crypto: talitos - add IPsec ESN support
Support for ESNs (extended sequence numbers). Tested with strongswan on a P2020RDB back-to-back setup. Extracted from /etc/ipsec.conf: esp=aes-sha1-esn-modp4096! Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Родитель
79fd31d355
Коммит
e763eb699b
|
@ -38,6 +38,7 @@
|
||||||
#include <linux/spinlock.h>
|
#include <linux/spinlock.h>
|
||||||
#include <linux/rtnetlink.h>
|
#include <linux/rtnetlink.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
|
#include <linux/string.h>
|
||||||
|
|
||||||
#include <crypto/algapi.h>
|
#include <crypto/algapi.h>
|
||||||
#include <crypto/aes.h>
|
#include <crypto/aes.h>
|
||||||
|
@ -1974,7 +1975,11 @@ struct talitos_alg_template {
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct talitos_alg_template driver_algs[] = {
|
static struct talitos_alg_template driver_algs[] = {
|
||||||
/* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
|
/*
|
||||||
|
* AEAD algorithms. These use a single-pass ipsec_esp descriptor.
|
||||||
|
* authencesn(*,*) is also registered, although not present
|
||||||
|
* explicitly here.
|
||||||
|
*/
|
||||||
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
||||||
.alg.crypto = {
|
.alg.crypto = {
|
||||||
.cra_name = "authenc(hmac(sha1),cbc(aes))",
|
.cra_name = "authenc(hmac(sha1),cbc(aes))",
|
||||||
|
@ -2816,7 +2821,9 @@ static int talitos_probe(struct platform_device *ofdev)
|
||||||
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
|
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
|
||||||
struct talitos_crypto_alg *t_alg;
|
struct talitos_crypto_alg *t_alg;
|
||||||
char *name = NULL;
|
char *name = NULL;
|
||||||
|
bool authenc = false;
|
||||||
|
|
||||||
|
authencesn:
|
||||||
t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
|
t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
|
||||||
if (IS_ERR(t_alg)) {
|
if (IS_ERR(t_alg)) {
|
||||||
err = PTR_ERR(t_alg);
|
err = PTR_ERR(t_alg);
|
||||||
|
@ -2831,6 +2838,8 @@ static int talitos_probe(struct platform_device *ofdev)
|
||||||
err = crypto_register_alg(
|
err = crypto_register_alg(
|
||||||
&t_alg->algt.alg.crypto);
|
&t_alg->algt.alg.crypto);
|
||||||
name = t_alg->algt.alg.crypto.cra_driver_name;
|
name = t_alg->algt.alg.crypto.cra_driver_name;
|
||||||
|
authenc = authenc ? !authenc :
|
||||||
|
!(bool)memcmp(name, "authenc", 7);
|
||||||
break;
|
break;
|
||||||
case CRYPTO_ALG_TYPE_AHASH:
|
case CRYPTO_ALG_TYPE_AHASH:
|
||||||
err = crypto_register_ahash(
|
err = crypto_register_ahash(
|
||||||
|
@ -2843,8 +2852,25 @@ static int talitos_probe(struct platform_device *ofdev)
|
||||||
dev_err(dev, "%s alg registration failed\n",
|
dev_err(dev, "%s alg registration failed\n",
|
||||||
name);
|
name);
|
||||||
kfree(t_alg);
|
kfree(t_alg);
|
||||||
} else
|
} else {
|
||||||
list_add_tail(&t_alg->entry, &priv->alg_list);
|
list_add_tail(&t_alg->entry, &priv->alg_list);
|
||||||
|
if (authenc) {
|
||||||
|
struct crypto_alg *alg =
|
||||||
|
&driver_algs[i].alg.crypto;
|
||||||
|
|
||||||
|
name = alg->cra_name;
|
||||||
|
memmove(name + 10, name + 7,
|
||||||
|
strlen(name) - 7);
|
||||||
|
memcpy(name + 7, "esn", 3);
|
||||||
|
|
||||||
|
name = alg->cra_driver_name;
|
||||||
|
memmove(name + 10, name + 7,
|
||||||
|
strlen(name) - 7);
|
||||||
|
memcpy(name + 7, "esn", 3);
|
||||||
|
|
||||||
|
goto authencesn;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!list_empty(&priv->alg_list))
|
if (!list_empty(&priv->alg_list))
|
||||||
|
|
Загрузка…
Ссылка в новой задаче