This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <[email protected]> # 3.8, 3.7
Reported-by: Chaoxing Lin <[email protected]>
Signed-off-by: Horia Geanta <[email protected]>
---
drivers/crypto/talitos.c | 30 ++----------------------------
1 files changed, 2 insertions(+), 28 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 09b184a..5b2b5e6 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -38,7 +38,6 @@
#include <linux/spinlock.h>
#include <linux/rtnetlink.h>
#include <linux/slab.h>
-#include <linux/string.h>
#include <crypto/algapi.h>
#include <crypto/aes.h>
@@ -1974,11 +1973,7 @@ struct talitos_alg_template {
};
static struct talitos_alg_template driver_algs[] = {
- /*
- * AEAD algorithms. These use a single-pass ipsec_esp descriptor.
- * authencesn(*,*) is also registered, although not present
- * explicitly here.
- */
+ /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
{ .type = CRYPTO_ALG_TYPE_AEAD,
.alg.crypto = {
.cra_name = "authenc(hmac(sha1),cbc(aes))",
@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev)
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
struct talitos_crypto_alg *t_alg;
char *name = NULL;
- bool authenc = false;
-authencesn:
t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
if (IS_ERR(t_alg)) {
err = PTR_ERR(t_alg);
@@ -2837,8 +2830,6 @@ authencesn:
err = crypto_register_alg(
&t_alg->algt.alg.crypto);
name = t_alg->algt.alg.crypto.cra_driver_name;
- authenc = authenc ? !authenc :
- !(bool)memcmp(name, "authenc", 7);
break;
case CRYPTO_ALG_TYPE_AHASH:
err = crypto_register_ahash(
@@ -2851,25 +2842,8 @@ authencesn:
dev_err(dev, "%s alg registration failed\n",
name);
kfree(t_alg);
- } else {
+ } else
list_add_tail(&t_alg->entry, &priv->alg_list);
- if (authenc) {
- struct crypto_alg *alg =
- &driver_algs[i].alg.crypto;
-
- name = alg->cra_name;
- memmove(name + 10, name + 7,
- strlen(name) - 7);
- memcpy(name + 7, "esn", 3);
-
- name = alg->cra_driver_name;
- memmove(name + 10, name + 7,
- strlen(name) - 7);
- memcpy(name + 7, "esn", 3);
-
- goto authencesn;
- }
- }
}
}
if (!list_empty(&priv->alg_list))
--
1.7.7.6
On Wed, 20 Mar 2013 16:31:38 +0200
Horia Geanta <[email protected]> wrote:
> This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
>
> Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
> (separate encryption and integrity algorithms) does not conform
> to RFC4303.
>
> ICV is generated by hashing the sequence
> SPI, SeqNum-High, SeqNum-Low, IV, Payload
> instead of
> SPI, SeqNum-Low, IV, Payload, SeqNum-High.
>
> Cc: <[email protected]> # 3.8, 3.7
> Reported-by: Chaoxing Lin <[email protected]>
> Signed-off-by: Horia Geanta <[email protected]>
> ---
Reviewed-by: Kim Phillips <[email protected]>
Kim
On Wed, Mar 20, 2013 at 06:46:34PM -0500, Kim Phillips wrote:
> On Wed, 20 Mar 2013 16:31:38 +0200
> Horia Geanta <[email protected]> wrote:
>
> > This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
> >
> > Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
> > (separate encryption and integrity algorithms) does not conform
> > to RFC4303.
> >
> > ICV is generated by hashing the sequence
> > SPI, SeqNum-High, SeqNum-Low, IV, Payload
> > instead of
> > SPI, SeqNum-Low, IV, Payload, SeqNum-High.
> >
> > Cc: <[email protected]> # 3.8, 3.7
> > Reported-by: Chaoxing Lin <[email protected]>
> > Signed-off-by: Horia Geanta <[email protected]>
> > ---
>
> Reviewed-by: Kim Phillips <[email protected]>
Both patches applied to crypto. Thanks!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt