Support for ESNs (extended sequence numbers).
Tested with strongswan on a P2020RDB back-to-back setup.
Extracted from /etc/ipsec.conf:
esp=aes-sha1-esn-modp4096!
Signed-off-by: Horia Geanta <[email protected]>
---
drivers/crypto/talitos.c | 30 ++++++++++++++++++++++++++++--
1 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index a57fdcd..a6c6168 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -38,6 +38,7 @@
#include <linux/spinlock.h>
#include <linux/rtnetlink.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <crypto/algapi.h>
#include <crypto/aes.h>
@@ -1974,7 +1975,11 @@ struct talitos_alg_template {
};
static struct talitos_alg_template driver_algs[] = {
- /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
+ /*
+ * AEAD algorithms. These use a single-pass ipsec_esp descriptor.
+ * authencesn(*,*) is also registered, although not present
+ * explicitly here.
+ */
{ .type = CRYPTO_ALG_TYPE_AEAD,
.alg.crypto = {
.cra_name = "authenc(hmac(sha1),cbc(aes))",
@@ -2968,7 +2973,9 @@ static int talitos_probe(struct platform_device *ofdev)
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
struct talitos_crypto_alg *t_alg;
char *name = NULL;
+ bool authenc = false;
+authencesn:
t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
if (IS_ERR(t_alg)) {
err = PTR_ERR(t_alg);
@@ -2983,6 +2990,8 @@ static int talitos_probe(struct platform_device *ofdev)
err = crypto_register_alg(
&t_alg->algt.alg.crypto);
name = t_alg->algt.alg.crypto.cra_driver_name;
+ authenc = authenc ? !authenc :
+ !(bool)memcmp(name, "authenc", 7);
break;
case CRYPTO_ALG_TYPE_AHASH:
err = crypto_register_ahash(
@@ -2995,8 +3004,25 @@ static int talitos_probe(struct platform_device *ofdev)
dev_err(dev, "%s alg registration failed\n",
name);
kfree(t_alg);
- } else
+ } else {
list_add_tail(&t_alg->entry, &priv->alg_list);
+ if (authenc) {
+ struct crypto_alg *alg =
+ &driver_algs[i].alg.crypto;
+
+ name = alg->cra_name;
+ memmove(name + 10, name + 7,
+ strlen(name) - 7);
+ memcpy(name + 7, "esn", 3);
+
+ name = alg->cra_driver_name;
+ memmove(name + 10, name + 7,
+ strlen(name) - 7);
+ memcpy(name + 7, "esn", 3);
+
+ goto authencesn;
+ }
+ }
}
}
if (!list_empty(&priv->alg_list))
--
1.7.3.4
On Wed, 8 Aug 2012 18:46:45 +0300
Horia Geanta <[email protected]> wrote:
> Support for ESNs (extended sequence numbers).
> Tested with strongswan on a P2020RDB back-to-back setup.
> Extracted from /etc/ipsec.conf:
> esp=aes-sha1-esn-modp4096!
>
> Signed-off-by: Horia Geanta <[email protected]>
> ---
series:
Reviewed-by: Kim Phillips <[email protected]>
Kim
On Wed, Aug 08, 2012 at 08:22:15PM -0500, Kim Phillips wrote:
> On Wed, 8 Aug 2012 18:46:45 +0300
> Horia Geanta <[email protected]> wrote:
>
> > Support for ESNs (extended sequence numbers).
> > Tested with strongswan on a P2020RDB back-to-back setup.
> > Extracted from /etc/ipsec.conf:
> > esp=aes-sha1-esn-modp4096!
> >
> > Signed-off-by: Horia Geanta <[email protected]>
> > ---
>
> series:
>
> Reviewed-by: Kim Phillips <[email protected]>
Patch applied. Thanks!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, 20 Aug 2012 11:32:12 +0300, Herbert Xu <[email protected]> wrote:
> On Wed, Aug 08, 2012 at 08:22:15PM -0500, Kim Phillips wrote:
>> On Wed, 8 Aug 2012 18:46:45 +0300
>> Horia Geanta <[email protected]> wrote:
>>
>>> Support for ESNs (extended sequence numbers).
>>> Tested with strongswan on a P2020RDB back-to-back setup.
>>> Extracted from /etc/ipsec.conf:
>>> esp=aes-sha1-esn-modp4096!
>>>
>>> Signed-off-by: Horia Geanta <[email protected]>
>>> ---
>>
>> series:
>>
>> Reviewed-by: Kim Phillips <[email protected]>
>
> Patch applied. Thanks!
What about patches [1-4]/5 ?
http://www.mail-archive.com/[email protected]/msg07507.html
Patch 5/5 won't work without these.
4/5 adds "support for handling non-contiguous assoc data and iv", which is
exactly how native IPsec submits SPI + ESN to talitos.
Horia
On Tue, Aug 28, 2012 at 03:47:19PM +0000, Geanta Neag Horia Ioan-B05471 wrote:
>
> What about patches [1-4]/5 ?
> http://www.mail-archive.com/[email protected]/msg07507.html
>
> Patch 5/5 won't work without these.
> 4/5 adds "support for handling non-contiguous assoc data and iv", which is
> exactly how native IPsec submits SPI + ESN to talitos.
Oops, I picked up your v2 which only had the last patch. I'll fix
this up.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt