ia64/xen-unstable

view tools/vnet/vnet-module/sa_algorithm.c @ 6946:e703abaf6e3d

Add behaviour to the remove methods to remove the transaction's path itself. This allows us to write Remove(path) to remove the specified path rather than having to slice the path ourselves.
author emellor@ewan
date Sun Sep 18 14:42:13 2005 +0100 (2005-09-18)
parents 0a4b76b6b5a0
children
line source
1 /*
2 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
3 * Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free software Foundation, Inc.,
17 * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
18 *
19 */
20 #include <linux/config.h>
21 #include <linux/kernel.h>
22 #include <linux/string.h>
23 #include <linux/crypto.h>
24 #include <linux/sched.h>
25 //#include <asm/softirq.h>
27 #include <sa_algorithm.h>
29 #define MODULE_NAME "IPSEC"
30 #define DEBUG 1
31 #undef DEBUG
32 #include "debug.h"
34 /** @file Tables of supported IPSEC algorithms.
35 * Has tables for digests, ciphers and compression algorithms.
36 */
38 /*
39 * Algorithms supported by IPsec. These entries contain properties which
40 * are used in key negotiation and sa processing, and are used to verify
41 * that instantiated crypto transforms have correct parameters for IPsec
42 * purposes.
43 */
45 /** Digests. */
46 static SAAlgorithm digest_alg[] = {
47 {
48 .name = "digest_null",
49 .info = {
50 .digest = {
51 .icv_truncbits = 0,
52 .icv_fullbits = 0,
53 }
54 },
55 .alg = {
56 .sadb_alg_id = SADB_X_AALG_NULL,
57 .sadb_alg_ivlen = 0,
58 .sadb_alg_minbits = 0,
59 .sadb_alg_maxbits = 0
60 }
61 },
62 {
63 .name = "md5",
64 .info = { .digest = {
65 .icv_truncbits = 96,
66 .icv_fullbits = 128,
67 } },
68 .alg = {
69 .sadb_alg_id = SADB_AALG_MD5HMAC,
70 .sadb_alg_ivlen = 0,
71 .sadb_alg_minbits = 128,
72 .sadb_alg_maxbits = 128
73 }
74 },
75 {
76 .name = "sha1",
77 .info = {
78 .digest = {
79 .icv_truncbits = 96,
80 .icv_fullbits = 160,
81 }
82 },
83 .alg = {
84 .sadb_alg_id = SADB_AALG_SHA1HMAC,
85 .sadb_alg_ivlen = 0,
86 .sadb_alg_minbits = 160,
87 .sadb_alg_maxbits = 160
88 }
89 },
90 {
91 .name = "sha256",
92 .info = {
93 .digest = {
94 .icv_truncbits = 128,
95 .icv_fullbits = 256,
96 }
97 },
98 .alg = {
99 .sadb_alg_id = SADB_X_AALG_SHA2_256HMAC,
100 .sadb_alg_ivlen = 0,
101 .sadb_alg_minbits = 256,
102 .sadb_alg_maxbits = 256
103 }
104 },
105 /* { */
106 /* .name = "ripemd160", */
107 /* .info = { */
108 /* .digest = { */
109 /* .icv_truncbits = 96, */
110 /* .icv_fullbits = 160, */
111 /* } */
112 /* }, */
113 /* .alg = { */
114 /* .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, */
115 /* .sadb_alg_ivlen = 0, */
116 /* .sadb_alg_minbits = 160, */
117 /* .sadb_alg_maxbits = 160 */
118 /* } */
119 /* }, */
120 { /* Terminator */ }
121 };
123 /** Ciphers. */
124 static SAAlgorithm cipher_alg[] = {
125 {
126 .name = "cipher_null",
127 .info = {
128 .cipher = {
129 .blockbits = 8,
130 .defkeybits = 0,
131 }
132 },
133 .alg = {
134 .sadb_alg_id = SADB_EALG_NULL,
135 .sadb_alg_ivlen = 0,
136 .sadb_alg_minbits = 0,
137 .sadb_alg_maxbits = 0
138 }
139 },
140 {
141 .name = "des",
142 .info = {
143 .cipher = {
144 .blockbits = 64,
145 .defkeybits = 64,
146 }
147 },
148 .alg = {
149 .sadb_alg_id = SADB_EALG_DESCBC,
150 .sadb_alg_ivlen = 8,
151 .sadb_alg_minbits = 64,
152 .sadb_alg_maxbits = 64
153 }
154 },
155 {
156 .name = "des3_ede",
157 .info = {
158 .cipher = {
159 .blockbits = 64,
160 .defkeybits = 192,
161 }
162 },
163 .alg = {
164 .sadb_alg_id = SADB_EALG_3DESCBC,
165 .sadb_alg_ivlen = 8,
166 .sadb_alg_minbits = 192,
167 .sadb_alg_maxbits = 192
168 }
169 },
170 /* { */
171 /* .name = "cast128", */ //cast5?
172 /* .info = { */
173 /* .cipher = { */
174 /* .blockbits = 64, */
175 /* .defkeybits = 128, */
176 /* } */
177 /* }, */
178 /* .alg = { */
179 /* .sadb_alg_id = SADB_X_EALG_CASTCBC, */
180 /* .sadb_alg_ivlen = 8, */
181 /* .sadb_alg_minbits = 40, */
182 /* .sadb_alg_maxbits = 128 */
183 /* } */
184 /* }, */
185 {
186 .name = "blowfish",
187 .info = {
188 .cipher = {
189 .blockbits = 64,
190 .defkeybits = 128,
191 }
192 },
193 .alg = {
194 .sadb_alg_id = SADB_X_EALG_BLOWFISHCBC,
195 .sadb_alg_ivlen = 8,
196 .sadb_alg_minbits = 40,
197 .sadb_alg_maxbits = 448
198 }
199 },
200 {
201 .name = "aes",
202 .info = {
203 .cipher = {
204 .blockbits = 128,
205 .defkeybits = 128,
206 }
207 },
208 .alg = {
209 .sadb_alg_id = SADB_X_EALG_AESCBC,
210 .sadb_alg_ivlen = 8,
211 .sadb_alg_minbits = 128,
212 .sadb_alg_maxbits = 256
213 }
214 },
215 { /* Terminator */ }
216 };
218 /** Compressors. */
219 static SAAlgorithm compress_alg[] = {
220 {
221 .name = "deflate",
222 .info = {
223 .compress = {
224 .threshold = 90,
225 }
226 },
227 .alg = { .sadb_alg_id = SADB_X_CALG_DEFLATE }
228 },
229 /* { */
230 /* .name = "lzs", */
231 /* .info = { */
232 /* .compress = { */
233 /* .threshold = 90, */
234 /* } */
235 /* }, */
236 /* .alg = { .sadb_alg_id = SADB_X_CALG_LZS } */
237 /* }, */
238 /* { */
239 /* .name = "lzjh", */
240 /* .info = { */
241 /* .compress = { */
242 /* .threshold = 50, */
243 /* } */
244 /* }, */
245 /* .alg = { .sadb_alg_id = SADB_X_CALG_LZJH } */
246 /* }, */
247 { /* Terminator */ }
248 };
250 static SAAlgorithm *sa_algorithm_by_id(SAAlgorithm *algo, int alg_id) {
251 for( ; algo && algo->name; algo++){
252 if (algo->alg.sadb_alg_id == alg_id) {
253 return (algo->available ? algo : NULL);
254 }
255 }
256 return NULL;
257 }
260 static SAAlgorithm *sa_algorithm_by_name(SAAlgorithm *algo, char *name) {
261 if (!name) return NULL;
262 for( ; algo && algo->name; algo++){
263 if (strcmp(name, algo->name) == 0) {
264 return (algo->available ? algo : NULL);
265 }
266 }
267 return NULL;
268 }
270 SAAlgorithm *sa_digest_by_id(int alg_id) {
271 return sa_algorithm_by_id(digest_alg, alg_id);
272 }
274 SAAlgorithm *sa_cipher_by_id(int alg_id) {
275 return sa_algorithm_by_id(cipher_alg, alg_id);
276 }
278 SAAlgorithm *sa_compress_by_id(int alg_id) {
279 return sa_algorithm_by_id(compress_alg, alg_id);
280 }
282 SAAlgorithm *sa_digest_by_name(char *name) {
283 return sa_algorithm_by_name(digest_alg, name);
284 }
286 SAAlgorithm *sa_cipher_by_name(char *name) {
287 return sa_algorithm_by_name(cipher_alg, name);
288 }
290 SAAlgorithm *sa_compress_by_name(char *name) {
291 return sa_algorithm_by_name(compress_alg, name);
292 }
294 SAAlgorithm *sa_digest_by_index(unsigned int idx) {
295 return digest_alg + idx;
296 }
298 SAAlgorithm *sa_cipher_by_index(unsigned int idx) {
299 return cipher_alg + idx;
300 }
302 SAAlgorithm *sa_compress_by_index(unsigned int idx) {
303 return compress_alg + idx;
304 }
306 static void sa_algorithm_probe(SAAlgorithm *algo){
307 int status;
308 dprintf("> algo=%p\n", algo);
309 for( ; algo && algo->name; algo++){
310 dprintf("> algorithm %s...\n", algo->name);
311 status = crypto_alg_available(algo->name, 0);
312 dprintf("> algorithm %s status=%d\n",algo->name, status);
313 if (algo->available != status){
314 algo->available = status;
315 }
316 }
317 dprintf("<\n");
318 }
320 /** Crypto api is broken. When an unregistered algorithm is requested it
321 * tries to load a module of the same name. But not all algorithms are
322 * defined by modules of the same name.
323 */
324 static char *crypto_modules[] = {
325 "aes",
326 //"arc4",
327 "blowfish",
328 //"cast5",
329 //"cast6",
330 "crypto_null",
331 "des",
332 //"md4",
333 "md5",
334 //"serpent",
335 "sha1",
336 "sha256",
337 //"sha512",
338 //"twofish",
339 NULL
340 };
342 #include <linux/kmod.h>
344 static void sa_module_probe(char **modules){
345 char **p;
346 dprintf(">\n");
347 for(p = modules; *p; p++){
348 dprintf("> %s\n", *p);
349 request_module(*p);
350 }
351 dprintf("<\n");
352 }
354 /**
355 * Probe for the availability of crypto algorithms, and set the available
356 * flag for any algorithms found on the system. This is typically called by
357 * pfkey during userspace SA add, update or register.
358 */
359 void sa_algorithm_probe_all(void){
360 dprintf("> \n");
361 //BUG_ON(in_softirq());
362 sa_module_probe(crypto_modules);
363 sa_algorithm_probe(digest_alg);
364 sa_algorithm_probe(cipher_alg);
365 sa_algorithm_probe(compress_alg);
366 dprintf("<\n");
367 }