diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2016-01-24 08:16:16 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2016-01-27 07:35:45 -0500 |
| commit | fdb89b1b8f814260fd8239b1e09edf9e12c97ef2 (patch) | |
| tree | d6f7c5a16fe55f6050629667b990325ca10b0e2d | |
| parent | 84a2c9319dca2cedad13a776c2bc88f41d6beddf (diff) | |
ppp_mppe: Use skcipher and ahash
This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash. This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | drivers/net/ppp/ppp_mppe.c | 99 |
1 files changed, 58 insertions, 41 deletions
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index 05005c660d4d..f60f7660b451 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c | |||
| @@ -42,6 +42,8 @@ | |||
| 42 | * deprecated in 2.6 | 42 | * deprecated in 2.6 |
| 43 | */ | 43 | */ |
| 44 | 44 | ||
| 45 | #include <crypto/hash.h> | ||
| 46 | #include <crypto/skcipher.h> | ||
| 45 | #include <linux/err.h> | 47 | #include <linux/err.h> |
| 46 | #include <linux/module.h> | 48 | #include <linux/module.h> |
| 47 | #include <linux/kernel.h> | 49 | #include <linux/kernel.h> |
| @@ -49,7 +51,6 @@ | |||
| 49 | #include <linux/types.h> | 51 | #include <linux/types.h> |
| 50 | #include <linux/slab.h> | 52 | #include <linux/slab.h> |
| 51 | #include <linux/string.h> | 53 | #include <linux/string.h> |
| 52 | #include <linux/crypto.h> | ||
| 53 | #include <linux/mm.h> | 54 | #include <linux/mm.h> |
| 54 | #include <linux/ppp_defs.h> | 55 | #include <linux/ppp_defs.h> |
| 55 | #include <linux/ppp-comp.h> | 56 | #include <linux/ppp-comp.h> |
| @@ -94,8 +95,8 @@ static inline void sha_pad_init(struct sha_pad *shapad) | |||
| 94 | * State for an MPPE (de)compressor. | 95 | * State for an MPPE (de)compressor. |
| 95 | */ | 96 | */ |
| 96 | struct ppp_mppe_state { | 97 | struct ppp_mppe_state { |
| 97 | struct crypto_blkcipher *arc4; | 98 | struct crypto_skcipher *arc4; |
| 98 | struct crypto_hash *sha1; | 99 | struct crypto_ahash *sha1; |
| 99 | unsigned char *sha1_digest; | 100 | unsigned char *sha1_digest; |
| 100 | unsigned char master_key[MPPE_MAX_KEY_LEN]; | 101 | unsigned char master_key[MPPE_MAX_KEY_LEN]; |
| 101 | unsigned char session_key[MPPE_MAX_KEY_LEN]; | 102 | unsigned char session_key[MPPE_MAX_KEY_LEN]; |
| @@ -135,7 +136,7 @@ struct ppp_mppe_state { | |||
| 135 | */ | 136 | */ |
| 136 | static void get_new_key_from_sha(struct ppp_mppe_state * state) | 137 | static void get_new_key_from_sha(struct ppp_mppe_state * state) |
| 137 | { | 138 | { |
| 138 | struct hash_desc desc; | 139 | AHASH_REQUEST_ON_STACK(req, state->sha1); |
| 139 | struct scatterlist sg[4]; | 140 | struct scatterlist sg[4]; |
| 140 | unsigned int nbytes; | 141 | unsigned int nbytes; |
| 141 | 142 | ||
| @@ -148,10 +149,12 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) | |||
| 148 | nbytes += setup_sg(&sg[3], sha_pad->sha_pad2, | 149 | nbytes += setup_sg(&sg[3], sha_pad->sha_pad2, |
| 149 | sizeof(sha_pad->sha_pad2)); | 150 | sizeof(sha_pad->sha_pad2)); |
| 150 | 151 | ||
| 151 | desc.tfm = state->sha1; | 152 | ahash_request_set_tfm(req, state->sha1); |
| 152 | desc.flags = 0; | 153 | ahash_request_set_callback(req, 0, NULL, NULL); |
| 154 | ahash_request_set_crypt(req, sg, state->sha1_digest, nbytes); | ||
| 153 | 155 | ||
| 154 | crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest); | 156 | crypto_ahash_digest(req); |
| 157 | ahash_request_zero(req); | ||
| 155 | } | 158 | } |
| 156 | 159 | ||
| 157 | /* | 160 | /* |
| @@ -161,20 +164,23 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) | |||
| 161 | static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) | 164 | static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) |
| 162 | { | 165 | { |
| 163 | struct scatterlist sg_in[1], sg_out[1]; | 166 | struct scatterlist sg_in[1], sg_out[1]; |
| 164 | struct blkcipher_desc desc = { .tfm = state->arc4 }; | 167 | SKCIPHER_REQUEST_ON_STACK(req, state->arc4); |
| 168 | |||
| 169 | skcipher_request_set_tfm(req, state->arc4); | ||
| 170 | skcipher_request_set_callback(req, 0, NULL, NULL); | ||
| 165 | 171 | ||
| 166 | get_new_key_from_sha(state); | 172 | get_new_key_from_sha(state); |
| 167 | if (!initial_key) { | 173 | if (!initial_key) { |
| 168 | crypto_blkcipher_setkey(state->arc4, state->sha1_digest, | 174 | crypto_skcipher_setkey(state->arc4, state->sha1_digest, |
| 169 | state->keylen); | 175 | state->keylen); |
| 170 | sg_init_table(sg_in, 1); | 176 | sg_init_table(sg_in, 1); |
| 171 | sg_init_table(sg_out, 1); | 177 | sg_init_table(sg_out, 1); |
| 172 | setup_sg(sg_in, state->sha1_digest, state->keylen); | 178 | setup_sg(sg_in, state->sha1_digest, state->keylen); |
| 173 | setup_sg(sg_out, state->session_key, state->keylen); | 179 | setup_sg(sg_out, state->session_key, state->keylen); |
| 174 | if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | 180 | skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen, |
| 175 | state->keylen) != 0) { | 181 | NULL); |
| 182 | if (crypto_skcipher_encrypt(req)) | ||
| 176 | printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); | 183 | printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); |
| 177 | } | ||
| 178 | } else { | 184 | } else { |
| 179 | memcpy(state->session_key, state->sha1_digest, state->keylen); | 185 | memcpy(state->session_key, state->sha1_digest, state->keylen); |
| 180 | } | 186 | } |
| @@ -184,7 +190,8 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) | |||
| 184 | state->session_key[1] = 0x26; | 190 | state->session_key[1] = 0x26; |
| 185 | state->session_key[2] = 0x9e; | 191 | state->session_key[2] = 0x9e; |
| 186 | } | 192 | } |
| 187 | crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen); | 193 | crypto_skcipher_setkey(state->arc4, state->session_key, state->keylen); |
| 194 | skcipher_request_zero(req); | ||
| 188 | } | 195 | } |
| 189 | 196 | ||
| 190 | /* | 197 | /* |
| @@ -204,19 +211,19 @@ static void *mppe_alloc(unsigned char *options, int optlen) | |||
| 204 | goto out; | 211 | goto out; |
| 205 | 212 | ||
| 206 | 213 | ||
| 207 | state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); | 214 | state->arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); |
| 208 | if (IS_ERR(state->arc4)) { | 215 | if (IS_ERR(state->arc4)) { |
| 209 | state->arc4 = NULL; | 216 | state->arc4 = NULL; |
| 210 | goto out_free; | 217 | goto out_free; |
| 211 | } | 218 | } |
| 212 | 219 | ||
| 213 | state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC); | 220 | state->sha1 = crypto_alloc_ahash("sha1", 0, CRYPTO_ALG_ASYNC); |
| 214 | if (IS_ERR(state->sha1)) { | 221 | if (IS_ERR(state->sha1)) { |
| 215 | state->sha1 = NULL; | 222 | state->sha1 = NULL; |
| 216 | goto out_free; | 223 | goto out_free; |
| 217 | } | 224 | } |
| 218 | 225 | ||
| 219 | digestsize = crypto_hash_digestsize(state->sha1); | 226 | digestsize = crypto_ahash_digestsize(state->sha1); |
| 220 | if (digestsize < MPPE_MAX_KEY_LEN) | 227 | if (digestsize < MPPE_MAX_KEY_LEN) |
| 221 | goto out_free; | 228 | goto out_free; |
| 222 | 229 | ||
| @@ -237,15 +244,12 @@ static void *mppe_alloc(unsigned char *options, int optlen) | |||
| 237 | 244 | ||
| 238 | return (void *)state; | 245 | return (void *)state; |
| 239 | 246 | ||
| 240 | out_free: | 247 | out_free: |
| 241 | if (state->sha1_digest) | 248 | kfree(state->sha1_digest); |
| 242 | kfree(state->sha1_digest); | 249 | crypto_free_ahash(state->sha1); |
| 243 | if (state->sha1) | 250 | crypto_free_skcipher(state->arc4); |
| 244 | crypto_free_hash(state->sha1); | 251 | kfree(state); |
| 245 | if (state->arc4) | 252 | out: |
| 246 | crypto_free_blkcipher(state->arc4); | ||
| 247 | kfree(state); | ||
| 248 | out: | ||
| 249 | return NULL; | 253 | return NULL; |
| 250 | } | 254 | } |
| 251 | 255 | ||
| @@ -256,13 +260,10 @@ static void mppe_free(void *arg) | |||
| 256 | { | 260 | { |
| 257 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | 261 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; |
| 258 | if (state) { | 262 | if (state) { |
| 259 | if (state->sha1_digest) | ||
| 260 | kfree(state->sha1_digest); | 263 | kfree(state->sha1_digest); |
| 261 | if (state->sha1) | 264 | crypto_free_ahash(state->sha1); |
| 262 | crypto_free_hash(state->sha1); | 265 | crypto_free_skcipher(state->arc4); |
| 263 | if (state->arc4) | 266 | kfree(state); |
| 264 | crypto_free_blkcipher(state->arc4); | ||
| 265 | kfree(state); | ||
| 266 | } | 267 | } |
| 267 | } | 268 | } |
| 268 | 269 | ||
| @@ -368,8 +369,9 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, | |||
| 368 | int isize, int osize) | 369 | int isize, int osize) |
| 369 | { | 370 | { |
| 370 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | 371 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; |
| 371 | struct blkcipher_desc desc = { .tfm = state->arc4 }; | 372 | SKCIPHER_REQUEST_ON_STACK(req, state->arc4); |
| 372 | int proto; | 373 | int proto; |
| 374 | int err; | ||
| 373 | struct scatterlist sg_in[1], sg_out[1]; | 375 | struct scatterlist sg_in[1], sg_out[1]; |
| 374 | 376 | ||
| 375 | /* | 377 | /* |
| @@ -426,7 +428,13 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, | |||
| 426 | sg_init_table(sg_out, 1); | 428 | sg_init_table(sg_out, 1); |
| 427 | setup_sg(sg_in, ibuf, isize); | 429 | setup_sg(sg_in, ibuf, isize); |
| 428 | setup_sg(sg_out, obuf, osize); | 430 | setup_sg(sg_out, obuf, osize); |
| 429 | if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in, isize) != 0) { | 431 | |
| 432 | skcipher_request_set_tfm(req, state->arc4); | ||
| 433 | skcipher_request_set_callback(req, 0, NULL, NULL); | ||
| 434 | skcipher_request_set_crypt(req, sg_in, sg_out, isize, NULL); | ||
| 435 | err = crypto_skcipher_encrypt(req); | ||
| 436 | skcipher_request_zero(req); | ||
| 437 | if (err) { | ||
| 430 | printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); | 438 | printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); |
| 431 | return -1; | 439 | return -1; |
| 432 | } | 440 | } |
| @@ -475,7 +483,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 475 | int osize) | 483 | int osize) |
| 476 | { | 484 | { |
| 477 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | 485 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; |
| 478 | struct blkcipher_desc desc = { .tfm = state->arc4 }; | 486 | SKCIPHER_REQUEST_ON_STACK(req, state->arc4); |
| 479 | unsigned ccount; | 487 | unsigned ccount; |
| 480 | int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; | 488 | int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; |
| 481 | struct scatterlist sg_in[1], sg_out[1]; | 489 | struct scatterlist sg_in[1], sg_out[1]; |
| @@ -609,9 +617,14 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 609 | sg_init_table(sg_out, 1); | 617 | sg_init_table(sg_out, 1); |
| 610 | setup_sg(sg_in, ibuf, 1); | 618 | setup_sg(sg_in, ibuf, 1); |
| 611 | setup_sg(sg_out, obuf, 1); | 619 | setup_sg(sg_out, obuf, 1); |
| 612 | if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, 1) != 0) { | 620 | |
| 621 | skcipher_request_set_tfm(req, state->arc4); | ||
| 622 | skcipher_request_set_callback(req, 0, NULL, NULL); | ||
| 623 | skcipher_request_set_crypt(req, sg_in, sg_out, 1, NULL); | ||
| 624 | if (crypto_skcipher_decrypt(req)) { | ||
| 613 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); | 625 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); |
| 614 | return DECOMP_ERROR; | 626 | osize = DECOMP_ERROR; |
| 627 | goto out_zap_req; | ||
| 615 | } | 628 | } |
| 616 | 629 | ||
| 617 | /* | 630 | /* |
| @@ -629,9 +642,11 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 629 | /* And finally, decrypt the rest of the packet. */ | 642 | /* And finally, decrypt the rest of the packet. */ |
| 630 | setup_sg(sg_in, ibuf + 1, isize - 1); | 643 | setup_sg(sg_in, ibuf + 1, isize - 1); |
| 631 | setup_sg(sg_out, obuf + 1, osize - 1); | 644 | setup_sg(sg_out, obuf + 1, osize - 1); |
| 632 | if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, isize - 1)) { | 645 | skcipher_request_set_crypt(req, sg_in, sg_out, isize - 1, NULL); |
| 646 | if (crypto_skcipher_decrypt(req)) { | ||
| 633 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); | 647 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); |
| 634 | return DECOMP_ERROR; | 648 | osize = DECOMP_ERROR; |
| 649 | goto out_zap_req; | ||
| 635 | } | 650 | } |
| 636 | 651 | ||
| 637 | state->stats.unc_bytes += osize; | 652 | state->stats.unc_bytes += osize; |
| @@ -642,6 +657,8 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 642 | /* good packet credit */ | 657 | /* good packet credit */ |
| 643 | state->sanity_errors >>= 1; | 658 | state->sanity_errors >>= 1; |
| 644 | 659 | ||
| 660 | out_zap_req: | ||
| 661 | skcipher_request_zero(req); | ||
| 645 | return osize; | 662 | return osize; |
| 646 | 663 | ||
| 647 | sanity_error: | 664 | sanity_error: |
| @@ -714,8 +731,8 @@ static struct compressor ppp_mppe = { | |||
| 714 | static int __init ppp_mppe_init(void) | 731 | static int __init ppp_mppe_init(void) |
| 715 | { | 732 | { |
| 716 | int answer; | 733 | int answer; |
| 717 | if (!(crypto_has_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) && | 734 | if (!(crypto_has_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) && |
| 718 | crypto_has_hash("sha1", 0, CRYPTO_ALG_ASYNC))) | 735 | crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC))) |
| 719 | return -ENODEV; | 736 | return -ENODEV; |
| 720 | 737 | ||
| 721 | sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL); | 738 | sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL); |