// SPDX-License-Identifier: GPL-2.0-or-later /* * xfrm algorithm interface * * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> #include <crypto/acompress.h>#include <crypto/aead.h>#include <crypto/hash.h>#include <crypto/skcipher.h>#include <linux/module.h>#include <linux/kernel.h>#include <linux/pfkeyv2.h>#include <linux/scatterlist.h>#include <net/xfrm.h>#if IS_ENABLED(CONFIG_INET_ESP) || IS_ENABLED(CONFIG_INET6_ESP)#include <net/esp.h>#endif /* * Algorithms supported by IPsec. These entries contain properties which * are used in key negotiation and xfrm processing, and are used to verify * that instantiated crypto transforms have correct parameters for IPsec * purposes. static struct xfrm_algo_desc aead_list[] = {"rfc4106(gcm(aes))" ,"seqiv" ,"rfc4106(gcm(aes))" ,"seqiv" ,"rfc4106(gcm(aes))" ,"seqiv" ,"rfc4309(ccm(aes))" ,"seqiv" ,"rfc4309(ccm(aes))" ,"seqiv" ,"rfc4309(ccm(aes))" ,"seqiv" ,"rfc4543(gcm(aes))" ,"seqiv" ,"rfc7539esp(chacha20,poly1305)" ,"seqiv" ,static struct xfrm_algo_desc aalg_list[] = {"digest_null" ,"hmac(md5)" ,"md5" ,"hmac(sha1)" ,"sha1" ,"hmac(sha256)" ,"sha256" ,"hmac(sha384)" ,"hmac(sha512)" ,"hmac(rmd160)" ,"rmd160" ,"xcbc(aes)" ,/* rfc4494 */ "cmac(aes)" ,"hmac(sm3)" ,"sm3" ,static struct xfrm_algo_desc ealg_list[] = {"ecb(cipher_null)" ,"cipher_null" ,"cbc(des)" ,"des" ,"echainiv" ,"cbc(des3_ede)" ,"des3_ede" ,"echainiv" ,"cbc(cast5)" ,"cast5" ,"echainiv" ,"cbc(blowfish)" ,"blowfish" ,"echainiv" ,"cbc(aes)" ,"aes" ,"echainiv" ,"cbc(serpent)" ,"serpent" ,"echainiv" ,"cbc(camellia)" ,"camellia" ,"echainiv" ,"cbc(twofish)" ,"twofish" ,"echainiv" ,"rfc3686(ctr(aes))" ,"seqiv" ,/* 128-bit key + 32-bit nonce */ "cbc(sm4)" ,"sm4" ,"echainiv" ,static struct xfrm_algo_desc calg_list[] = {"deflate" ,"lzs" ,"lzjh" ,static inline int aalg_entries(void )return ARRAY_SIZE(aalg_list);static inline int ealg_entries(void )return ARRAY_SIZE(ealg_list);static inline int calg_entries(void )return ARRAY_SIZE(calg_list);struct xfrm_algo_list {int (*find)(const char *name, u32 type, u32 mask);struct xfrm_algo_desc *algs;int entries;static const struct xfrm_algo_list xfrm_aead_list = {static const struct xfrm_algo_list xfrm_aalg_list = {static const struct xfrm_algo_list xfrm_ealg_list = {static const struct xfrm_algo_list xfrm_calg_list = {static struct xfrm_algo_desc *xfrm_find_algo(const struct xfrm_algo_list *algo_list,int match(const struct xfrm_algo_desc *entry, const void *data),const void *data, int probe)struct xfrm_algo_desc *list = algo_list->algs;int i, status;for (i = 0; i < algo_list->entries; i++) {if (!match(list + i, data))continue ;if (list[i].available)return &list[i];if (!probe)break ;if (!status)break ;return &list[i];return NULL;static int xfrm_alg_id_match(const struct xfrm_algo_desc *entry,const void *data)return entry->desc.sadb_alg_id == (unsigned long )data;struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id)return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_id_match,void *)(unsigned long )alg_id, 1);struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id)return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_id_match,void *)(unsigned long )alg_id, 1);struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id)return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_id_match,void *)(unsigned long )alg_id, 1);static int xfrm_alg_name_match(const struct xfrm_algo_desc *entry,const void *data)const char *name = data;return name && (!strcmp(name, entry->name) ||struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe)return xfrm_find_algo(&xfrm_aalg_list, xfrm_alg_name_match, name,struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe)return xfrm_find_algo(&xfrm_ealg_list, xfrm_alg_name_match, name,struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe)return xfrm_find_algo(&xfrm_calg_list, xfrm_alg_name_match, name,struct xfrm_aead_name {const char *name;int icvbits;static int xfrm_aead_name_match(const struct xfrm_algo_desc *entry,const void *data)const struct xfrm_aead_name *aead = data;const char *name = aead->name;return aead->icvbits == entry->uinfo.aead.icv_truncbits && name &&struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe)struct xfrm_aead_name data = {return xfrm_find_algo(&xfrm_aead_list, xfrm_aead_name_match, &data,struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)if (idx >= aalg_entries())return NULL;return &aalg_list[idx];struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)if (idx >= ealg_entries())return NULL;return &ealg_list[idx];/* * Probe for the availability of crypto algorithms, and set the available * flag for any algorithms found on the system. This is typically called by * pfkey during userspace SA add, update or register. void xfrm_probe_algs(void )int i, status;for (i = 0; i < aalg_entries(); i++) {if (aalg_list[i].available != status)for (i = 0; i < ealg_entries(); i++) {if (ealg_list[i].available != status)for (i = 0; i < calg_entries(); i++) {if (calg_list[i].available != status)int xfrm_count_pfkey_auth_supported(void )int i, n;for (i = 0, n = 0; i < aalg_entries(); i++)if (aalg_list[i].available && aalg_list[i].pfkey_supported)return n;int xfrm_count_pfkey_enc_supported(void )int i, n;for (i = 0, n = 0; i < ealg_entries(); i++)if (ealg_list[i].available && ealg_list[i].pfkey_supported)return n;"XFRM Algorithm interface" );"GPL" );
Messung V0.5 C=100 H=94 G=96
¤ Dauer der Verarbeitung: 0.13 Sekunden
(vorverarbeitet)
¤ *© Formatika GbR, Deutschland
