ia64/xen-unstable

view tools/vnet/vnet-module/sa_algorithm.c @ 8740:3d7ea7972b39

Update patches for linux 2.6.15.

Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Thu Feb 02 17:16:00 2006 +0000 (2006-02-02)
parents 0a4b76b6b5a0
children
line source
1 /*
2 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
3 * Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free software Foundation, Inc.,
17 * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
18 *
19 */
20 #include <linux/config.h>
21 #include <linux/kernel.h>
22 #include <linux/string.h>
23 #include <linux/crypto.h>
24 #include <linux/sched.h>
25 //#include <asm/softirq.h>
27 #include <sa_algorithm.h>
29 #define MODULE_NAME "IPSEC"
30 #define DEBUG 1
31 #undef DEBUG
32 #include "debug.h"
34 /** @file Tables of supported IPSEC algorithms.
35 * Has tables for digests, ciphers and compression algorithms.
36 */
38 /*
39 * Algorithms supported by IPsec. These entries contain properties which
40 * are used in key negotiation and sa processing, and are used to verify
41 * that instantiated crypto transforms have correct parameters for IPsec
42 * purposes.
43 */
45 /** Digests. */
46 static SAAlgorithm digest_alg[] = {
47 {
48 .name = "digest_null",
49 .info = {
50 .digest = {
51 .icv_truncbits = 0,
52 .icv_fullbits = 0,
53 }
54 },
55 .alg = {
56 .sadb_alg_id = SADB_X_AALG_NULL,
57 .sadb_alg_ivlen = 0,
58 .sadb_alg_minbits = 0,
59 .sadb_alg_maxbits = 0
60 }
61 },
62 {
63 .name = "md5",
64 .info = { .digest = {
65 .icv_truncbits = 96,
66 .icv_fullbits = 128,
67 } },
68 .alg = {
69 .sadb_alg_id = SADB_AALG_MD5HMAC,
70 .sadb_alg_ivlen = 0,
71 .sadb_alg_minbits = 128,
72 .sadb_alg_maxbits = 128
73 }
74 },
75 {
76 .name = "sha1",
77 .info = {
78 .digest = {
79 .icv_truncbits = 96,
80 .icv_fullbits = 160,
81 }
82 },
83 .alg = {
84 .sadb_alg_id = SADB_AALG_SHA1HMAC,
85 .sadb_alg_ivlen = 0,
86 .sadb_alg_minbits = 160,
87 .sadb_alg_maxbits = 160
88 }
89 },
90 {
91 .name = "sha256",
92 .info = {
93 .digest = {
94 .icv_truncbits = 128,
95 .icv_fullbits = 256,
96 }
97 },
98 .alg = {
99 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
100 .sadb_alg_ivlen = 0,
101 .sadb_alg_minbits = 256,
102 .sadb_alg_maxbits = 256
103 }
104 },
105 /* { */
106 /* .name = "ripemd160", */
107 /* .info = { */
108 /* .digest = { */
109 /* .icv_truncbits = 96, */
110 /* .icv_fullbits = 160, */
111 /* } */
112 /* }, */
113 /* .alg = { */
114 /* .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, */
115 /* .sadb_alg_ivlen = 0, */
116 /* .sadb_alg_minbits = 160, */
117 /* .sadb_alg_maxbits = 160 */
118 /* } */
119 /* }, */
120 { /* Terminator */ }
121 };
123 /** Ciphers. */
124 static SAAlgorithm cipher_alg[] = {
125 {
126 .name = "cipher_null",
127 .info = {
128 .cipher = {
129 .blockbits = 8,
130 .defkeybits = 0,
131 }
132 },
133 .alg = {
134 .sadb_alg_id = SADB_EALG_NULL,
135 .sadb_alg_ivlen = 0,
136 .sadb_alg_minbits = 0,
137 .sadb_alg_maxbits = 0
138 }
139 },
140 {
141 .name = "des",
142 .info = {
143 .cipher = {
144 .blockbits = 64,
145 .defkeybits = 64,
146 }
147 },
148 .alg = {
149 .sadb_alg_id = SADB_EALG_DESCBC,
150 .sadb_alg_ivlen = 8,
151 .sadb_alg_minbits = 64,
152 .sadb_alg_maxbits = 64
153 }
154 },
155 {
156 .name = "des3_ede",
157 .info = {
158 .cipher = {
159 .blockbits = 64,
160 .defkeybits = 192,
161 }
162 },
163 .alg = {
164 .sadb_alg_id = SADB_EALG_3DESCBC,
165 .sadb_alg_ivlen = 8,
166 .sadb_alg_minbits = 192,
167 .sadb_alg_maxbits = 192
168 }
169 },
170 /* { */
171 /* .name = "cast128", */ //cast5?
172 /* .info = { */
173 /* .cipher = { */
174 /* .blockbits = 64, */
175 /* .defkeybits = 128, */
176 /* } */
177 /* }, */
178 /* .alg = { */
179 /* .sadb_alg_id = SADB_X_EALG_CASTCBC, */
180 /* .sadb_alg_ivlen = 8, */
181 /* .sadb_alg_minbits = 40, */
182 /* .sadb_alg_maxbits = 128 */
183 /* } */
184 /* }, */
185 {
186 .name = "blowfish",
187 .info = {
188 .cipher = {
189 .blockbits = 64,
190 .defkeybits = 128,
191 }
192 },
193 .alg = {
194 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
195 .sadb_alg_ivlen = 8,
196 .sadb_alg_minbits = 40,
197 .sadb_alg_maxbits = 448
198 }
199 },
200 {
201 .name = "aes",
202 .info = {
203 .cipher = {
204 .blockbits = 128,
205 .defkeybits = 128,
206 }
207 },
208 .alg = {
209 .sadb_alg_id = SADB_X_EALG_AESCBC,
210 .sadb_alg_ivlen = 8,
211 .sadb_alg_minbits = 128,
212 .sadb_alg_maxbits = 256
213 }
214 },
215 { /* Terminator */ }
216 };
218 /** Compressors. */
219 static SAAlgorithm compress_alg[] = {
220 {
221 .name = "deflate",
222 .info = {
223 .compress = {
224 .threshold = 90,
225 }
226 },
227 .alg = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
228 },
229 /* { */
230 /* .name = "lzs", */
231 /* .info = { */
232 /* .compress = { */
233 /* .threshold = 90, */
234 /* } */
235 /* }, */
236 /* .alg = { .sadb_alg_id = SADB_X_CALG_LZS } */
237 /* }, */
238 /* { */
239 /* .name = "lzjh", */
240 /* .info = { */
241 /* .compress = { */
242 /* .threshold = 50, */
243 /* } */
244 /* }, */
245 /* .alg = { .sadb_alg_id = SADB_X_CALG_LZJH } */
246 /* }, */
247 { /* Terminator */ }
248 };
250 static SAAlgorithm *sa_algorithm_by_id(SAAlgorithm *algo, int alg_id) {
251 for( ; algo && algo->name; algo++){
252 if (algo->alg.sadb_alg_id == alg_id) {
253 return (algo->available ? algo : NULL);
254 }
255 }
256 return NULL;
257 }
260 static SAAlgorithm *sa_algorithm_by_name(SAAlgorithm *algo, char *name) {
261 if (!name) return NULL;
262 for( ; algo && algo->name; algo++){
263 if (strcmp(name, algo->name) == 0) {
264 return (algo->available ? algo : NULL);
265 }
266 }
267 return NULL;
268 }
270 SAAlgorithm *sa_digest_by_id(int alg_id) {
271 return sa_algorithm_by_id(digest_alg, alg_id);
272 }
274 SAAlgorithm *sa_cipher_by_id(int alg_id) {
275 return sa_algorithm_by_id(cipher_alg, alg_id);
276 }
278 SAAlgorithm *sa_compress_by_id(int alg_id) {
279 return sa_algorithm_by_id(compress_alg, alg_id);
280 }
282 SAAlgorithm *sa_digest_by_name(char *name) {
283 return sa_algorithm_by_name(digest_alg, name);
284 }
286 SAAlgorithm *sa_cipher_by_name(char *name) {
287 return sa_algorithm_by_name(cipher_alg, name);
288 }
290 SAAlgorithm *sa_compress_by_name(char *name) {
291 return sa_algorithm_by_name(compress_alg, name);
292 }
294 SAAlgorithm *sa_digest_by_index(unsigned int idx) {
295 return digest_alg + idx;
296 }
298 SAAlgorithm *sa_cipher_by_index(unsigned int idx) {
299 return cipher_alg + idx;
300 }
302 SAAlgorithm *sa_compress_by_index(unsigned int idx) {
303 return compress_alg + idx;
304 }
306 static void sa_algorithm_probe(SAAlgorithm *algo){
307 int status;
308 dprintf("> algo=%p\n", algo);
309 for( ; algo && algo->name; algo++){
310 dprintf("> algorithm %s...\n", algo->name);
311 status = crypto_alg_available(algo->name, 0);
312 dprintf("> algorithm %s status=%d\n",algo->name, status);
313 if (algo->available != status){
314 algo->available = status;
315 }
316 }
317 dprintf("<\n");
318 }
320 /** Crypto api is broken. When an unregistered algorithm is requested it
321 * tries to load a module of the same name. But not all algorithms are
322 * defined by modules of the same name.
323 */
324 static char *crypto_modules[] = {
325 "aes",
326 //"arc4",
327 "blowfish",
328 //"cast5",
329 //"cast6",
330 "crypto_null",
331 "des",
332 //"md4",
333 "md5",
334 //"serpent",
335 "sha1",
336 "sha256",
337 //"sha512",
338 //"twofish",
339 NULL
340 };
342 #include <linux/kmod.h>
344 static void sa_module_probe(char **modules){
345 char **p;
346 dprintf(">\n");
347 for(p = modules; *p; p++){
348 dprintf("> %s\n", *p);
349 request_module(*p);
350 }
351 dprintf("<\n");
352 }
354 /**
355 * Probe for the availability of crypto algorithms, and set the available
356 * flag for any algorithms found on the system. This is typically called by
357 * pfkey during userspace SA add, update or register.
358 */
359 void sa_algorithm_probe_all(void){
360 dprintf("> \n");
361 //BUG_ON(in_softirq());
362 sa_module_probe(crypto_modules);
363 sa_algorithm_probe(digest_alg);
364 sa_algorithm_probe(cipher_alg);
365 sa_algorithm_probe(compress_alg);
366 dprintf("<\n");
367 }