^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (C)2002 USAGI/WIDE Project
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Authors
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Mitsuru KANDA @USAGI : IPv6 Support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Kazunori MIYAZAWA @USAGI :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * This file is derived from net/ipv4/esp.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #define pr_fmt(fmt) "IPv6: " fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <crypto/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <crypto/authenc.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <net/esp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/scatterlist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <linux/pfkeyv2.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <linux/random.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <net/ip6_checksum.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <net/ip6_route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <net/icmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include <net/protocol.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <net/udp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include <linux/icmpv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <net/tcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <net/espintcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #include <net/inet6_hashtables.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include <linux/highmem.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) struct esp_skb_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct xfrm_skb_cb xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) void *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) struct esp_output_extra {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) __be32 seqhi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) u32 esphoff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) * Allocate an AEAD request structure with extra space for SG and IV.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) * For alignment considerations the upper 32 bits of the sequence number are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) * placed at the front, if present. Followed by the IV, the request and finally
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) * the SG list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) * TODO: Use spare space in skb for this where possible.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqihlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) unsigned int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) len = seqihlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) len += crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) if (len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) len += crypto_aead_alignmask(aead) &
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) ~(crypto_tfm_ctx_alignment() - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) len = ALIGN(len, crypto_tfm_ctx_alignment());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) len += sizeof(struct aead_request) + crypto_aead_reqsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) len = ALIGN(len, __alignof__(struct scatterlist));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) len += sizeof(struct scatterlist) * nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) return kmalloc(len, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) static inline void *esp_tmp_extra(void *tmp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) return PTR_ALIGN(tmp, __alignof__(struct esp_output_extra));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) return crypto_aead_ivsize(aead) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) PTR_ALIGN((u8 *)tmp + seqhilen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) crypto_aead_alignmask(aead) + 1) : tmp + seqhilen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) struct aead_request *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) crypto_tfm_ctx_alignment());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) aead_request_set_tfm(req, aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) return req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) return (void *)ALIGN((unsigned long)(req + 1) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) crypto_aead_reqsize(aead),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) __alignof__(struct scatterlist));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct esp_output_extra *extra = esp_tmp_extra(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct crypto_aead *aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) int extralen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) u8 *iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) struct aead_request *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) struct scatterlist *sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) if (x->props.flags & XFRM_STATE_ESN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) extralen += sizeof(*extra);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) iv = esp_tmp_iv(aead, tmp, extralen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) req = esp_tmp_req(aead, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) /* Unref skb_frag_pages in the src scatterlist if necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * Skip the first sg which comes from skb->data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) if (req->src != req->dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) for (sg = sg_next(req->src); sg; sg = sg_next(sg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) put_page(sg_page(sg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) #ifdef CONFIG_INET6_ESPINTCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) struct esp_tcp_sk {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) struct rcu_head rcu;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) static void esp_free_tcp_sk(struct rcu_head *head)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) struct esp_tcp_sk *esk = container_of(head, struct esp_tcp_sk, rcu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) sock_put(esk->sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) kfree(esk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) static struct sock *esp6_find_tcp_sk(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) struct xfrm_encap_tmpl *encap = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) struct esp_tcp_sk *esk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) __be16 sport, dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) struct sock *nsk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) sk = rcu_dereference(x->encap_sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) if (sk && sk->sk_state == TCP_ESTABLISHED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) return sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) sport = encap->encap_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) dport = encap->encap_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) nsk = rcu_dereference_protected(x->encap_sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) lockdep_is_held(&x->lock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) if (sk && sk == nsk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) esk = kmalloc(sizeof(*esk), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) if (!esk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) return ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) RCU_INIT_POINTER(x->encap_sk, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) esk->sk = sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) call_rcu(&esk->rcu, esp_free_tcp_sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) sk = __inet6_lookup_established(xs_net(x), &tcp_hashinfo, &x->id.daddr.in6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) dport, &x->props.saddr.in6, ntohs(sport), 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) if (!sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) return ERR_PTR(-ENOENT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) if (!tcp_is_ulp_esp(sk)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) sock_put(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) nsk = rcu_dereference_protected(x->encap_sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) lockdep_is_held(&x->lock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) if (encap->encap_sport != sport ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) encap->encap_dport != dport) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) sock_put(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) sk = nsk ?: ERR_PTR(-EREMCHG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) } else if (sk == nsk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) sock_put(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) rcu_assign_pointer(x->encap_sk, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) return sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) static int esp_output_tcp_finish(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) sk = esp6_find_tcp_sk(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) err = PTR_ERR_OR_ZERO(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) bh_lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) if (sock_owned_by_user(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) err = espintcp_queue_out(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) err = espintcp_push_skb(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) bh_unlock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) static int esp_output_tcp_encap_cb(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) struct xfrm_state *x = dst->xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) return esp_output_tcp_finish(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) local_bh_disable();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) err = xfrm_trans_queue_net(xs_net(x), skb, esp_output_tcp_encap_cb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) local_bh_enable();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) /* EINPROGRESS just happens to do the right thing. It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) * actually means that the skb has been consumed and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) * isn't coming back.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) return err ?: -EINPROGRESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) static void esp_output_encap_csum(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) /* UDP encap with IPv6 requires a valid checksum */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (*skb_mac_header(skb) == IPPROTO_UDP) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) struct udphdr *uh = udp_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) struct ipv6hdr *ip6h = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) int len = ntohs(uh->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) unsigned int offset = skb_transport_offset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) __wsum csum = skb_checksum(skb, offset, skb->len - offset, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) uh->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) len, IPPROTO_UDP, csum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) if (uh->check == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) uh->check = CSUM_MANGLED_0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) static void esp_output_done(struct crypto_async_request *base, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) struct sk_buff *skb = base->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) void *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) if (xo && (xo->flags & XFRM_DEV_RESUME)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) struct sec_path *sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) x = sp->xvec[sp->len - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) x = skb_dst(skb)->xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) tmp = ESP_SKB_CB(skb)->tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) esp_ssg_unref(x, tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) kfree(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) esp_output_encap_csum(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) if (xo && (xo->flags & XFRM_DEV_RESUME)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) XFRM_INC_STATS(xs_net(x), LINUX_MIB_XFRMOUTSTATEPROTOERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) skb_push(skb, skb->data - skb_mac_header(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) secpath_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) xfrm_dev_resume(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) if (!err &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) esp_output_tail_tcp(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) xfrm_output_resume(skb, err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) /* Move ESP header back into place. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) static void esp_restore_header(struct sk_buff *skb, unsigned int offset)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) struct ip_esp_hdr *esph = (void *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) void *tmp = ESP_SKB_CB(skb)->tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) __be32 *seqhi = esp_tmp_extra(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) esph->seq_no = esph->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) esph->spi = *seqhi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) static void esp_output_restore_header(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) void *tmp = ESP_SKB_CB(skb)->tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) struct esp_output_extra *extra = esp_tmp_extra(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) esp_restore_header(skb, skb_transport_offset(skb) + extra->esphoff -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) sizeof(__be32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) static struct ip_esp_hdr *esp_output_set_esn(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) struct ip_esp_hdr *esph,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) struct esp_output_extra *extra)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) /* For ESN we move the header forward by 4 bytes to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) * accomodate the high bits. We will move it back after
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) * encryption.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) if ((x->props.flags & XFRM_STATE_ESN)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) __u32 seqhi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) if (xo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) seqhi = xo->seq.hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) seqhi = XFRM_SKB_CB(skb)->seq.output.hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) extra->esphoff = (unsigned char *)esph -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) skb_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) esph = (struct ip_esp_hdr *)((unsigned char *)esph - 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) extra->seqhi = esph->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) esph->seq_no = htonl(seqhi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) esph->spi = x->id.spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) return esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) static void esp_output_done_esn(struct crypto_async_request *base, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) struct sk_buff *skb = base->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) esp_output_restore_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) esp_output_done(base, err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) int encap_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) struct esp_info *esp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) __be16 sport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) __be16 dport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) struct udphdr *uh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) __be32 *udpdata32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) unsigned int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) len = skb->len + esp->tailen - skb_transport_offset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) if (len > U16_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) return ERR_PTR(-EMSGSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) uh = (struct udphdr *)esp->esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) uh->source = sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) uh->dest = dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) uh->len = htons(len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) uh->check = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) *skb_mac_header(skb) = IPPROTO_UDP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) udpdata32 = (__be32 *)(uh + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) udpdata32[0] = udpdata32[1] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) return (struct ip_esp_hdr *)(udpdata32 + 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) return (struct ip_esp_hdr *)(uh + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) #ifdef CONFIG_INET6_ESPINTCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) static struct ip_esp_hdr *esp6_output_tcp_encap(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) struct esp_info *esp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) __be16 *lenp = (void *)esp->esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) unsigned int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) len = skb->len + esp->tailen - skb_transport_offset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) if (len > IP_MAX_MTU)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) return ERR_PTR(-EMSGSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) sk = esp6_find_tcp_sk(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) if (IS_ERR(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) return ERR_CAST(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) *lenp = htons(len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) esph = (struct ip_esp_hdr *)(lenp + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) return esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) static struct ip_esp_hdr *esp6_output_tcp_encap(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) struct esp_info *esp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) return ERR_PTR(-EOPNOTSUPP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) static int esp6_output_encap(struct xfrm_state *x, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) struct esp_info *esp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) struct xfrm_encap_tmpl *encap = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) __be16 sport, dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) int encap_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) sport = encap->encap_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) dport = encap->encap_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) encap_type = encap->encap_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) switch (encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) case UDP_ENCAP_ESPINUDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) case UDP_ENCAP_ESPINUDP_NON_IKE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) esph = esp6_output_udp_encap(skb, encap_type, esp, sport, dport);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) case TCP_ENCAP_ESPINTCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) esph = esp6_output_tcp_encap(x, skb, esp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) if (IS_ERR(esph))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) return PTR_ERR(esph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) esp->esph = esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) u8 *tail;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) int nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) int esph_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) struct page *page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) struct sk_buff *trailer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) int tailen = esp->tailen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) unsigned int allocsz;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) if (x->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) int err = esp6_output_encap(x, skb, esp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) if (allocsz > ESP_SKB_FRAG_MAXSIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) goto cow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) if (!skb_cloned(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) if (tailen <= skb_tailroom(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) nfrags = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) trailer = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) tail = skb_tail_pointer(trailer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) goto skip_cow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) } else if ((skb_shinfo(skb)->nr_frags < MAX_SKB_FRAGS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) && !skb_has_frag_list(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) int allocsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) struct sock *sk = skb->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) struct page_frag *pfrag = &x->xfrag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) esp->inplace = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) allocsize = ALIGN(tailen, L1_CACHE_BYTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) goto cow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) page = pfrag->page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) get_page(page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) tail = page_address(page) + pfrag->offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) nfrags = skb_shinfo(skb)->nr_frags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) __skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) tailen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) skb_shinfo(skb)->nr_frags = ++nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) pfrag->offset = pfrag->offset + allocsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) nfrags++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) skb->len += tailen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) skb->data_len += tailen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) skb->truesize += tailen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) if (sk && sk_fullsock(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) refcount_add(tailen, &sk->sk_wmem_alloc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) cow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) esph_offset = (unsigned char *)esp->esph - skb_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) nfrags = skb_cow_data(skb, tailen, &trailer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) if (nfrags < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) tail = skb_tail_pointer(trailer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) esp->esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esph_offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) skip_cow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) pskb_put(skb, trailer, tailen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) return nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) EXPORT_SYMBOL_GPL(esp6_output_head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) u8 *iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) int alen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) void *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) int ivlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) int assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) int extralen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) struct page *page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) struct aead_request *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) struct scatterlist *sg, *dsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) struct esp_output_extra *extra;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) int err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) assoclen = sizeof(struct ip_esp_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) extralen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) if (x->props.flags & XFRM_STATE_ESN) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) extralen += sizeof(*extra);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) assoclen += sizeof(__be32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) alen = crypto_aead_authsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) ivlen = crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) tmp = esp_alloc_tmp(aead, esp->nfrags + 2, extralen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) if (!tmp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) extra = esp_tmp_extra(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) iv = esp_tmp_iv(aead, tmp, extralen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) req = esp_tmp_req(aead, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) sg = esp_req_sg(aead, req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) if (esp->inplace)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) dsg = sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) dsg = &sg[esp->nfrags];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) esph = esp_output_set_esn(skb, x, esp->esph, extra);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) esp->esph = esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) sg_init_table(sg, esp->nfrags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) err = skb_to_sgvec(skb, sg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) (unsigned char *)esph - skb->data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) assoclen + ivlen + esp->clen + alen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) if (unlikely(err < 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) goto error_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) if (!esp->inplace) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) int allocsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) struct page_frag *pfrag = &x->xfrag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) allocsize = ALIGN(skb->data_len, L1_CACHE_BYTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) goto error_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) skb_shinfo(skb)->nr_frags = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) page = pfrag->page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) get_page(page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) /* replace page frags in skb with new page */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) __skb_fill_page_desc(skb, 0, page, pfrag->offset, skb->data_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) pfrag->offset = pfrag->offset + allocsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) err = skb_to_sgvec(skb, dsg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) (unsigned char *)esph - skb->data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) assoclen + ivlen + esp->clen + alen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) if (unlikely(err < 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) goto error_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) if ((x->props.flags & XFRM_STATE_ESN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) aead_request_set_callback(req, 0, esp_output_done_esn, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) aead_request_set_callback(req, 0, esp_output_done, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) aead_request_set_crypt(req, sg, dsg, ivlen + esp->clen, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) aead_request_set_ad(req, assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) memset(iv, 0, ivlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) memcpy(iv + ivlen - min(ivlen, 8), (u8 *)&esp->seqno + 8 - min(ivlen, 8),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) min(ivlen, 8));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) ESP_SKB_CB(skb)->tmp = tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) err = crypto_aead_encrypt(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) switch (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) case -EINPROGRESS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) case -ENOSPC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) err = NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) case 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) if ((x->props.flags & XFRM_STATE_ESN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) esp_output_restore_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) esp_output_encap_csum(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) if (sg != dsg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) esp_ssg_unref(x, tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) if (!err && x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) err = esp_output_tail_tcp(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) error_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) kfree(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) EXPORT_SYMBOL_GPL(esp6_output_tail);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) int alen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) int blksize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) struct esp_info esp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) esp.inplace = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) esp.proto = *skb_mac_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) *skb_mac_header(skb) = IPPROTO_ESP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) /* skb is pure payload to encrypt */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) alen = crypto_aead_authsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) esp.tfclen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) if (x->tfcpad) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) u32 padto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) padto = min(x->tfcpad, xfrm_state_mtu(x, dst->child_mtu_cached));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) if (skb->len < padto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) esp.tfclen = padto - skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) blksize = ALIGN(crypto_aead_blocksize(aead), 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) esp.clen = ALIGN(skb->len + 2 + esp.tfclen, blksize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) esp.plen = esp.clen - skb->len - esp.tfclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) esp.tailen = esp.tfclen + esp.plen + alen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) esp.esph = ip_esp_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) esp.nfrags = esp6_output_head(x, skb, &esp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) if (esp.nfrags < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) return esp.nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) esph = esp.esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) esph->spi = x->id.spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) esp.seqno = cpu_to_be64(XFRM_SKB_CB(skb)->seq.output.low +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) skb_push(skb, -skb_network_offset(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) return esp6_output_tail(x, skb, &esp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) static inline int esp_remove_trailer(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) struct xfrm_state *x = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) struct crypto_aead *aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) int alen, hlen, elen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) int padlen, trimlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) __wsum csumdiff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) u8 nexthdr[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) alen = crypto_aead_authsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) elen = skb->len - hlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) ret = xo->proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) ret = skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) BUG_ON(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) padlen = nexthdr[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) if (padlen + 2 + alen >= elen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) net_dbg_ratelimited("ipsec esp packet is garbage padlen=%d, elen=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) padlen + 2, elen - alen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) trimlen = alen + padlen + 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) if (skb->ip_summed == CHECKSUM_COMPLETE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) csumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) skb->csum = csum_block_sub(skb->csum, csumdiff,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) skb->len - trimlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) pskb_trim(skb, skb->len - trimlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) ret = nexthdr[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) int esp6_input_done2(struct sk_buff *skb, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) struct xfrm_state *x = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) struct crypto_aead *aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) int hdr_len = skb_network_header_len(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) if (!xo || (xo && !(xo->flags & CRYPTO_DONE)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) kfree(ESP_SKB_CB(skb)->tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) if (unlikely(err))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) err = esp_remove_trailer(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) if (unlikely(err < 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) if (x->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) const struct ipv6hdr *ip6h = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) int offset = skb_network_offset(skb) + sizeof(*ip6h);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) struct xfrm_encap_tmpl *encap = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) u8 nexthdr = ip6h->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) __be16 frag_off, source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) struct udphdr *uh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) struct tcphdr *th;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) if (offset == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) uh = (void *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) th = (void *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) hdr_len += offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) switch (x->encap->encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) case TCP_ENCAP_ESPINTCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) source = th->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) case UDP_ENCAP_ESPINUDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) case UDP_ENCAP_ESPINUDP_NON_IKE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) source = uh->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) * 1) if the NAT-T peer's IP or port changed then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) * advertize the change to the keying daemon.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) * This is an inbound SA, so just compare
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) * SRC ports.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) if (!ipv6_addr_equal(&ip6h->saddr, &x->props.saddr.in6) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) source != encap->encap_sport) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) xfrm_address_t ipaddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) memcpy(&ipaddr.a6, &ip6h->saddr.s6_addr, sizeof(ipaddr.a6));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) km_new_mapping(x, &ipaddr, source);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) /* XXX: perhaps add an extra
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) * policy check here, to see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) * if we should allow or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) * reject a packet from a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) * different source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) * address/port.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) * 2) ignore UDP/TCP checksums in case
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) * of NAT-T in Transport Mode, or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) * perform other post-processing fixes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) * as per draft-ietf-ipsec-udp-encaps-06,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) * section 3.1.2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) if (x->props.mode == XFRM_MODE_TRANSPORT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) skb->ip_summed = CHECKSUM_UNNECESSARY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) skb_postpull_rcsum(skb, skb_network_header(skb),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) skb_network_header_len(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) skb_pull_rcsum(skb, hlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) if (x->props.mode == XFRM_MODE_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) skb_set_transport_header(skb, -hdr_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) /* RFC4303: Drop dummy packets without any error */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) if (err == IPPROTO_NONE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) EXPORT_SYMBOL_GPL(esp6_input_done2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) static void esp_input_done(struct crypto_async_request *base, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) struct sk_buff *skb = base->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) xfrm_input_resume(skb, esp6_input_done2(skb, err));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) static void esp_input_restore_header(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) esp_restore_header(skb, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) __skb_pull(skb, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) static void esp_input_set_header(struct sk_buff *skb, __be32 *seqhi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) struct xfrm_state *x = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) /* For ESN we move the header forward by 4 bytes to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) * accomodate the high bits. We will move it back after
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) * decryption.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) if ((x->props.flags & XFRM_STATE_ESN)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911) struct ip_esp_hdr *esph = skb_push(skb, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) *seqhi = esph->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) esph->spi = esph->seq_no;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) static void esp_input_done_esn(struct crypto_async_request *base, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921) struct sk_buff *skb = base->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923) esp_input_restore_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) esp_input_done(base, err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) struct crypto_aead *aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) struct aead_request *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) struct sk_buff *trailer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932) int ivlen = crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) int elen = skb->len - sizeof(struct ip_esp_hdr) - ivlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) int nfrags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) int assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) int seqhilen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) void *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) __be32 *seqhi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) u8 *iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941) struct scatterlist *sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943) if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr) + ivlen)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) if (elen <= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) assoclen = sizeof(struct ip_esp_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) seqhilen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) if (x->props.flags & XFRM_STATE_ESN) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) seqhilen += sizeof(__be32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958) assoclen += seqhilen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961) if (!skb_cloned(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) if (!skb_is_nonlinear(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) nfrags = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) goto skip_cow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966) } else if (!skb_has_frag_list(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) nfrags = skb_shinfo(skb)->nr_frags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) nfrags++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) goto skip_cow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) nfrags = skb_cow_data(skb, 0, &trailer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) if (nfrags < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) skip_cow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) tmp = esp_alloc_tmp(aead, nfrags, seqhilen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983) if (!tmp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986) ESP_SKB_CB(skb)->tmp = tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) seqhi = esp_tmp_extra(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) iv = esp_tmp_iv(aead, tmp, seqhilen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) req = esp_tmp_req(aead, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) sg = esp_req_sg(aead, req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) esp_input_set_header(skb, seqhi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994) sg_init_table(sg, nfrags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) ret = skb_to_sgvec(skb, sg, 0, skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) if (unlikely(ret < 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) kfree(tmp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) skb->ip_summed = CHECKSUM_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) if ((x->props.flags & XFRM_STATE_ESN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) aead_request_set_callback(req, 0, esp_input_done_esn, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) aead_request_set_callback(req, 0, esp_input_done, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) aead_request_set_crypt(req, sg, sg, elen + ivlen, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) aead_request_set_ad(req, assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) ret = crypto_aead_decrypt(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) if (ret == -EINPROGRESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) if ((x->props.flags & XFRM_STATE_ESN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) esp_input_restore_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) ret = esp6_input_done2(skb, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) static int esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) u8 type, u8 code, int offset, __be32 info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) if (type != ICMPV6_PKT_TOOBIG &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) type != NDISC_REDIRECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) esph->spi, IPPROTO_ESP, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) if (type == NDISC_REDIRECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) ip6_redirect(skb, net, skb->dev->ifindex, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) sock_net_uid(net, NULL));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) static void esp6_destroy(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) struct crypto_aead *aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) if (!aead)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) crypto_free_aead(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) static int esp_init_aead(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) char aead_name[CRYPTO_MAX_ALG_NAME];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) err = -ENAMETOOLONG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) aead = crypto_alloc_aead(aead_name, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) err = PTR_ERR(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) if (IS_ERR(aead))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) x->data = aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) err = crypto_aead_setkey(aead, x->aead->alg_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) (x->aead->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) static int esp_init_authenc(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095) struct crypto_authenc_key_param *param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) struct rtattr *rta;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) char *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) char *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) char authenc_name[CRYPTO_MAX_ALG_NAME];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) unsigned int keylen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) if (!x->ealg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) err = -ENAMETOOLONG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) if ((x->props.flags & XFRM_STATE_ESN)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) "%s%sauthencesn(%s,%s)%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) x->geniv ?: "", x->geniv ? "(" : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) x->aalg ? x->aalg->alg_name : "digest_null",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) x->ealg->alg_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) "%s%sauthenc(%s,%s)%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) x->geniv ?: "", x->geniv ? "(" : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) x->aalg ? x->aalg->alg_name : "digest_null",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) x->ealg->alg_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) aead = crypto_alloc_aead(authenc_name, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) err = PTR_ERR(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) if (IS_ERR(aead))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) x->data = aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) key = kmalloc(keylen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) if (!key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) p = key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) rta = (void *)p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) rta->rta_len = RTA_LENGTH(sizeof(*param));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) param = RTA_DATA(rta);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) p += RTA_SPACE(sizeof(*param));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) if (x->aalg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) struct xfrm_algo_desc *aalg_desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) p += (x->aalg->alg_key_len + 7) / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) BUG_ON(!aalg_desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) if (aalg_desc->uinfo.auth.icv_fullbits / 8 !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) crypto_aead_authsize(aead)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) pr_info("ESP: %s digestsize %u != %hu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) x->aalg->alg_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) crypto_aead_authsize(aead),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) aalg_desc->uinfo.auth.icv_fullbits / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) goto free_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) err = crypto_aead_setauthsize(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) aead, x->aalg->alg_trunc_len / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) goto free_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) err = crypto_aead_setkey(aead, key, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) free_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) kfree(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) static int esp6_init_state(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) u32 align;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) x->data = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) if (x->aead)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) err = esp_init_aead(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) err = esp_init_authenc(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) aead = x->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) x->props.header_len = sizeof(struct ip_esp_hdr) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) switch (x->props.mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) case XFRM_MODE_BEET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) if (x->sel.family != AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) x->props.header_len += IPV4_BEET_PHMAXLEN +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) case XFRM_MODE_TRANSPORT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) case XFRM_MODE_TUNNEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) x->props.header_len += sizeof(struct ipv6hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) if (x->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) struct xfrm_encap_tmpl *encap = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) switch (encap->encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) case UDP_ENCAP_ESPINUDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) x->props.header_len += sizeof(struct udphdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) case UDP_ENCAP_ESPINUDP_NON_IKE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) #ifdef CONFIG_INET6_ESPINTCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) case TCP_ENCAP_ESPINTCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) /* only the length field, TCP encap is done by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) * the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) x->props.header_len += 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) align = ALIGN(crypto_aead_blocksize(aead), 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) static int esp6_rcv_cb(struct sk_buff *skb, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) static const struct xfrm_type esp6_type = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) .description = "ESP6",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) .owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) .proto = IPPROTO_ESP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) .flags = XFRM_TYPE_REPLAY_PROT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) .init_state = esp6_init_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) .destructor = esp6_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) .input = esp6_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) .output = esp6_output,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) .hdr_offset = xfrm6_find_1stfragopt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) static struct xfrm6_protocol esp6_protocol = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) .handler = xfrm6_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) .input_handler = xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) .cb_handler = esp6_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) .err_handler = esp6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) .priority = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) static int __init esp6_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) if (xfrm_register_type(&esp6_type, AF_INET6) < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) pr_info("%s: can't add xfrm type\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) if (xfrm6_protocol_register(&esp6_protocol, IPPROTO_ESP) < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) pr_info("%s: can't add protocol\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) xfrm_unregister_type(&esp6_type, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) static void __exit esp6_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) if (xfrm6_protocol_deregister(&esp6_protocol, IPPROTO_ESP) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) pr_info("%s: can't remove protocol\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) xfrm_unregister_type(&esp6_type, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) module_init(esp6_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) module_exit(esp6_fini);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_ESP);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags