A TODO in net/ipsec.c asks to refactor the code in xfrm_fill_key() to
use set/map to avoid manually comparing each algorithm with the "name"
parameter passed to the function as an argument. This patch refactors
the code to create an array of structs where each struct contains the
algorithm name and its corresponding key length.
Signed-off-by: Gautam Menghani <[email protected]>
---
changes in v2:
1. Fix the compilation warnings for struct and variable declaration
tools/testing/selftests/net/ipsec.c | 108 +++++++++++++---------------
1 file changed, 49 insertions(+), 59 deletions(-)
diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
index cc10c10c5ed9..4a0eeb5b71d2 100644
--- a/tools/testing/selftests/net/ipsec.c
+++ b/tools/testing/selftests/net/ipsec.c
@@ -58,6 +58,8 @@
#define VETH_FMT "ktst-%d"
#define VETH_LEN 12
+#define XFRM_ALGO_NR_KEYS 29
+
static int nsfd_parent = -1;
static int nsfd_childa = -1;
static int nsfd_childb = -1;
@@ -75,6 +77,46 @@ const unsigned int ping_timeout = 300;
const unsigned int ping_count = 100;
const unsigned int ping_success = 80;
+struct xfrm_key_entry {
+ char algo_name[35];
+ int key_len;
+};
+
+struct xfrm_key_entry xfrm_key_entries[XFRM_ALGO_NR_KEYS];
+
+static void init_xfrm_algo_keys(void)
+{
+ xfrm_key_entries[0] = (struct xfrm_key_entry) {"digest_null", 0};
+ xfrm_key_entries[1] = (struct xfrm_key_entry) {"ecb(cipher_null)", 0};
+ xfrm_key_entries[2] = (struct xfrm_key_entry) {"cbc(des)", 64};
+ xfrm_key_entries[3] = (struct xfrm_key_entry) {"hmac(md5)", 128};
+ xfrm_key_entries[4] = (struct xfrm_key_entry) {"cmac(aes)", 128};
+ xfrm_key_entries[5] = (struct xfrm_key_entry) {"xcbc(aes)", 128};
+ xfrm_key_entries[6] = (struct xfrm_key_entry) {"cbc(cast5)", 128};
+ xfrm_key_entries[7] = (struct xfrm_key_entry) {"cbc(serpent)", 128};
+ xfrm_key_entries[8] = (struct xfrm_key_entry) {"hmac(sha1)", 160};
+ xfrm_key_entries[9] = (struct xfrm_key_entry) {"hmac(rmd160)", 160};
+ xfrm_key_entries[10] = (struct xfrm_key_entry) {"cbc(des3_ede)", 192};
+ xfrm_key_entries[11] = (struct xfrm_key_entry) {"hmac(sha256)", 256};
+ xfrm_key_entries[12] = (struct xfrm_key_entry) {"cbc(aes)", 256};
+ xfrm_key_entries[13] = (struct xfrm_key_entry) {"cbc(camellia)", 256};
+ xfrm_key_entries[14] = (struct xfrm_key_entry) {"cbc(twofish)", 256};
+ xfrm_key_entries[15] = (struct xfrm_key_entry) {"rfc3686(ctr(aes))", 288};
+ xfrm_key_entries[16] = (struct xfrm_key_entry) {"hmac(sha384)", 384};
+ xfrm_key_entries[17] = (struct xfrm_key_entry) {"cbc(blowfish)", 448};
+ xfrm_key_entries[18] = (struct xfrm_key_entry) {"hmac(sha512)", 512};
+ xfrm_key_entries[19] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-128", 160};
+ xfrm_key_entries[20] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-128", 160};
+ xfrm_key_entries[21] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-128", 152};
+ xfrm_key_entries[22] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-192", 224};
+ xfrm_key_entries[23] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-192", 224};
+ xfrm_key_entries[24] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-192", 216};
+ xfrm_key_entries[25] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-256", 288};
+ xfrm_key_entries[26] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-256", 288};
+ xfrm_key_entries[27] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-256", 280};
+ xfrm_key_entries[28] = (struct xfrm_key_entry) {"rfc7539(chacha20,poly1305)-128", 0};
+}
+
static void randomize_buffer(void *buf, size_t buflen)
{
int *p = (int *)buf;
@@ -767,65 +809,12 @@ static int do_ping(int cmd_fd, char *buf, size_t buf_len, struct in_addr from,
static int xfrm_fill_key(char *name, char *buf,
size_t buf_len, unsigned int *key_len)
{
- /* TODO: use set/map instead */
- if (strncmp(name, "digest_null", ALGO_LEN) == 0)
- *key_len = 0;
- else if (strncmp(name, "ecb(cipher_null)", ALGO_LEN) == 0)
- *key_len = 0;
- else if (strncmp(name, "cbc(des)", ALGO_LEN) == 0)
- *key_len = 64;
- else if (strncmp(name, "hmac(md5)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cmac(aes)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "xcbc(aes)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cbc(cast5)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cbc(serpent)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "hmac(sha1)", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "hmac(rmd160)", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "cbc(des3_ede)", ALGO_LEN) == 0)
- *key_len = 192;
- else if (strncmp(name, "hmac(sha256)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(aes)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(camellia)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(twofish)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "rfc3686(ctr(aes))", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "hmac(sha384)", ALGO_LEN) == 0)
- *key_len = 384;
- else if (strncmp(name, "cbc(blowfish)", ALGO_LEN) == 0)
- *key_len = 448;
- else if (strncmp(name, "hmac(sha512)", ALGO_LEN) == 0)
- *key_len = 512;
- else if (strncmp(name, "rfc4106(gcm(aes))-128", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "rfc4543(gcm(aes))-128", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "rfc4309(ccm(aes))-128", ALGO_LEN) == 0)
- *key_len = 152;
- else if (strncmp(name, "rfc4106(gcm(aes))-192", ALGO_LEN) == 0)
- *key_len = 224;
- else if (strncmp(name, "rfc4543(gcm(aes))-192", ALGO_LEN) == 0)
- *key_len = 224;
- else if (strncmp(name, "rfc4309(ccm(aes))-192", ALGO_LEN) == 0)
- *key_len = 216;
- else if (strncmp(name, "rfc4106(gcm(aes))-256", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "rfc4543(gcm(aes))-256", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "rfc4309(ccm(aes))-256", ALGO_LEN) == 0)
- *key_len = 280;
- else if (strncmp(name, "rfc7539(chacha20,poly1305)-128", ALGO_LEN) == 0)
- *key_len = 0;
+ int i;
+
+ for (i = 0; i < XFRM_ALGO_NR_KEYS; i++) {
+ if (strncmp(name, xfrm_key_entries[i].algo_name, ALGO_LEN) == 0)
+ *key_len = xfrm_key_entries[i].key_len;
+ }
if (*key_len > buf_len) {
printk("Can't pack a key - too big for buffer");
@@ -2305,6 +2294,7 @@ int main(int argc, char **argv)
}
}
+ init_xfrm_algo_keys();
srand(time(NULL));
page_size = sysconf(_SC_PAGESIZE);
if (page_size < 1)
--
2.34.1
On 8/3/22 8:23 AM, Gautam Menghani wrote:
> A TODO in net/ipsec.c asks to refactor the code in xfrm_fill_key() to
> use set/map to avoid manually comparing each algorithm with the "name"
> parameter passed to the function as an argument. This patch refactors
> the code to create an array of structs where each struct contains the
> algorithm name and its corresponding key length.
>
> Signed-off-by: Gautam Menghani <[email protected]>
> ---
> changes in v2:
> 1. Fix the compilation warnings for struct and variable declaration
>
> tools/testing/selftests/net/ipsec.c | 108 +++++++++++++---------------
> 1 file changed, 49 insertions(+), 59 deletions(-)
>
> diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
> index cc10c10c5ed9..4a0eeb5b71d2 100644
> --- a/tools/testing/selftests/net/ipsec.c
> +++ b/tools/testing/selftests/net/ipsec.c
> @@ -58,6 +58,8 @@
> #define VETH_FMT "ktst-%d"
> #define VETH_LEN 12
>
> +#define XFRM_ALGO_NR_KEYS 29
> +
> static int nsfd_parent = -1;
> static int nsfd_childa = -1;
> static int nsfd_childb = -1;
> @@ -75,6 +77,46 @@ const unsigned int ping_timeout = 300;
> const unsigned int ping_count = 100;
> const unsigned int ping_success = 80;
>
> +struct xfrm_key_entry {
> + char algo_name[35];
> + int key_len;
> +};
> +
> +struct xfrm_key_entry xfrm_key_entries[XFRM_ALGO_NR_KEYS];
There seems no need to fill up xfrm_key_entries at run time. Please fill
them at compile time.
struct xfrm_key_entry xfrm_key_entries[] = {
{"digest_null", 0},
{"ecb(cipher_null)", 0},
...
};
> +
> +static void init_xfrm_algo_keys(void)
> +{
> + xfrm_key_entries[0] = (struct xfrm_key_entry) {"digest_null", 0};
> + xfrm_key_entries[1] = (struct xfrm_key_entry) {"ecb(cipher_null)", 0};
> + xfrm_key_entries[2] = (struct xfrm_key_entry) {"cbc(des)", 64};
> + xfrm_key_entries[3] = (struct xfrm_key_entry) {"hmac(md5)", 128};
> + xfrm_key_entries[4] = (struct xfrm_key_entry) {"cmac(aes)", 128};
> + xfrm_key_entries[5] = (struct xfrm_key_entry) {"xcbc(aes)", 128};
> + xfrm_key_entries[6] = (struct xfrm_key_entry) {"cbc(cast5)", 128};
> + xfrm_key_entries[7] = (struct xfrm_key_entry) {"cbc(serpent)", 128};
> + xfrm_key_entries[8] = (struct xfrm_key_entry) {"hmac(sha1)", 160};
> + xfrm_key_entries[9] = (struct xfrm_key_entry) {"hmac(rmd160)", 160};
> + xfrm_key_entries[10] = (struct xfrm_key_entry) {"cbc(des3_ede)", 192};
> + xfrm_key_entries[11] = (struct xfrm_key_entry) {"hmac(sha256)", 256};
> + xfrm_key_entries[12] = (struct xfrm_key_entry) {"cbc(aes)", 256};
> + xfrm_key_entries[13] = (struct xfrm_key_entry) {"cbc(camellia)", 256};
> + xfrm_key_entries[14] = (struct xfrm_key_entry) {"cbc(twofish)", 256};
> + xfrm_key_entries[15] = (struct xfrm_key_entry) {"rfc3686(ctr(aes))", 288};
> + xfrm_key_entries[16] = (struct xfrm_key_entry) {"hmac(sha384)", 384};
> + xfrm_key_entries[17] = (struct xfrm_key_entry) {"cbc(blowfish)", 448};
> + xfrm_key_entries[18] = (struct xfrm_key_entry) {"hmac(sha512)", 512};
> + xfrm_key_entries[19] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-128", 160};
> + xfrm_key_entries[20] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-128", 160};
> + xfrm_key_entries[21] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-128", 152};
> + xfrm_key_entries[22] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-192", 224};
> + xfrm_key_entries[23] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-192", 224};
> + xfrm_key_entries[24] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-192", 216};
> + xfrm_key_entries[25] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-256", 288};
> + xfrm_key_entries[26] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-256", 288};
> + xfrm_key_entries[27] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-256", 280};
> + xfrm_key_entries[28] = (struct xfrm_key_entry) {"rfc7539(chacha20,poly1305)-128", 0};
> +}
--
Muhammad Usama Anjum
A TODO in net/ipsec.c asks to refactor the code in xfrm_fill_key() to
use set/map to avoid manually comparing each algorithm with the "name"
parameter passed to the function as an argument. This patch refactors
the code to create an array of structs where each struct contains the
algorithm name and its corresponding key length.
Signed-off-by: Gautam Menghani <[email protected]>
---
changes in v3:
1. Initialize the struct array of algorithms->keys at compile time
changes in v2:
1. Fix the compilation warnings for struct and variable declaration
tools/testing/selftests/net/ipsec.c | 104 ++++++++++++----------------
1 file changed, 45 insertions(+), 59 deletions(-)
diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
index cc10c10c5ed9..9a8229abfa02 100644
--- a/tools/testing/selftests/net/ipsec.c
+++ b/tools/testing/selftests/net/ipsec.c
@@ -58,6 +58,8 @@
#define VETH_FMT "ktst-%d"
#define VETH_LEN 12
+#define XFRM_ALGO_NR_KEYS 29
+
static int nsfd_parent = -1;
static int nsfd_childa = -1;
static int nsfd_childb = -1;
@@ -75,6 +77,43 @@ const unsigned int ping_timeout = 300;
const unsigned int ping_count = 100;
const unsigned int ping_success = 80;
+struct xfrm_key_entry {
+ char algo_name[35];
+ int key_len;
+};
+
+struct xfrm_key_entry xfrm_key_entries[] = {
+ {"digest_null", 0},
+ {"ecb(cipher_null)", 0},
+ {"cbc(des)", 64},
+ {"hmac(md5)", 128},
+ {"cmac(aes)", 128},
+ {"xcbc(aes)", 128},
+ {"cbc(cast5)", 128},
+ {"cbc(serpent)", 128},
+ {"hmac(sha1)", 160},
+ {"hmac(rmd160)", 160},
+ {"cbc(des3_ede)", 192},
+ {"hmac(sha256)", 256},
+ {"cbc(aes)", 256},
+ {"cbc(camellia)", 256},
+ {"cbc(twofish)", 256},
+ {"rfc3686(ctr(aes))", 288},
+ {"hmac(sha384)", 384},
+ {"cbc(blowfish)", 448},
+ {"hmac(sha512)", 512},
+ {"rfc4106(gcm(aes))-128", 160},
+ {"rfc4543(gcm(aes))-128", 160},
+ {"rfc4309(ccm(aes))-128", 152},
+ {"rfc4106(gcm(aes))-192", 224},
+ {"rfc4543(gcm(aes))-192", 224},
+ {"rfc4309(ccm(aes))-192", 216},
+ {"rfc4106(gcm(aes))-256", 288},
+ {"rfc4543(gcm(aes))-256", 288},
+ {"rfc4309(ccm(aes))-256", 280},
+ {"rfc7539(chacha20,poly1305)-128", 0}
+};
+
static void randomize_buffer(void *buf, size_t buflen)
{
int *p = (int *)buf;
@@ -767,65 +806,12 @@ static int do_ping(int cmd_fd, char *buf, size_t buf_len, struct in_addr from,
static int xfrm_fill_key(char *name, char *buf,
size_t buf_len, unsigned int *key_len)
{
- /* TODO: use set/map instead */
- if (strncmp(name, "digest_null", ALGO_LEN) == 0)
- *key_len = 0;
- else if (strncmp(name, "ecb(cipher_null)", ALGO_LEN) == 0)
- *key_len = 0;
- else if (strncmp(name, "cbc(des)", ALGO_LEN) == 0)
- *key_len = 64;
- else if (strncmp(name, "hmac(md5)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cmac(aes)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "xcbc(aes)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cbc(cast5)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "cbc(serpent)", ALGO_LEN) == 0)
- *key_len = 128;
- else if (strncmp(name, "hmac(sha1)", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "hmac(rmd160)", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "cbc(des3_ede)", ALGO_LEN) == 0)
- *key_len = 192;
- else if (strncmp(name, "hmac(sha256)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(aes)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(camellia)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "cbc(twofish)", ALGO_LEN) == 0)
- *key_len = 256;
- else if (strncmp(name, "rfc3686(ctr(aes))", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "hmac(sha384)", ALGO_LEN) == 0)
- *key_len = 384;
- else if (strncmp(name, "cbc(blowfish)", ALGO_LEN) == 0)
- *key_len = 448;
- else if (strncmp(name, "hmac(sha512)", ALGO_LEN) == 0)
- *key_len = 512;
- else if (strncmp(name, "rfc4106(gcm(aes))-128", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "rfc4543(gcm(aes))-128", ALGO_LEN) == 0)
- *key_len = 160;
- else if (strncmp(name, "rfc4309(ccm(aes))-128", ALGO_LEN) == 0)
- *key_len = 152;
- else if (strncmp(name, "rfc4106(gcm(aes))-192", ALGO_LEN) == 0)
- *key_len = 224;
- else if (strncmp(name, "rfc4543(gcm(aes))-192", ALGO_LEN) == 0)
- *key_len = 224;
- else if (strncmp(name, "rfc4309(ccm(aes))-192", ALGO_LEN) == 0)
- *key_len = 216;
- else if (strncmp(name, "rfc4106(gcm(aes))-256", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "rfc4543(gcm(aes))-256", ALGO_LEN) == 0)
- *key_len = 288;
- else if (strncmp(name, "rfc4309(ccm(aes))-256", ALGO_LEN) == 0)
- *key_len = 280;
- else if (strncmp(name, "rfc7539(chacha20,poly1305)-128", ALGO_LEN) == 0)
- *key_len = 0;
+ int i;
+
+ for (i = 0; i < XFRM_ALGO_NR_KEYS; i++) {
+ if (strncmp(name, xfrm_key_entries[i].algo_name, ALGO_LEN) == 0)
+ *key_len = xfrm_key_entries[i].key_len;
+ }
if (*key_len > buf_len) {
printk("Can't pack a key - too big for buffer");
--
2.34.1
On Sat, Aug 06, 2022 at 10:05:30PM +0530, Gautam Menghani wrote:
> A TODO in net/ipsec.c asks to refactor the code in xfrm_fill_key() to
> use set/map to avoid manually comparing each algorithm with the "name"
> parameter passed to the function as an argument. This patch refactors
> the code to create an array of structs where each struct contains the
> algorithm name and its corresponding key length.
>
> Signed-off-by: Gautam Menghani <[email protected]>
Applied to ipsec-next, thanks!