get_byidx
(
unsigned
int
idx
)
{
if
(
idx
>=
ealg_entries
())
return
NULL
;
return
&
ealg_list
[
idx
];
}
/*
* Probe for the availability of crypto algorithms, and set the available
* flag for any algorithms found on the system. This is typically called by
* pfkey during userspace SA add, update or register.
*/
void
xfrm_probe_algs
(
void
)
{
int
i
,
status
;
BUG_ON
(
in_softirq
());
for
(
i
=
0
;
i
<
aalg_entries
();
i
++
)
{
status
=
crypto_alg_available
(
aalg_list
[
i
].
name
,
0
);
if
(
aalg_list
[
i
].
available
!=
status
)
aalg_list
[
i
].
available
=
status
;
}
for
(
i
=
0
;
i
<
ealg_entries
();
i
++
)
{
status
=
crypto_alg_available
(
ealg_list
[
i
].
name
,
0
);
if
(
ealg_list
[
i
].
available
!=
status
)
ealg_list
[
i
].
available
=
status
;
}
}
int
xfrm_count_auth_supported
(
void
)
{
int
i
,
n
;
for
(
i
=
0
,
n
=
0
;
i
<
aalg_entries
();
i
++
)
if
(
aalg_list
[
i
].
available
)
n
++
;
return
n
;
}
int
xfrm_count_enc_supported
(
void
)
{
int
i
,
n
;
for
(
i
=
0
,
n
=
0
;
i
<
ealg_entries
();
i
++
)
if
(
ealg_list
[
i
].
available
)
n
++
;
return
n
;
}
net/key/af_key.c
View file @
3bab27b6
This diff is collapsed.
Click to expand it.
net/netsyms.c
View file @
3bab27b6
...
@@ -323,6 +323,15 @@ EXPORT_SYMBOL(xfrm_policy_flush);
...
@@ -323,6 +323,15 @@ EXPORT_SYMBOL(xfrm_policy_flush);
EXPORT_SYMBOL
(
xfrm_policy_byid
);
EXPORT_SYMBOL
(
xfrm_policy_byid
);
EXPORT_SYMBOL
(
xfrm_policy_list
);
EXPORT_SYMBOL
(
xfrm_policy_list
);
EXPORT_SYMBOL_GPL
(
xfrm_probe_algs
);
EXPORT_SYMBOL_GPL
(
xfrm_count_auth_supported
);
EXPORT_SYMBOL_GPL
(
xfrm_count_enc_supported
);
EXPORT_SYMBOL_GPL
(
xfrm_aalg_get_byidx
);
EXPORT_SYMBOL_GPL
(
xfrm_ealg_get_byidx
);
EXPORT_SYMBOL_GPL
(
xfrm_aalg_get_byid
);
EXPORT_SYMBOL_GPL
(
xfrm_ealg_get_byid
);
EXPORT_SYMBOL_GPL
(
xfrm_aalg_get_byname
);
EXPORT_SYMBOL_GPL
(
xfrm_ealg_get_byname
);
#if defined (CONFIG_IPV6_MODULE) || defined (CONFIG_IP_SCTP_MODULE)
#if defined (CONFIG_IPV6_MODULE) || defined (CONFIG_IP_SCTP_MODULE)
/* inet functions common to v4 and v6 */
/* inet functions common to v4 and v6 */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment