162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (C)2002 USAGI/WIDE Project 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Authors 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * Mitsuru KANDA @USAGI : IPv6 Support 862306a36Sopenharmony_ci * Kazunori MIYAZAWA @USAGI : 962306a36Sopenharmony_ci * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 1062306a36Sopenharmony_ci * 1162306a36Sopenharmony_ci * This file is derived from net/ipv4/ah.c. 1262306a36Sopenharmony_ci */ 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ci#define pr_fmt(fmt) "IPv6: " fmt 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include <crypto/algapi.h> 1762306a36Sopenharmony_ci#include <crypto/hash.h> 1862306a36Sopenharmony_ci#include <linux/module.h> 1962306a36Sopenharmony_ci#include <linux/slab.h> 2062306a36Sopenharmony_ci#include <net/ip.h> 2162306a36Sopenharmony_ci#include <net/ah.h> 2262306a36Sopenharmony_ci#include <linux/crypto.h> 2362306a36Sopenharmony_ci#include <linux/pfkeyv2.h> 2462306a36Sopenharmony_ci#include <linux/string.h> 2562306a36Sopenharmony_ci#include <linux/scatterlist.h> 2662306a36Sopenharmony_ci#include <net/ip6_route.h> 2762306a36Sopenharmony_ci#include <net/icmp.h> 2862306a36Sopenharmony_ci#include <net/ipv6.h> 2962306a36Sopenharmony_ci#include <net/protocol.h> 3062306a36Sopenharmony_ci#include <net/xfrm.h> 3162306a36Sopenharmony_ci 3262306a36Sopenharmony_ci#define IPV6HDR_BASELEN 8 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_cistruct tmp_ext { 3562306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6_MIP6) 3662306a36Sopenharmony_ci struct in6_addr saddr; 3762306a36Sopenharmony_ci#endif 3862306a36Sopenharmony_ci struct in6_addr daddr; 3962306a36Sopenharmony_ci char hdrs[]; 4062306a36Sopenharmony_ci}; 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_cistruct ah_skb_cb { 4362306a36Sopenharmony_ci struct xfrm_skb_cb xfrm; 4462306a36Sopenharmony_ci void *tmp; 4562306a36Sopenharmony_ci}; 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ci#define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_cistatic void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, 5062306a36Sopenharmony_ci unsigned int size) 5162306a36Sopenharmony_ci{ 5262306a36Sopenharmony_ci unsigned int len; 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci len = size + crypto_ahash_digestsize(ahash) + 5562306a36Sopenharmony_ci (crypto_ahash_alignmask(ahash) & 5662306a36Sopenharmony_ci ~(crypto_tfm_ctx_alignment() - 1)); 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci len = ALIGN(len, crypto_tfm_ctx_alignment()); 5962306a36Sopenharmony_ci 6062306a36Sopenharmony_ci len += sizeof(struct ahash_request) + crypto_ahash_reqsize(ahash); 6162306a36Sopenharmony_ci len = ALIGN(len, __alignof__(struct scatterlist)); 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ci len += sizeof(struct scatterlist) * nfrags; 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci return kmalloc(len, GFP_ATOMIC); 6662306a36Sopenharmony_ci} 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_cistatic inline struct tmp_ext *ah_tmp_ext(void *base) 6962306a36Sopenharmony_ci{ 7062306a36Sopenharmony_ci return base + IPV6HDR_BASELEN; 7162306a36Sopenharmony_ci} 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_cistatic inline u8 *ah_tmp_auth(u8 *tmp, unsigned int offset) 7462306a36Sopenharmony_ci{ 7562306a36Sopenharmony_ci return tmp + offset; 7662306a36Sopenharmony_ci} 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_cistatic inline u8 *ah_tmp_icv(struct crypto_ahash *ahash, void *tmp, 7962306a36Sopenharmony_ci unsigned int offset) 8062306a36Sopenharmony_ci{ 8162306a36Sopenharmony_ci return PTR_ALIGN((u8 *)tmp + offset, crypto_ahash_alignmask(ahash) + 1); 8262306a36Sopenharmony_ci} 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_cistatic inline struct ahash_request *ah_tmp_req(struct crypto_ahash *ahash, 8562306a36Sopenharmony_ci u8 *icv) 8662306a36Sopenharmony_ci{ 8762306a36Sopenharmony_ci struct ahash_request *req; 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci req = (void *)PTR_ALIGN(icv + crypto_ahash_digestsize(ahash), 9062306a36Sopenharmony_ci crypto_tfm_ctx_alignment()); 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci ahash_request_set_tfm(req, ahash); 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_ci return req; 9562306a36Sopenharmony_ci} 9662306a36Sopenharmony_ci 9762306a36Sopenharmony_cistatic inline struct scatterlist *ah_req_sg(struct crypto_ahash *ahash, 9862306a36Sopenharmony_ci struct ahash_request *req) 9962306a36Sopenharmony_ci{ 10062306a36Sopenharmony_ci return (void *)ALIGN((unsigned long)(req + 1) + 10162306a36Sopenharmony_ci crypto_ahash_reqsize(ahash), 10262306a36Sopenharmony_ci __alignof__(struct scatterlist)); 10362306a36Sopenharmony_ci} 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_cistatic bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr) 10662306a36Sopenharmony_ci{ 10762306a36Sopenharmony_ci u8 *opt = (u8 *)opthdr; 10862306a36Sopenharmony_ci int len = ipv6_optlen(opthdr); 10962306a36Sopenharmony_ci int off = 0; 11062306a36Sopenharmony_ci int optlen = 0; 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci off += 2; 11362306a36Sopenharmony_ci len -= 2; 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci while (len > 0) { 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ci switch (opt[off]) { 11862306a36Sopenharmony_ci 11962306a36Sopenharmony_ci case IPV6_TLV_PAD1: 12062306a36Sopenharmony_ci optlen = 1; 12162306a36Sopenharmony_ci break; 12262306a36Sopenharmony_ci default: 12362306a36Sopenharmony_ci if (len < 2) 12462306a36Sopenharmony_ci goto bad; 12562306a36Sopenharmony_ci optlen = opt[off+1]+2; 12662306a36Sopenharmony_ci if (len < optlen) 12762306a36Sopenharmony_ci goto bad; 12862306a36Sopenharmony_ci if (opt[off] & 0x20) 12962306a36Sopenharmony_ci memset(&opt[off+2], 0, opt[off+1]); 13062306a36Sopenharmony_ci break; 13162306a36Sopenharmony_ci } 13262306a36Sopenharmony_ci 13362306a36Sopenharmony_ci off += optlen; 13462306a36Sopenharmony_ci len -= optlen; 13562306a36Sopenharmony_ci } 13662306a36Sopenharmony_ci if (len == 0) 13762306a36Sopenharmony_ci return true; 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_cibad: 14062306a36Sopenharmony_ci return false; 14162306a36Sopenharmony_ci} 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6_MIP6) 14462306a36Sopenharmony_ci/** 14562306a36Sopenharmony_ci * ipv6_rearrange_destopt - rearrange IPv6 destination options header 14662306a36Sopenharmony_ci * @iph: IPv6 header 14762306a36Sopenharmony_ci * @destopt: destionation options header 14862306a36Sopenharmony_ci */ 14962306a36Sopenharmony_cistatic void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *destopt) 15062306a36Sopenharmony_ci{ 15162306a36Sopenharmony_ci u8 *opt = (u8 *)destopt; 15262306a36Sopenharmony_ci int len = ipv6_optlen(destopt); 15362306a36Sopenharmony_ci int off = 0; 15462306a36Sopenharmony_ci int optlen = 0; 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci off += 2; 15762306a36Sopenharmony_ci len -= 2; 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_ci while (len > 0) { 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_ci switch (opt[off]) { 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci case IPV6_TLV_PAD1: 16462306a36Sopenharmony_ci optlen = 1; 16562306a36Sopenharmony_ci break; 16662306a36Sopenharmony_ci default: 16762306a36Sopenharmony_ci if (len < 2) 16862306a36Sopenharmony_ci goto bad; 16962306a36Sopenharmony_ci optlen = opt[off+1]+2; 17062306a36Sopenharmony_ci if (len < optlen) 17162306a36Sopenharmony_ci goto bad; 17262306a36Sopenharmony_ci 17362306a36Sopenharmony_ci /* Rearrange the source address in @iph and the 17462306a36Sopenharmony_ci * addresses in home address option for final source. 17562306a36Sopenharmony_ci * See 11.3.2 of RFC 3775 for details. 17662306a36Sopenharmony_ci */ 17762306a36Sopenharmony_ci if (opt[off] == IPV6_TLV_HAO) { 17862306a36Sopenharmony_ci struct ipv6_destopt_hao *hao; 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci hao = (struct ipv6_destopt_hao *)&opt[off]; 18162306a36Sopenharmony_ci if (hao->length != sizeof(hao->addr)) { 18262306a36Sopenharmony_ci net_warn_ratelimited("destopt hao: invalid header length: %u\n", 18362306a36Sopenharmony_ci hao->length); 18462306a36Sopenharmony_ci goto bad; 18562306a36Sopenharmony_ci } 18662306a36Sopenharmony_ci swap(hao->addr, iph->saddr); 18762306a36Sopenharmony_ci } 18862306a36Sopenharmony_ci break; 18962306a36Sopenharmony_ci } 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ci off += optlen; 19262306a36Sopenharmony_ci len -= optlen; 19362306a36Sopenharmony_ci } 19462306a36Sopenharmony_ci /* Note: ok if len == 0 */ 19562306a36Sopenharmony_cibad: 19662306a36Sopenharmony_ci return; 19762306a36Sopenharmony_ci} 19862306a36Sopenharmony_ci#else 19962306a36Sopenharmony_cistatic void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *destopt) {} 20062306a36Sopenharmony_ci#endif 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_ci/** 20362306a36Sopenharmony_ci * ipv6_rearrange_rthdr - rearrange IPv6 routing header 20462306a36Sopenharmony_ci * @iph: IPv6 header 20562306a36Sopenharmony_ci * @rthdr: routing header 20662306a36Sopenharmony_ci * 20762306a36Sopenharmony_ci * Rearrange the destination address in @iph and the addresses in @rthdr 20862306a36Sopenharmony_ci * so that they appear in the order they will at the final destination. 20962306a36Sopenharmony_ci * See Appendix A2 of RFC 2402 for details. 21062306a36Sopenharmony_ci */ 21162306a36Sopenharmony_cistatic void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr) 21262306a36Sopenharmony_ci{ 21362306a36Sopenharmony_ci int segments, segments_left; 21462306a36Sopenharmony_ci struct in6_addr *addrs; 21562306a36Sopenharmony_ci struct in6_addr final_addr; 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_ci segments_left = rthdr->segments_left; 21862306a36Sopenharmony_ci if (segments_left == 0) 21962306a36Sopenharmony_ci return; 22062306a36Sopenharmony_ci rthdr->segments_left = 0; 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci /* The value of rthdr->hdrlen has been verified either by the system 22362306a36Sopenharmony_ci * call if it is locally generated, or by ipv6_rthdr_rcv() for incoming 22462306a36Sopenharmony_ci * packets. So we can assume that it is even and that segments is 22562306a36Sopenharmony_ci * greater than or equal to segments_left. 22662306a36Sopenharmony_ci * 22762306a36Sopenharmony_ci * For the same reason we can assume that this option is of type 0. 22862306a36Sopenharmony_ci */ 22962306a36Sopenharmony_ci segments = rthdr->hdrlen >> 1; 23062306a36Sopenharmony_ci 23162306a36Sopenharmony_ci addrs = ((struct rt0_hdr *)rthdr)->addr; 23262306a36Sopenharmony_ci final_addr = addrs[segments - 1]; 23362306a36Sopenharmony_ci 23462306a36Sopenharmony_ci addrs += segments - segments_left; 23562306a36Sopenharmony_ci memmove(addrs + 1, addrs, (segments_left - 1) * sizeof(*addrs)); 23662306a36Sopenharmony_ci 23762306a36Sopenharmony_ci addrs[0] = iph->daddr; 23862306a36Sopenharmony_ci iph->daddr = final_addr; 23962306a36Sopenharmony_ci} 24062306a36Sopenharmony_ci 24162306a36Sopenharmony_cistatic int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len, int dir) 24262306a36Sopenharmony_ci{ 24362306a36Sopenharmony_ci union { 24462306a36Sopenharmony_ci struct ipv6hdr *iph; 24562306a36Sopenharmony_ci struct ipv6_opt_hdr *opth; 24662306a36Sopenharmony_ci struct ipv6_rt_hdr *rth; 24762306a36Sopenharmony_ci char *raw; 24862306a36Sopenharmony_ci } exthdr = { .iph = iph }; 24962306a36Sopenharmony_ci char *end = exthdr.raw + len; 25062306a36Sopenharmony_ci int nexthdr = iph->nexthdr; 25162306a36Sopenharmony_ci 25262306a36Sopenharmony_ci exthdr.iph++; 25362306a36Sopenharmony_ci 25462306a36Sopenharmony_ci while (exthdr.raw < end) { 25562306a36Sopenharmony_ci switch (nexthdr) { 25662306a36Sopenharmony_ci case NEXTHDR_DEST: 25762306a36Sopenharmony_ci if (dir == XFRM_POLICY_OUT) 25862306a36Sopenharmony_ci ipv6_rearrange_destopt(iph, exthdr.opth); 25962306a36Sopenharmony_ci fallthrough; 26062306a36Sopenharmony_ci case NEXTHDR_HOP: 26162306a36Sopenharmony_ci if (!zero_out_mutable_opts(exthdr.opth)) { 26262306a36Sopenharmony_ci net_dbg_ratelimited("overrun %sopts\n", 26362306a36Sopenharmony_ci nexthdr == NEXTHDR_HOP ? 26462306a36Sopenharmony_ci "hop" : "dest"); 26562306a36Sopenharmony_ci return -EINVAL; 26662306a36Sopenharmony_ci } 26762306a36Sopenharmony_ci break; 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci case NEXTHDR_ROUTING: 27062306a36Sopenharmony_ci ipv6_rearrange_rthdr(iph, exthdr.rth); 27162306a36Sopenharmony_ci break; 27262306a36Sopenharmony_ci 27362306a36Sopenharmony_ci default: 27462306a36Sopenharmony_ci return 0; 27562306a36Sopenharmony_ci } 27662306a36Sopenharmony_ci 27762306a36Sopenharmony_ci nexthdr = exthdr.opth->nexthdr; 27862306a36Sopenharmony_ci exthdr.raw += ipv6_optlen(exthdr.opth); 27962306a36Sopenharmony_ci } 28062306a36Sopenharmony_ci 28162306a36Sopenharmony_ci return 0; 28262306a36Sopenharmony_ci} 28362306a36Sopenharmony_ci 28462306a36Sopenharmony_cistatic void ah6_output_done(void *data, int err) 28562306a36Sopenharmony_ci{ 28662306a36Sopenharmony_ci int extlen; 28762306a36Sopenharmony_ci u8 *iph_base; 28862306a36Sopenharmony_ci u8 *icv; 28962306a36Sopenharmony_ci struct sk_buff *skb = data; 29062306a36Sopenharmony_ci struct xfrm_state *x = skb_dst(skb)->xfrm; 29162306a36Sopenharmony_ci struct ah_data *ahp = x->data; 29262306a36Sopenharmony_ci struct ipv6hdr *top_iph = ipv6_hdr(skb); 29362306a36Sopenharmony_ci struct ip_auth_hdr *ah = ip_auth_hdr(skb); 29462306a36Sopenharmony_ci struct tmp_ext *iph_ext; 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci extlen = skb_network_header_len(skb) - sizeof(struct ipv6hdr); 29762306a36Sopenharmony_ci if (extlen) 29862306a36Sopenharmony_ci extlen += sizeof(*iph_ext); 29962306a36Sopenharmony_ci 30062306a36Sopenharmony_ci iph_base = AH_SKB_CB(skb)->tmp; 30162306a36Sopenharmony_ci iph_ext = ah_tmp_ext(iph_base); 30262306a36Sopenharmony_ci icv = ah_tmp_icv(ahp->ahash, iph_ext, extlen); 30362306a36Sopenharmony_ci 30462306a36Sopenharmony_ci memcpy(ah->auth_data, icv, ahp->icv_trunc_len); 30562306a36Sopenharmony_ci memcpy(top_iph, iph_base, IPV6HDR_BASELEN); 30662306a36Sopenharmony_ci 30762306a36Sopenharmony_ci if (extlen) { 30862306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6_MIP6) 30962306a36Sopenharmony_ci memcpy(&top_iph->saddr, iph_ext, extlen); 31062306a36Sopenharmony_ci#else 31162306a36Sopenharmony_ci memcpy(&top_iph->daddr, iph_ext, extlen); 31262306a36Sopenharmony_ci#endif 31362306a36Sopenharmony_ci } 31462306a36Sopenharmony_ci 31562306a36Sopenharmony_ci kfree(AH_SKB_CB(skb)->tmp); 31662306a36Sopenharmony_ci xfrm_output_resume(skb->sk, skb, err); 31762306a36Sopenharmony_ci} 31862306a36Sopenharmony_ci 31962306a36Sopenharmony_cistatic int ah6_output(struct xfrm_state *x, struct sk_buff *skb) 32062306a36Sopenharmony_ci{ 32162306a36Sopenharmony_ci int err; 32262306a36Sopenharmony_ci int nfrags; 32362306a36Sopenharmony_ci int extlen; 32462306a36Sopenharmony_ci u8 *iph_base; 32562306a36Sopenharmony_ci u8 *icv; 32662306a36Sopenharmony_ci u8 nexthdr; 32762306a36Sopenharmony_ci struct sk_buff *trailer; 32862306a36Sopenharmony_ci struct crypto_ahash *ahash; 32962306a36Sopenharmony_ci struct ahash_request *req; 33062306a36Sopenharmony_ci struct scatterlist *sg; 33162306a36Sopenharmony_ci struct ipv6hdr *top_iph; 33262306a36Sopenharmony_ci struct ip_auth_hdr *ah; 33362306a36Sopenharmony_ci struct ah_data *ahp; 33462306a36Sopenharmony_ci struct tmp_ext *iph_ext; 33562306a36Sopenharmony_ci int seqhi_len = 0; 33662306a36Sopenharmony_ci __be32 *seqhi; 33762306a36Sopenharmony_ci int sglists = 0; 33862306a36Sopenharmony_ci struct scatterlist *seqhisg; 33962306a36Sopenharmony_ci 34062306a36Sopenharmony_ci ahp = x->data; 34162306a36Sopenharmony_ci ahash = ahp->ahash; 34262306a36Sopenharmony_ci 34362306a36Sopenharmony_ci err = skb_cow_data(skb, 0, &trailer); 34462306a36Sopenharmony_ci if (err < 0) 34562306a36Sopenharmony_ci goto out; 34662306a36Sopenharmony_ci nfrags = err; 34762306a36Sopenharmony_ci 34862306a36Sopenharmony_ci skb_push(skb, -skb_network_offset(skb)); 34962306a36Sopenharmony_ci extlen = skb_network_header_len(skb) - sizeof(struct ipv6hdr); 35062306a36Sopenharmony_ci if (extlen) 35162306a36Sopenharmony_ci extlen += sizeof(*iph_ext); 35262306a36Sopenharmony_ci 35362306a36Sopenharmony_ci if (x->props.flags & XFRM_STATE_ESN) { 35462306a36Sopenharmony_ci sglists = 1; 35562306a36Sopenharmony_ci seqhi_len = sizeof(*seqhi); 35662306a36Sopenharmony_ci } 35762306a36Sopenharmony_ci err = -ENOMEM; 35862306a36Sopenharmony_ci iph_base = ah_alloc_tmp(ahash, nfrags + sglists, IPV6HDR_BASELEN + 35962306a36Sopenharmony_ci extlen + seqhi_len); 36062306a36Sopenharmony_ci if (!iph_base) 36162306a36Sopenharmony_ci goto out; 36262306a36Sopenharmony_ci 36362306a36Sopenharmony_ci iph_ext = ah_tmp_ext(iph_base); 36462306a36Sopenharmony_ci seqhi = (__be32 *)((char *)iph_ext + extlen); 36562306a36Sopenharmony_ci icv = ah_tmp_icv(ahash, seqhi, seqhi_len); 36662306a36Sopenharmony_ci req = ah_tmp_req(ahash, icv); 36762306a36Sopenharmony_ci sg = ah_req_sg(ahash, req); 36862306a36Sopenharmony_ci seqhisg = sg + nfrags; 36962306a36Sopenharmony_ci 37062306a36Sopenharmony_ci ah = ip_auth_hdr(skb); 37162306a36Sopenharmony_ci memset(ah->auth_data, 0, ahp->icv_trunc_len); 37262306a36Sopenharmony_ci 37362306a36Sopenharmony_ci top_iph = ipv6_hdr(skb); 37462306a36Sopenharmony_ci top_iph->payload_len = htons(skb->len - sizeof(*top_iph)); 37562306a36Sopenharmony_ci 37662306a36Sopenharmony_ci nexthdr = *skb_mac_header(skb); 37762306a36Sopenharmony_ci *skb_mac_header(skb) = IPPROTO_AH; 37862306a36Sopenharmony_ci 37962306a36Sopenharmony_ci /* When there are no extension headers, we only need to save the first 38062306a36Sopenharmony_ci * 8 bytes of the base IP header. 38162306a36Sopenharmony_ci */ 38262306a36Sopenharmony_ci memcpy(iph_base, top_iph, IPV6HDR_BASELEN); 38362306a36Sopenharmony_ci 38462306a36Sopenharmony_ci if (extlen) { 38562306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6_MIP6) 38662306a36Sopenharmony_ci memcpy(iph_ext, &top_iph->saddr, extlen); 38762306a36Sopenharmony_ci#else 38862306a36Sopenharmony_ci memcpy(iph_ext, &top_iph->daddr, extlen); 38962306a36Sopenharmony_ci#endif 39062306a36Sopenharmony_ci err = ipv6_clear_mutable_options(top_iph, 39162306a36Sopenharmony_ci extlen - sizeof(*iph_ext) + 39262306a36Sopenharmony_ci sizeof(*top_iph), 39362306a36Sopenharmony_ci XFRM_POLICY_OUT); 39462306a36Sopenharmony_ci if (err) 39562306a36Sopenharmony_ci goto out_free; 39662306a36Sopenharmony_ci } 39762306a36Sopenharmony_ci 39862306a36Sopenharmony_ci ah->nexthdr = nexthdr; 39962306a36Sopenharmony_ci 40062306a36Sopenharmony_ci top_iph->priority = 0; 40162306a36Sopenharmony_ci top_iph->flow_lbl[0] = 0; 40262306a36Sopenharmony_ci top_iph->flow_lbl[1] = 0; 40362306a36Sopenharmony_ci top_iph->flow_lbl[2] = 0; 40462306a36Sopenharmony_ci top_iph->hop_limit = 0; 40562306a36Sopenharmony_ci 40662306a36Sopenharmony_ci ah->hdrlen = (XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len) >> 2) - 2; 40762306a36Sopenharmony_ci 40862306a36Sopenharmony_ci ah->reserved = 0; 40962306a36Sopenharmony_ci ah->spi = x->id.spi; 41062306a36Sopenharmony_ci ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); 41162306a36Sopenharmony_ci 41262306a36Sopenharmony_ci sg_init_table(sg, nfrags + sglists); 41362306a36Sopenharmony_ci err = skb_to_sgvec_nomark(skb, sg, 0, skb->len); 41462306a36Sopenharmony_ci if (unlikely(err < 0)) 41562306a36Sopenharmony_ci goto out_free; 41662306a36Sopenharmony_ci 41762306a36Sopenharmony_ci if (x->props.flags & XFRM_STATE_ESN) { 41862306a36Sopenharmony_ci /* Attach seqhi sg right after packet payload */ 41962306a36Sopenharmony_ci *seqhi = htonl(XFRM_SKB_CB(skb)->seq.output.hi); 42062306a36Sopenharmony_ci sg_set_buf(seqhisg, seqhi, seqhi_len); 42162306a36Sopenharmony_ci } 42262306a36Sopenharmony_ci ahash_request_set_crypt(req, sg, icv, skb->len + seqhi_len); 42362306a36Sopenharmony_ci ahash_request_set_callback(req, 0, ah6_output_done, skb); 42462306a36Sopenharmony_ci 42562306a36Sopenharmony_ci AH_SKB_CB(skb)->tmp = iph_base; 42662306a36Sopenharmony_ci 42762306a36Sopenharmony_ci err = crypto_ahash_digest(req); 42862306a36Sopenharmony_ci if (err) { 42962306a36Sopenharmony_ci if (err == -EINPROGRESS) 43062306a36Sopenharmony_ci goto out; 43162306a36Sopenharmony_ci 43262306a36Sopenharmony_ci if (err == -ENOSPC) 43362306a36Sopenharmony_ci err = NET_XMIT_DROP; 43462306a36Sopenharmony_ci goto out_free; 43562306a36Sopenharmony_ci } 43662306a36Sopenharmony_ci 43762306a36Sopenharmony_ci memcpy(ah->auth_data, icv, ahp->icv_trunc_len); 43862306a36Sopenharmony_ci memcpy(top_iph, iph_base, IPV6HDR_BASELEN); 43962306a36Sopenharmony_ci 44062306a36Sopenharmony_ci if (extlen) { 44162306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6_MIP6) 44262306a36Sopenharmony_ci memcpy(&top_iph->saddr, iph_ext, extlen); 44362306a36Sopenharmony_ci#else 44462306a36Sopenharmony_ci memcpy(&top_iph->daddr, iph_ext, extlen); 44562306a36Sopenharmony_ci#endif 44662306a36Sopenharmony_ci } 44762306a36Sopenharmony_ci 44862306a36Sopenharmony_ciout_free: 44962306a36Sopenharmony_ci kfree(iph_base); 45062306a36Sopenharmony_ciout: 45162306a36Sopenharmony_ci return err; 45262306a36Sopenharmony_ci} 45362306a36Sopenharmony_ci 45462306a36Sopenharmony_cistatic void ah6_input_done(void *data, int err) 45562306a36Sopenharmony_ci{ 45662306a36Sopenharmony_ci u8 *auth_data; 45762306a36Sopenharmony_ci u8 *icv; 45862306a36Sopenharmony_ci u8 *work_iph; 45962306a36Sopenharmony_ci struct sk_buff *skb = data; 46062306a36Sopenharmony_ci struct xfrm_state *x = xfrm_input_state(skb); 46162306a36Sopenharmony_ci struct ah_data *ahp = x->data; 46262306a36Sopenharmony_ci struct ip_auth_hdr *ah = ip_auth_hdr(skb); 46362306a36Sopenharmony_ci int hdr_len = skb_network_header_len(skb); 46462306a36Sopenharmony_ci int ah_hlen = ipv6_authlen(ah); 46562306a36Sopenharmony_ci 46662306a36Sopenharmony_ci if (err) 46762306a36Sopenharmony_ci goto out; 46862306a36Sopenharmony_ci 46962306a36Sopenharmony_ci work_iph = AH_SKB_CB(skb)->tmp; 47062306a36Sopenharmony_ci auth_data = ah_tmp_auth(work_iph, hdr_len); 47162306a36Sopenharmony_ci icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); 47262306a36Sopenharmony_ci 47362306a36Sopenharmony_ci err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; 47462306a36Sopenharmony_ci if (err) 47562306a36Sopenharmony_ci goto out; 47662306a36Sopenharmony_ci 47762306a36Sopenharmony_ci err = ah->nexthdr; 47862306a36Sopenharmony_ci 47962306a36Sopenharmony_ci skb->network_header += ah_hlen; 48062306a36Sopenharmony_ci memcpy(skb_network_header(skb), work_iph, hdr_len); 48162306a36Sopenharmony_ci __skb_pull(skb, ah_hlen + hdr_len); 48262306a36Sopenharmony_ci if (x->props.mode == XFRM_MODE_TUNNEL) 48362306a36Sopenharmony_ci skb_reset_transport_header(skb); 48462306a36Sopenharmony_ci else 48562306a36Sopenharmony_ci skb_set_transport_header(skb, -hdr_len); 48662306a36Sopenharmony_ciout: 48762306a36Sopenharmony_ci kfree(AH_SKB_CB(skb)->tmp); 48862306a36Sopenharmony_ci xfrm_input_resume(skb, err); 48962306a36Sopenharmony_ci} 49062306a36Sopenharmony_ci 49162306a36Sopenharmony_ci 49262306a36Sopenharmony_ci 49362306a36Sopenharmony_cistatic int ah6_input(struct xfrm_state *x, struct sk_buff *skb) 49462306a36Sopenharmony_ci{ 49562306a36Sopenharmony_ci /* 49662306a36Sopenharmony_ci * Before process AH 49762306a36Sopenharmony_ci * [IPv6][Ext1][Ext2][AH][Dest][Payload] 49862306a36Sopenharmony_ci * |<-------------->| hdr_len 49962306a36Sopenharmony_ci * 50062306a36Sopenharmony_ci * To erase AH: 50162306a36Sopenharmony_ci * Keeping copy of cleared headers. After AH processing, 50262306a36Sopenharmony_ci * Moving the pointer of skb->network_header by using skb_pull as long 50362306a36Sopenharmony_ci * as AH header length. Then copy back the copy as long as hdr_len 50462306a36Sopenharmony_ci * If destination header following AH exists, copy it into after [Ext2]. 50562306a36Sopenharmony_ci * 50662306a36Sopenharmony_ci * |<>|[IPv6][Ext1][Ext2][Dest][Payload] 50762306a36Sopenharmony_ci * There is offset of AH before IPv6 header after the process. 50862306a36Sopenharmony_ci */ 50962306a36Sopenharmony_ci 51062306a36Sopenharmony_ci u8 *auth_data; 51162306a36Sopenharmony_ci u8 *icv; 51262306a36Sopenharmony_ci u8 *work_iph; 51362306a36Sopenharmony_ci struct sk_buff *trailer; 51462306a36Sopenharmony_ci struct crypto_ahash *ahash; 51562306a36Sopenharmony_ci struct ahash_request *req; 51662306a36Sopenharmony_ci struct scatterlist *sg; 51762306a36Sopenharmony_ci struct ip_auth_hdr *ah; 51862306a36Sopenharmony_ci struct ipv6hdr *ip6h; 51962306a36Sopenharmony_ci struct ah_data *ahp; 52062306a36Sopenharmony_ci u16 hdr_len; 52162306a36Sopenharmony_ci u16 ah_hlen; 52262306a36Sopenharmony_ci int nexthdr; 52362306a36Sopenharmony_ci int nfrags; 52462306a36Sopenharmony_ci int err = -ENOMEM; 52562306a36Sopenharmony_ci int seqhi_len = 0; 52662306a36Sopenharmony_ci __be32 *seqhi; 52762306a36Sopenharmony_ci int sglists = 0; 52862306a36Sopenharmony_ci struct scatterlist *seqhisg; 52962306a36Sopenharmony_ci 53062306a36Sopenharmony_ci if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr))) 53162306a36Sopenharmony_ci goto out; 53262306a36Sopenharmony_ci 53362306a36Sopenharmony_ci /* We are going to _remove_ AH header to keep sockets happy, 53462306a36Sopenharmony_ci * so... Later this can change. */ 53562306a36Sopenharmony_ci if (skb_unclone(skb, GFP_ATOMIC)) 53662306a36Sopenharmony_ci goto out; 53762306a36Sopenharmony_ci 53862306a36Sopenharmony_ci skb->ip_summed = CHECKSUM_NONE; 53962306a36Sopenharmony_ci 54062306a36Sopenharmony_ci hdr_len = skb_network_header_len(skb); 54162306a36Sopenharmony_ci ah = (struct ip_auth_hdr *)skb->data; 54262306a36Sopenharmony_ci ahp = x->data; 54362306a36Sopenharmony_ci ahash = ahp->ahash; 54462306a36Sopenharmony_ci 54562306a36Sopenharmony_ci nexthdr = ah->nexthdr; 54662306a36Sopenharmony_ci ah_hlen = ipv6_authlen(ah); 54762306a36Sopenharmony_ci 54862306a36Sopenharmony_ci if (ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_full_len) && 54962306a36Sopenharmony_ci ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len)) 55062306a36Sopenharmony_ci goto out; 55162306a36Sopenharmony_ci 55262306a36Sopenharmony_ci if (!pskb_may_pull(skb, ah_hlen)) 55362306a36Sopenharmony_ci goto out; 55462306a36Sopenharmony_ci 55562306a36Sopenharmony_ci err = skb_cow_data(skb, 0, &trailer); 55662306a36Sopenharmony_ci if (err < 0) 55762306a36Sopenharmony_ci goto out; 55862306a36Sopenharmony_ci nfrags = err; 55962306a36Sopenharmony_ci 56062306a36Sopenharmony_ci ah = (struct ip_auth_hdr *)skb->data; 56162306a36Sopenharmony_ci ip6h = ipv6_hdr(skb); 56262306a36Sopenharmony_ci 56362306a36Sopenharmony_ci skb_push(skb, hdr_len); 56462306a36Sopenharmony_ci 56562306a36Sopenharmony_ci if (x->props.flags & XFRM_STATE_ESN) { 56662306a36Sopenharmony_ci sglists = 1; 56762306a36Sopenharmony_ci seqhi_len = sizeof(*seqhi); 56862306a36Sopenharmony_ci } 56962306a36Sopenharmony_ci 57062306a36Sopenharmony_ci work_iph = ah_alloc_tmp(ahash, nfrags + sglists, hdr_len + 57162306a36Sopenharmony_ci ahp->icv_trunc_len + seqhi_len); 57262306a36Sopenharmony_ci if (!work_iph) { 57362306a36Sopenharmony_ci err = -ENOMEM; 57462306a36Sopenharmony_ci goto out; 57562306a36Sopenharmony_ci } 57662306a36Sopenharmony_ci 57762306a36Sopenharmony_ci auth_data = ah_tmp_auth((u8 *)work_iph, hdr_len); 57862306a36Sopenharmony_ci seqhi = (__be32 *)(auth_data + ahp->icv_trunc_len); 57962306a36Sopenharmony_ci icv = ah_tmp_icv(ahash, seqhi, seqhi_len); 58062306a36Sopenharmony_ci req = ah_tmp_req(ahash, icv); 58162306a36Sopenharmony_ci sg = ah_req_sg(ahash, req); 58262306a36Sopenharmony_ci seqhisg = sg + nfrags; 58362306a36Sopenharmony_ci 58462306a36Sopenharmony_ci memcpy(work_iph, ip6h, hdr_len); 58562306a36Sopenharmony_ci memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len); 58662306a36Sopenharmony_ci memset(ah->auth_data, 0, ahp->icv_trunc_len); 58762306a36Sopenharmony_ci 58862306a36Sopenharmony_ci err = ipv6_clear_mutable_options(ip6h, hdr_len, XFRM_POLICY_IN); 58962306a36Sopenharmony_ci if (err) 59062306a36Sopenharmony_ci goto out_free; 59162306a36Sopenharmony_ci 59262306a36Sopenharmony_ci ip6h->priority = 0; 59362306a36Sopenharmony_ci ip6h->flow_lbl[0] = 0; 59462306a36Sopenharmony_ci ip6h->flow_lbl[1] = 0; 59562306a36Sopenharmony_ci ip6h->flow_lbl[2] = 0; 59662306a36Sopenharmony_ci ip6h->hop_limit = 0; 59762306a36Sopenharmony_ci 59862306a36Sopenharmony_ci sg_init_table(sg, nfrags + sglists); 59962306a36Sopenharmony_ci err = skb_to_sgvec_nomark(skb, sg, 0, skb->len); 60062306a36Sopenharmony_ci if (unlikely(err < 0)) 60162306a36Sopenharmony_ci goto out_free; 60262306a36Sopenharmony_ci 60362306a36Sopenharmony_ci if (x->props.flags & XFRM_STATE_ESN) { 60462306a36Sopenharmony_ci /* Attach seqhi sg right after packet payload */ 60562306a36Sopenharmony_ci *seqhi = XFRM_SKB_CB(skb)->seq.input.hi; 60662306a36Sopenharmony_ci sg_set_buf(seqhisg, seqhi, seqhi_len); 60762306a36Sopenharmony_ci } 60862306a36Sopenharmony_ci 60962306a36Sopenharmony_ci ahash_request_set_crypt(req, sg, icv, skb->len + seqhi_len); 61062306a36Sopenharmony_ci ahash_request_set_callback(req, 0, ah6_input_done, skb); 61162306a36Sopenharmony_ci 61262306a36Sopenharmony_ci AH_SKB_CB(skb)->tmp = work_iph; 61362306a36Sopenharmony_ci 61462306a36Sopenharmony_ci err = crypto_ahash_digest(req); 61562306a36Sopenharmony_ci if (err) { 61662306a36Sopenharmony_ci if (err == -EINPROGRESS) 61762306a36Sopenharmony_ci goto out; 61862306a36Sopenharmony_ci 61962306a36Sopenharmony_ci goto out_free; 62062306a36Sopenharmony_ci } 62162306a36Sopenharmony_ci 62262306a36Sopenharmony_ci err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; 62362306a36Sopenharmony_ci if (err) 62462306a36Sopenharmony_ci goto out_free; 62562306a36Sopenharmony_ci 62662306a36Sopenharmony_ci skb->network_header += ah_hlen; 62762306a36Sopenharmony_ci memcpy(skb_network_header(skb), work_iph, hdr_len); 62862306a36Sopenharmony_ci __skb_pull(skb, ah_hlen + hdr_len); 62962306a36Sopenharmony_ci 63062306a36Sopenharmony_ci if (x->props.mode == XFRM_MODE_TUNNEL) 63162306a36Sopenharmony_ci skb_reset_transport_header(skb); 63262306a36Sopenharmony_ci else 63362306a36Sopenharmony_ci skb_set_transport_header(skb, -hdr_len); 63462306a36Sopenharmony_ci 63562306a36Sopenharmony_ci err = nexthdr; 63662306a36Sopenharmony_ci 63762306a36Sopenharmony_ciout_free: 63862306a36Sopenharmony_ci kfree(work_iph); 63962306a36Sopenharmony_ciout: 64062306a36Sopenharmony_ci return err; 64162306a36Sopenharmony_ci} 64262306a36Sopenharmony_ci 64362306a36Sopenharmony_cistatic int ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 64462306a36Sopenharmony_ci u8 type, u8 code, int offset, __be32 info) 64562306a36Sopenharmony_ci{ 64662306a36Sopenharmony_ci struct net *net = dev_net(skb->dev); 64762306a36Sopenharmony_ci struct ipv6hdr *iph = (struct ipv6hdr *)skb->data; 64862306a36Sopenharmony_ci struct ip_auth_hdr *ah = (struct ip_auth_hdr *)(skb->data+offset); 64962306a36Sopenharmony_ci struct xfrm_state *x; 65062306a36Sopenharmony_ci 65162306a36Sopenharmony_ci if (type != ICMPV6_PKT_TOOBIG && 65262306a36Sopenharmony_ci type != NDISC_REDIRECT) 65362306a36Sopenharmony_ci return 0; 65462306a36Sopenharmony_ci 65562306a36Sopenharmony_ci x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6); 65662306a36Sopenharmony_ci if (!x) 65762306a36Sopenharmony_ci return 0; 65862306a36Sopenharmony_ci 65962306a36Sopenharmony_ci if (type == NDISC_REDIRECT) 66062306a36Sopenharmony_ci ip6_redirect(skb, net, skb->dev->ifindex, 0, 66162306a36Sopenharmony_ci sock_net_uid(net, NULL)); 66262306a36Sopenharmony_ci else 66362306a36Sopenharmony_ci ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL)); 66462306a36Sopenharmony_ci xfrm_state_put(x); 66562306a36Sopenharmony_ci 66662306a36Sopenharmony_ci return 0; 66762306a36Sopenharmony_ci} 66862306a36Sopenharmony_ci 66962306a36Sopenharmony_cistatic int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 67062306a36Sopenharmony_ci{ 67162306a36Sopenharmony_ci struct ah_data *ahp = NULL; 67262306a36Sopenharmony_ci struct xfrm_algo_desc *aalg_desc; 67362306a36Sopenharmony_ci struct crypto_ahash *ahash; 67462306a36Sopenharmony_ci 67562306a36Sopenharmony_ci if (!x->aalg) { 67662306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm"); 67762306a36Sopenharmony_ci goto error; 67862306a36Sopenharmony_ci } 67962306a36Sopenharmony_ci 68062306a36Sopenharmony_ci if (x->encap) { 68162306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation"); 68262306a36Sopenharmony_ci goto error; 68362306a36Sopenharmony_ci } 68462306a36Sopenharmony_ci 68562306a36Sopenharmony_ci ahp = kzalloc(sizeof(*ahp), GFP_KERNEL); 68662306a36Sopenharmony_ci if (!ahp) 68762306a36Sopenharmony_ci return -ENOMEM; 68862306a36Sopenharmony_ci 68962306a36Sopenharmony_ci ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0); 69062306a36Sopenharmony_ci if (IS_ERR(ahash)) { 69162306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations"); 69262306a36Sopenharmony_ci goto error; 69362306a36Sopenharmony_ci } 69462306a36Sopenharmony_ci 69562306a36Sopenharmony_ci ahp->ahash = ahash; 69662306a36Sopenharmony_ci if (crypto_ahash_setkey(ahash, x->aalg->alg_key, 69762306a36Sopenharmony_ci (x->aalg->alg_key_len + 7) / 8)) { 69862306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations"); 69962306a36Sopenharmony_ci goto error; 70062306a36Sopenharmony_ci } 70162306a36Sopenharmony_ci 70262306a36Sopenharmony_ci /* 70362306a36Sopenharmony_ci * Lookup the algorithm description maintained by xfrm_algo, 70462306a36Sopenharmony_ci * verify crypto transform properties, and store information 70562306a36Sopenharmony_ci * we need for AH processing. This lookup cannot fail here 70662306a36Sopenharmony_ci * after a successful crypto_alloc_hash(). 70762306a36Sopenharmony_ci */ 70862306a36Sopenharmony_ci aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 70962306a36Sopenharmony_ci BUG_ON(!aalg_desc); 71062306a36Sopenharmony_ci 71162306a36Sopenharmony_ci if (aalg_desc->uinfo.auth.icv_fullbits/8 != 71262306a36Sopenharmony_ci crypto_ahash_digestsize(ahash)) { 71362306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations"); 71462306a36Sopenharmony_ci goto error; 71562306a36Sopenharmony_ci } 71662306a36Sopenharmony_ci 71762306a36Sopenharmony_ci ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 71862306a36Sopenharmony_ci ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; 71962306a36Sopenharmony_ci 72062306a36Sopenharmony_ci x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + 72162306a36Sopenharmony_ci ahp->icv_trunc_len); 72262306a36Sopenharmony_ci switch (x->props.mode) { 72362306a36Sopenharmony_ci case XFRM_MODE_BEET: 72462306a36Sopenharmony_ci case XFRM_MODE_TRANSPORT: 72562306a36Sopenharmony_ci break; 72662306a36Sopenharmony_ci case XFRM_MODE_TUNNEL: 72762306a36Sopenharmony_ci x->props.header_len += sizeof(struct ipv6hdr); 72862306a36Sopenharmony_ci break; 72962306a36Sopenharmony_ci default: 73062306a36Sopenharmony_ci NL_SET_ERR_MSG(extack, "Invalid mode requested for AH, must be one of TRANSPORT, TUNNEL, BEET"); 73162306a36Sopenharmony_ci goto error; 73262306a36Sopenharmony_ci } 73362306a36Sopenharmony_ci x->data = ahp; 73462306a36Sopenharmony_ci 73562306a36Sopenharmony_ci return 0; 73662306a36Sopenharmony_ci 73762306a36Sopenharmony_cierror: 73862306a36Sopenharmony_ci if (ahp) { 73962306a36Sopenharmony_ci crypto_free_ahash(ahp->ahash); 74062306a36Sopenharmony_ci kfree(ahp); 74162306a36Sopenharmony_ci } 74262306a36Sopenharmony_ci return -EINVAL; 74362306a36Sopenharmony_ci} 74462306a36Sopenharmony_ci 74562306a36Sopenharmony_cistatic void ah6_destroy(struct xfrm_state *x) 74662306a36Sopenharmony_ci{ 74762306a36Sopenharmony_ci struct ah_data *ahp = x->data; 74862306a36Sopenharmony_ci 74962306a36Sopenharmony_ci if (!ahp) 75062306a36Sopenharmony_ci return; 75162306a36Sopenharmony_ci 75262306a36Sopenharmony_ci crypto_free_ahash(ahp->ahash); 75362306a36Sopenharmony_ci kfree(ahp); 75462306a36Sopenharmony_ci} 75562306a36Sopenharmony_ci 75662306a36Sopenharmony_cistatic int ah6_rcv_cb(struct sk_buff *skb, int err) 75762306a36Sopenharmony_ci{ 75862306a36Sopenharmony_ci return 0; 75962306a36Sopenharmony_ci} 76062306a36Sopenharmony_ci 76162306a36Sopenharmony_cistatic const struct xfrm_type ah6_type = { 76262306a36Sopenharmony_ci .owner = THIS_MODULE, 76362306a36Sopenharmony_ci .proto = IPPROTO_AH, 76462306a36Sopenharmony_ci .flags = XFRM_TYPE_REPLAY_PROT, 76562306a36Sopenharmony_ci .init_state = ah6_init_state, 76662306a36Sopenharmony_ci .destructor = ah6_destroy, 76762306a36Sopenharmony_ci .input = ah6_input, 76862306a36Sopenharmony_ci .output = ah6_output, 76962306a36Sopenharmony_ci}; 77062306a36Sopenharmony_ci 77162306a36Sopenharmony_cistatic struct xfrm6_protocol ah6_protocol = { 77262306a36Sopenharmony_ci .handler = xfrm6_rcv, 77362306a36Sopenharmony_ci .input_handler = xfrm_input, 77462306a36Sopenharmony_ci .cb_handler = ah6_rcv_cb, 77562306a36Sopenharmony_ci .err_handler = ah6_err, 77662306a36Sopenharmony_ci .priority = 0, 77762306a36Sopenharmony_ci}; 77862306a36Sopenharmony_ci 77962306a36Sopenharmony_cistatic int __init ah6_init(void) 78062306a36Sopenharmony_ci{ 78162306a36Sopenharmony_ci if (xfrm_register_type(&ah6_type, AF_INET6) < 0) { 78262306a36Sopenharmony_ci pr_info("%s: can't add xfrm type\n", __func__); 78362306a36Sopenharmony_ci return -EAGAIN; 78462306a36Sopenharmony_ci } 78562306a36Sopenharmony_ci 78662306a36Sopenharmony_ci if (xfrm6_protocol_register(&ah6_protocol, IPPROTO_AH) < 0) { 78762306a36Sopenharmony_ci pr_info("%s: can't add protocol\n", __func__); 78862306a36Sopenharmony_ci xfrm_unregister_type(&ah6_type, AF_INET6); 78962306a36Sopenharmony_ci return -EAGAIN; 79062306a36Sopenharmony_ci } 79162306a36Sopenharmony_ci 79262306a36Sopenharmony_ci return 0; 79362306a36Sopenharmony_ci} 79462306a36Sopenharmony_ci 79562306a36Sopenharmony_cistatic void __exit ah6_fini(void) 79662306a36Sopenharmony_ci{ 79762306a36Sopenharmony_ci if (xfrm6_protocol_deregister(&ah6_protocol, IPPROTO_AH) < 0) 79862306a36Sopenharmony_ci pr_info("%s: can't remove protocol\n", __func__); 79962306a36Sopenharmony_ci 80062306a36Sopenharmony_ci xfrm_unregister_type(&ah6_type, AF_INET6); 80162306a36Sopenharmony_ci} 80262306a36Sopenharmony_ci 80362306a36Sopenharmony_cimodule_init(ah6_init); 80462306a36Sopenharmony_cimodule_exit(ah6_fini); 80562306a36Sopenharmony_ci 80662306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 80762306a36Sopenharmony_ciMODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_AH); 808