diff options
author | Horia Geanta <horia.geanta@freescale.com> | 2013-03-20 10:31:38 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2013-03-21 05:36:02 -0400 |
commit | 991155bacb91c988c45586525771758ddadd44ce (patch) | |
tree | 863e0347cbfae5294fda07f02ece153cef4b3b70 /drivers/crypto | |
parent | 32dc43e40a2707d0cb1ab8768d080c3e9bcfed52 (diff) |
Revert "crypto: talitos - add IPsec ESN support"
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto')
-rw-r--r-- | drivers/crypto/talitos.c | 30 |
1 files changed, 2 insertions, 28 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 09b184adf31b..5b2b5e61e4f9 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c | |||
@@ -38,7 +38,6 @@ | |||
38 | #include <linux/spinlock.h> | 38 | #include <linux/spinlock.h> |
39 | #include <linux/rtnetlink.h> | 39 | #include <linux/rtnetlink.h> |
40 | #include <linux/slab.h> | 40 | #include <linux/slab.h> |
41 | #include <linux/string.h> | ||
42 | 41 | ||
43 | #include <crypto/algapi.h> | 42 | #include <crypto/algapi.h> |
44 | #include <crypto/aes.h> | 43 | #include <crypto/aes.h> |
@@ -1974,11 +1973,7 @@ struct talitos_alg_template { | |||
1974 | }; | 1973 | }; |
1975 | 1974 | ||
1976 | static struct talitos_alg_template driver_algs[] = { | 1975 | static struct talitos_alg_template driver_algs[] = { |
1977 | /* | 1976 | /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */ |
1978 | * AEAD algorithms. These use a single-pass ipsec_esp descriptor. | ||
1979 | * authencesn(*,*) is also registered, although not present | ||
1980 | * explicitly here. | ||
1981 | */ | ||
1982 | { .type = CRYPTO_ALG_TYPE_AEAD, | 1977 | { .type = CRYPTO_ALG_TYPE_AEAD, |
1983 | .alg.crypto = { | 1978 | .alg.crypto = { |
1984 | .cra_name = "authenc(hmac(sha1),cbc(aes))", | 1979 | .cra_name = "authenc(hmac(sha1),cbc(aes))", |
@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev) | |||
2820 | if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { | 2815 | if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { |
2821 | struct talitos_crypto_alg *t_alg; | 2816 | struct talitos_crypto_alg *t_alg; |
2822 | char *name = NULL; | 2817 | char *name = NULL; |
2823 | bool authenc = false; | ||
2824 | 2818 | ||
2825 | authencesn: | ||
2826 | t_alg = talitos_alg_alloc(dev, &driver_algs[i]); | 2819 | t_alg = talitos_alg_alloc(dev, &driver_algs[i]); |
2827 | if (IS_ERR(t_alg)) { | 2820 | if (IS_ERR(t_alg)) { |
2828 | err = PTR_ERR(t_alg); | 2821 | err = PTR_ERR(t_alg); |
@@ -2837,8 +2830,6 @@ authencesn: | |||
2837 | err = crypto_register_alg( | 2830 | err = crypto_register_alg( |
2838 | &t_alg->algt.alg.crypto); | 2831 | &t_alg->algt.alg.crypto); |
2839 | name = t_alg->algt.alg.crypto.cra_driver_name; | 2832 | name = t_alg->algt.alg.crypto.cra_driver_name; |
2840 | authenc = authenc ? !authenc : | ||
2841 | !(bool)memcmp(name, "authenc", 7); | ||
2842 | break; | 2833 | break; |
2843 | case CRYPTO_ALG_TYPE_AHASH: | 2834 | case CRYPTO_ALG_TYPE_AHASH: |
2844 | err = crypto_register_ahash( | 2835 | err = crypto_register_ahash( |
@@ -2851,25 +2842,8 @@ authencesn: | |||
2851 | dev_err(dev, "%s alg registration failed\n", | 2842 | dev_err(dev, "%s alg registration failed\n", |
2852 | name); | 2843 | name); |
2853 | kfree(t_alg); | 2844 | kfree(t_alg); |
2854 | } else { | 2845 | } else |
2855 | list_add_tail(&t_alg->entry, &priv->alg_list); | 2846 | list_add_tail(&t_alg->entry, &priv->alg_list); |
2856 | if (authenc) { | ||
2857 | struct crypto_alg *alg = | ||
2858 | &driver_algs[i].alg.crypto; | ||
2859 | |||
2860 | name = alg->cra_name; | ||
2861 | memmove(name + 10, name + 7, | ||
2862 | strlen(name) - 7); | ||
2863 | memcpy(name + 7, "esn", 3); | ||
2864 | |||
2865 | name = alg->cra_driver_name; | ||
2866 | memmove(name + 10, name + 7, | ||
2867 | strlen(name) - 7); | ||
2868 | memcpy(name + 7, "esn", 3); | ||
2869 | |||
2870 | goto authencesn; | ||
2871 | } | ||
2872 | } | ||
2873 | } | 2847 | } |
2874 | } | 2848 | } |
2875 | if (!list_empty(&priv->alg_list)) | 2849 | if (!list_empty(&priv->alg_list)) |