2 * Copyright (C)2002 USAGI/WIDE Project
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 * Mitsuru KANDA @USAGI : IPv6 Support
20 * Kazunori MIYAZAWA @USAGI :
21 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
23 * This file is derived from net/ipv4/esp.c
26 #define pr_fmt(fmt) "IPv6: " fmt
28 #include <crypto/aead.h>
29 #include <crypto/authenc.h>
30 #include <linux/err.h>
31 #include <linux/module.h>
35 #include <linux/scatterlist.h>
36 #include <linux/kernel.h>
37 #include <linux/pfkeyv2.h>
38 #include <linux/random.h>
39 #include <linux/slab.h>
40 #include <linux/spinlock.h>
41 #include <net/ip6_route.h>
44 #include <net/protocol.h>
45 #include <linux/icmpv6.h>
47 #include <linux/highmem.h>
50 struct xfrm_skb_cb xfrm;
54 #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
56 static u32 esp6_get_mtu(struct xfrm_state *x, int mtu);
59 * Allocate an AEAD request structure with extra space for SG and IV.
61 * For alignment considerations the upper 32 bits of the sequence number are
62 * placed at the front, if present. Followed by the IV, the request and finally
65 * TODO: Use spare space in skb for this where possible.
67 static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqihlen)
73 len += crypto_aead_ivsize(aead);
76 len += crypto_aead_alignmask(aead) &
77 ~(crypto_tfm_ctx_alignment() - 1);
78 len = ALIGN(len, crypto_tfm_ctx_alignment());
81 len += sizeof(struct aead_request) + crypto_aead_reqsize(aead);
82 len = ALIGN(len, __alignof__(struct scatterlist));
84 len += sizeof(struct scatterlist) * nfrags;
86 return kmalloc(len, GFP_ATOMIC);
89 static inline __be32 *esp_tmp_seqhi(void *tmp)
91 return PTR_ALIGN((__be32 *)tmp, __alignof__(__be32));
94 static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen)
96 return crypto_aead_ivsize(aead) ?
97 PTR_ALIGN((u8 *)tmp + seqhilen,
98 crypto_aead_alignmask(aead) + 1) : tmp + seqhilen;
101 static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
103 struct aead_request *req;
105 req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
106 crypto_tfm_ctx_alignment());
107 aead_request_set_tfm(req, aead);
111 static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
112 struct aead_request *req)
114 return (void *)ALIGN((unsigned long)(req + 1) +
115 crypto_aead_reqsize(aead),
116 __alignof__(struct scatterlist));
119 static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
122 struct crypto_aead *aead = x->data;
125 struct aead_request *req;
126 struct scatterlist *sg;
128 if (x->props.flags & XFRM_STATE_ESN)
129 seqhilen += sizeof(__be32);
131 seqhi = esp_tmp_seqhi(tmp);
132 iv = esp_tmp_iv(aead, tmp, seqhilen);
133 req = esp_tmp_req(aead, iv);
135 /* Unref skb_frag_pages in the src scatterlist if necessary.
136 * Skip the first sg which comes from skb->data.
138 if (req->src != req->dst)
139 for (sg = sg_next(req->src); sg; sg = sg_next(sg))
140 put_page(sg_page(sg));
143 static void esp_output_done(struct crypto_async_request *base, int err)
145 struct sk_buff *skb = base->data;
147 struct dst_entry *dst = skb_dst(skb);
148 struct xfrm_state *x = dst->xfrm;
150 tmp = ESP_SKB_CB(skb)->tmp;
151 esp_ssg_unref(x, tmp);
153 xfrm_output_resume(skb, err);
156 /* Move ESP header back into place. */
157 static void esp_restore_header(struct sk_buff *skb, unsigned int offset)
159 struct ip_esp_hdr *esph = (void *)(skb->data + offset);
160 void *tmp = ESP_SKB_CB(skb)->tmp;
161 __be32 *seqhi = esp_tmp_seqhi(tmp);
163 esph->seq_no = esph->spi;
167 static void esp_output_restore_header(struct sk_buff *skb)
169 esp_restore_header(skb, skb_transport_offset(skb) - sizeof(__be32));
172 static struct ip_esp_hdr *esp_output_set_esn(struct sk_buff *skb,
173 struct xfrm_state *x,
174 struct ip_esp_hdr *esph,
177 /* For ESN we move the header forward by 4 bytes to
178 * accomodate the high bits. We will move it back after
181 if ((x->props.flags & XFRM_STATE_ESN)) {
182 struct xfrm_offload *xo = xfrm_offload(skb);
184 esph = (void *)(skb_transport_header(skb) - sizeof(__be32));
187 esph->seq_no = htonl(xo->seq.hi);
189 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.hi);
192 esph->spi = x->id.spi;
197 static void esp_output_done_esn(struct crypto_async_request *base, int err)
199 struct sk_buff *skb = base->data;
201 esp_output_restore_header(skb);
202 esp_output_done(base, err);
205 static void esp_output_fill_trailer(u8 *tail, int tfclen, int plen, __u8 proto)
207 /* Fill padding... */
209 memset(tail, 0, tfclen);
214 for (i = 0; i < plen - 2; i++)
217 tail[plen - 2] = plen - 2;
218 tail[plen - 1] = proto;
221 int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
227 struct ip_esp_hdr *esph;
228 struct sk_buff *trailer;
229 int tailen = esp->tailen;
231 esph = ip_esp_hdr(skb);
233 if (!skb_cloned(skb)) {
234 if (tailen <= skb_availroom(skb)) {
237 tail = skb_tail_pointer(trailer);
240 } else if ((skb_shinfo(skb)->nr_frags < MAX_SKB_FRAGS)
241 && !skb_has_frag_list(skb)) {
243 struct sock *sk = skb->sk;
244 struct page_frag *pfrag = &x->xfrag;
246 esp->inplace = false;
248 allocsize = ALIGN(tailen, L1_CACHE_BYTES);
250 spin_lock_bh(&x->lock);
252 if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
253 spin_unlock_bh(&x->lock);
260 vaddr = kmap_atomic(page);
262 tail = vaddr + pfrag->offset;
264 esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
266 kunmap_atomic(vaddr);
268 spin_unlock_bh(&x->lock);
270 nfrags = skb_shinfo(skb)->nr_frags;
272 __skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
274 skb_shinfo(skb)->nr_frags = ++nfrags;
276 pfrag->offset = pfrag->offset + allocsize;
280 skb->data_len += tailen;
281 skb->truesize += tailen;
283 atomic_add(tailen, &sk->sk_wmem_alloc);
290 nfrags = skb_cow_data(skb, tailen, &trailer);
293 tail = skb_tail_pointer(trailer);
296 esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
297 pskb_put(skb, trailer, tailen);
302 EXPORT_SYMBOL_GPL(esp6_output_head);
304 int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *esp)
314 struct ip_esp_hdr *esph;
315 struct aead_request *req;
316 struct crypto_aead *aead;
317 struct scatterlist *sg, *dsg;
320 assoclen = sizeof(struct ip_esp_hdr);
323 if (x->props.flags & XFRM_STATE_ESN) {
324 seqhilen += sizeof(__be32);
325 assoclen += sizeof(__be32);
329 alen = crypto_aead_authsize(aead);
330 ivlen = crypto_aead_ivsize(aead);
332 tmp = esp_alloc_tmp(aead, esp->nfrags + 2, seqhilen);
336 seqhi = esp_tmp_seqhi(tmp);
337 iv = esp_tmp_iv(aead, tmp, seqhilen);
338 req = esp_tmp_req(aead, iv);
339 sg = esp_req_sg(aead, req);
344 dsg = &sg[esp->nfrags];
346 esph = esp_output_set_esn(skb, x, ip_esp_hdr(skb), seqhi);
348 sg_init_table(sg, esp->nfrags);
349 skb_to_sgvec(skb, sg,
350 (unsigned char *)esph - skb->data,
351 assoclen + ivlen + esp->clen + alen);
355 struct page_frag *pfrag = &x->xfrag;
357 allocsize = ALIGN(skb->data_len, L1_CACHE_BYTES);
359 spin_lock_bh(&x->lock);
360 if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
361 spin_unlock_bh(&x->lock);
365 skb_shinfo(skb)->nr_frags = 1;
369 /* replace page frags in skb with new page */
370 __skb_fill_page_desc(skb, 0, page, pfrag->offset, skb->data_len);
371 pfrag->offset = pfrag->offset + allocsize;
372 spin_unlock_bh(&x->lock);
374 sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
375 skb_to_sgvec(skb, dsg,
376 (unsigned char *)esph - skb->data,
377 assoclen + ivlen + esp->clen + alen);
380 if ((x->props.flags & XFRM_STATE_ESN))
381 aead_request_set_callback(req, 0, esp_output_done_esn, skb);
383 aead_request_set_callback(req, 0, esp_output_done, skb);
385 aead_request_set_crypt(req, sg, dsg, ivlen + esp->clen, iv);
386 aead_request_set_ad(req, assoclen);
388 memset(iv, 0, ivlen);
389 memcpy(iv + ivlen - min(ivlen, 8), (u8 *)&esp->seqno + 8 - min(ivlen, 8),
392 ESP_SKB_CB(skb)->tmp = tmp;
393 err = crypto_aead_encrypt(req);
404 if ((x->props.flags & XFRM_STATE_ESN))
405 esp_output_restore_header(skb);
409 esp_ssg_unref(x, tmp);
415 EXPORT_SYMBOL_GPL(esp6_output_tail);
417 static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
421 struct ip_esp_hdr *esph;
422 struct crypto_aead *aead;
427 esp.proto = *skb_mac_header(skb);
428 *skb_mac_header(skb) = IPPROTO_ESP;
430 /* skb is pure payload to encrypt */
433 alen = crypto_aead_authsize(aead);
437 struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
440 padto = min(x->tfcpad, esp6_get_mtu(x, dst->child_mtu_cached));
441 if (skb->len < padto)
442 esp.tfclen = padto - skb->len;
444 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
445 esp.clen = ALIGN(skb->len + 2 + esp.tfclen, blksize);
446 esp.plen = esp.clen - skb->len - esp.tfclen;
447 esp.tailen = esp.tfclen + esp.plen + alen;
449 esp.nfrags = esp6_output_head(x, skb, &esp);
453 esph = ip_esp_hdr(skb);
454 esph->spi = x->id.spi;
456 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
457 esp.seqno = cpu_to_be64(XFRM_SKB_CB(skb)->seq.output.low +
458 ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
460 skb_push(skb, -skb_network_offset(skb));
462 return esp6_output_tail(x, skb, &esp);
465 int esp6_input_done2(struct sk_buff *skb, int err)
467 struct xfrm_state *x = xfrm_input_state(skb);
468 struct xfrm_offload *xo = xfrm_offload(skb);
469 struct crypto_aead *aead = x->data;
470 int alen = crypto_aead_authsize(aead);
471 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
472 int elen = skb->len - hlen;
473 int hdr_len = skb_network_header_len(skb);
477 if (!xo || (xo && !(xo->flags & CRYPTO_DONE)))
478 kfree(ESP_SKB_CB(skb)->tmp);
483 if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
488 if (padlen + 2 + alen >= elen) {
489 net_dbg_ratelimited("ipsec esp packet is garbage padlen=%d, elen=%d\n",
490 padlen + 2, elen - alen);
494 /* ... check padding bits here. Silly. :-) */
496 pskb_trim(skb, skb->len - alen - padlen - 2);
497 __skb_pull(skb, hlen);
498 if (x->props.mode == XFRM_MODE_TUNNEL)
499 skb_reset_transport_header(skb);
501 skb_set_transport_header(skb, -hdr_len);
505 /* RFC4303: Drop dummy packets without any error */
506 if (err == IPPROTO_NONE)
512 EXPORT_SYMBOL_GPL(esp6_input_done2);
514 static void esp_input_done(struct crypto_async_request *base, int err)
516 struct sk_buff *skb = base->data;
518 xfrm_input_resume(skb, esp6_input_done2(skb, err));
521 static void esp_input_restore_header(struct sk_buff *skb)
523 esp_restore_header(skb, 0);
527 static void esp_input_set_header(struct sk_buff *skb, __be32 *seqhi)
529 struct xfrm_state *x = xfrm_input_state(skb);
530 struct ip_esp_hdr *esph = (struct ip_esp_hdr *)skb->data;
532 /* For ESN we move the header forward by 4 bytes to
533 * accomodate the high bits. We will move it back after
536 if ((x->props.flags & XFRM_STATE_ESN)) {
537 esph = (void *)skb_push(skb, 4);
539 esph->spi = esph->seq_no;
540 esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
544 static void esp_input_done_esn(struct crypto_async_request *base, int err)
546 struct sk_buff *skb = base->data;
548 esp_input_restore_header(skb);
549 esp_input_done(base, err);
552 static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
554 struct ip_esp_hdr *esph;
555 struct crypto_aead *aead = x->data;
556 struct aead_request *req;
557 struct sk_buff *trailer;
558 int ivlen = crypto_aead_ivsize(aead);
559 int elen = skb->len - sizeof(*esph) - ivlen;
567 struct scatterlist *sg;
569 if (!pskb_may_pull(skb, sizeof(*esph) + ivlen)) {
579 assoclen = sizeof(*esph);
582 if (x->props.flags & XFRM_STATE_ESN) {
583 seqhilen += sizeof(__be32);
584 assoclen += seqhilen;
587 if (!skb_cloned(skb)) {
588 if (!skb_is_nonlinear(skb)) {
592 } else if (!skb_has_frag_list(skb)) {
593 nfrags = skb_shinfo(skb)->nr_frags;
600 nfrags = skb_cow_data(skb, 0, &trailer);
608 tmp = esp_alloc_tmp(aead, nfrags, seqhilen);
612 ESP_SKB_CB(skb)->tmp = tmp;
613 seqhi = esp_tmp_seqhi(tmp);
614 iv = esp_tmp_iv(aead, tmp, seqhilen);
615 req = esp_tmp_req(aead, iv);
616 sg = esp_req_sg(aead, req);
618 esp_input_set_header(skb, seqhi);
620 sg_init_table(sg, nfrags);
621 skb_to_sgvec(skb, sg, 0, skb->len);
623 skb->ip_summed = CHECKSUM_NONE;
625 if ((x->props.flags & XFRM_STATE_ESN))
626 aead_request_set_callback(req, 0, esp_input_done_esn, skb);
628 aead_request_set_callback(req, 0, esp_input_done, skb);
630 aead_request_set_crypt(req, sg, sg, elen + ivlen, iv);
631 aead_request_set_ad(req, assoclen);
633 ret = crypto_aead_decrypt(req);
634 if (ret == -EINPROGRESS)
637 if ((x->props.flags & XFRM_STATE_ESN))
638 esp_input_restore_header(skb);
640 ret = esp6_input_done2(skb, ret);
646 static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
648 struct crypto_aead *aead = x->data;
649 u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
650 unsigned int net_adj;
652 if (x->props.mode != XFRM_MODE_TUNNEL)
653 net_adj = sizeof(struct ipv6hdr);
657 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
658 net_adj) & ~(blksize - 1)) + net_adj - 2;
661 static int esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
662 u8 type, u8 code, int offset, __be32 info)
664 struct net *net = dev_net(skb->dev);
665 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
666 struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset);
667 struct xfrm_state *x;
669 if (type != ICMPV6_PKT_TOOBIG &&
670 type != NDISC_REDIRECT)
673 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
674 esph->spi, IPPROTO_ESP, AF_INET6);
678 if (type == NDISC_REDIRECT)
679 ip6_redirect(skb, net, skb->dev->ifindex, 0,
680 sock_net_uid(net, NULL));
682 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
688 static void esp6_destroy(struct xfrm_state *x)
690 struct crypto_aead *aead = x->data;
695 crypto_free_aead(aead);
698 static int esp_init_aead(struct xfrm_state *x)
700 char aead_name[CRYPTO_MAX_ALG_NAME];
701 struct crypto_aead *aead;
706 if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
707 x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)
710 if (x->xso.offload_handle)
711 mask |= CRYPTO_ALG_ASYNC;
713 aead = crypto_alloc_aead(aead_name, 0, mask);
720 err = crypto_aead_setkey(aead, x->aead->alg_key,
721 (x->aead->alg_key_len + 7) / 8);
725 err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
733 static int esp_init_authenc(struct xfrm_state *x)
735 struct crypto_aead *aead;
736 struct crypto_authenc_key_param *param;
740 char authenc_name[CRYPTO_MAX_ALG_NAME];
751 if ((x->props.flags & XFRM_STATE_ESN)) {
752 if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
753 "%s%sauthencesn(%s,%s)%s",
754 x->geniv ?: "", x->geniv ? "(" : "",
755 x->aalg ? x->aalg->alg_name : "digest_null",
757 x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
760 if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
761 "%s%sauthenc(%s,%s)%s",
762 x->geniv ?: "", x->geniv ? "(" : "",
763 x->aalg ? x->aalg->alg_name : "digest_null",
765 x->geniv ? ")" : "") >= CRYPTO_MAX_ALG_NAME)
769 if (x->xso.offload_handle)
770 mask |= CRYPTO_ALG_ASYNC;
772 aead = crypto_alloc_aead(authenc_name, 0, mask);
779 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
780 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
782 key = kmalloc(keylen, GFP_KERNEL);
788 rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
789 rta->rta_len = RTA_LENGTH(sizeof(*param));
790 param = RTA_DATA(rta);
791 p += RTA_SPACE(sizeof(*param));
794 struct xfrm_algo_desc *aalg_desc;
796 memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
797 p += (x->aalg->alg_key_len + 7) / 8;
799 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
803 if (aalg_desc->uinfo.auth.icv_fullbits / 8 !=
804 crypto_aead_authsize(aead)) {
805 pr_info("ESP: %s digestsize %u != %hu\n",
807 crypto_aead_authsize(aead),
808 aalg_desc->uinfo.auth.icv_fullbits / 8);
812 err = crypto_aead_setauthsize(
813 aead, x->aalg->alg_trunc_len / 8);
818 param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
819 memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
821 err = crypto_aead_setkey(aead, key, keylen);
830 static int esp6_init_state(struct xfrm_state *x)
832 struct crypto_aead *aead;
842 err = esp_init_aead(x);
844 err = esp_init_authenc(x);
851 x->props.header_len = sizeof(struct ip_esp_hdr) +
852 crypto_aead_ivsize(aead);
853 switch (x->props.mode) {
855 if (x->sel.family != AF_INET6)
856 x->props.header_len += IPV4_BEET_PHMAXLEN +
857 (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
859 case XFRM_MODE_TRANSPORT:
861 case XFRM_MODE_TUNNEL:
862 x->props.header_len += sizeof(struct ipv6hdr);
868 align = ALIGN(crypto_aead_blocksize(aead), 4);
869 x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
875 static int esp6_rcv_cb(struct sk_buff *skb, int err)
880 static const struct xfrm_type esp6_type = {
881 .description = "ESP6",
882 .owner = THIS_MODULE,
883 .proto = IPPROTO_ESP,
884 .flags = XFRM_TYPE_REPLAY_PROT,
885 .init_state = esp6_init_state,
886 .destructor = esp6_destroy,
887 .get_mtu = esp6_get_mtu,
889 .output = esp6_output,
890 .hdr_offset = xfrm6_find_1stfragopt,
893 static struct xfrm6_protocol esp6_protocol = {
894 .handler = xfrm6_rcv,
895 .cb_handler = esp6_rcv_cb,
896 .err_handler = esp6_err,
900 static int __init esp6_init(void)
902 if (xfrm_register_type(&esp6_type, AF_INET6) < 0) {
903 pr_info("%s: can't add xfrm type\n", __func__);
906 if (xfrm6_protocol_register(&esp6_protocol, IPPROTO_ESP) < 0) {
907 pr_info("%s: can't add protocol\n", __func__);
908 xfrm_unregister_type(&esp6_type, AF_INET6);
915 static void __exit esp6_fini(void)
917 if (xfrm6_protocol_deregister(&esp6_protocol, IPPROTO_ESP) < 0)
918 pr_info("%s: can't remove protocol\n", __func__);
919 if (xfrm_unregister_type(&esp6_type, AF_INET6) < 0)
920 pr_info("%s: can't remove xfrm type\n", __func__);
923 module_init(esp6_init);
924 module_exit(esp6_fini);
926 MODULE_LICENSE("GPL");
927 MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_ESP);
projects / karo-tx-linux.git / blob