[IPSEC] esp: Remove keys from esp_data structure

The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2007-10-08 20:13:44 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:54:52 -0400
commit: 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch)
tree: 6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6
parent: f0703c80e5156406ad947cb67fe277725b48080f (diff)
3 files changed, 9 insertions, 29 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index d05d8d2c78f4..e793d769430e 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -13,8 +13,6 @@ struct esp_data
        /* Confidentiality */
        struct {
-                u8                      *key;           /* Key */
-                int                     key_len;        /* Key length */
                int                     padlen;         /* 0..255 */
                /* ivlen is offset from enc_data, where encrypted data start.
                 * It is logically different of crypto_tfm_alg_ivsize(tfm).
@@ -28,14 +26,9 @@ struct esp_data
        /* Integrity. It is active when icv_full_len != 0 */
        struct {
-                u8                      *key;           /* Key */
-                int                     key_len;        /* Length of the key */
                u8                      *work_icv;
                int                     icv_full_len;
                int                     icv_trunc_len;
-                void                    (*icv)(struct esp_data*,
-                                               struct sk_buff *skb,
-                                               int offset, int len, u8 *icv);
                struct crypto_hash      *tfm;
        } auth;
 };
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 98767a4f1185..d233e2e62500 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
        struct crypto_blkcipher *tfm;
        u32 align;
-        /* null auth and encryption can have zero length keys */
-        if (x->aalg) {
-                if (x->aalg->alg_key_len > 512)
-                        goto error;
-        }
        if (x->ealg == NULL)
                goto error;
@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
                struct xfrm_algo_desc *aalg_desc;
                struct crypto_hash *hash;
-                esp->auth.key = x->aalg->alg_key;
-                esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
                hash = crypto_alloc_hash(x->aalg->alg_name, 0,
                                         CRYPTO_ALG_ASYNC);
                if (IS_ERR(hash))
                        goto error;
                esp->auth.tfm = hash;
-                if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
+                if (crypto_hash_setkey(hash, x->aalg->alg_key,
+                                       (x->aalg->alg_key_len + 7) / 8))
                        goto error;
                aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
                if (!esp->auth.work_icv)
                        goto error;
        }
-        esp->conf.key = x->ealg->alg_key;
-        esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
        tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(tfm))
                goto error;
@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
                        goto error;
                esp->conf.ivinitted = 0;
        }
-        if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
+        if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
+                                    (x->ealg->alg_key_len + 7) / 8))
                goto error;
        x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
        if (x->props.mode == XFRM_MODE_TUNNEL)
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 2db31ce3c7e6..77281068d0f9 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
        struct esp_data *esp = NULL;
        struct crypto_blkcipher *tfm;
-        /* null auth and encryption can have zero length keys */
-        if (x->aalg) {
-                if (x->aalg->alg_key_len > 512)
-                        goto error;
-        }
        if (x->ealg == NULL)
                goto error;
@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
                struct xfrm_algo_desc *aalg_desc;
                struct crypto_hash *hash;
-                esp->auth.key = x->aalg->alg_key;
-                esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
                hash = crypto_alloc_hash(x->aalg->alg_name, 0,
                                         CRYPTO_ALG_ASYNC);
                if (IS_ERR(hash))
                        goto error;
                esp->auth.tfm = hash;
-                if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
+                if (crypto_hash_setkey(hash, x->aalg->alg_key,
+                                       (x->aalg->alg_key_len + 7) / 8))
                        goto error;
                aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
                if (!esp->auth.work_icv)
                        goto error;
        }
-        esp->conf.key = x->ealg->alg_key;
-        esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
        tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(tfm))
                goto error;
@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
                        goto error;
                esp->conf.ivinitted = 0;
        }
-        if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
+        if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
+                                    (x->ealg->alg_key_len + 7) / 8))
                goto error;
        x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
        if (x->props.mode == XFRM_MODE_TUNNEL)
author	Herbert Xu <herbert@gondor.apana.org.au>	2007-10-08 20:13:44 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:54:52 -0400
commit	4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch)
tree	6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6
parent	f0703c80e5156406ad947cb67fe277725b48080f (diff)

diff --git a/include/net/esp.h b/include/net/esp.h index d05d8d2c78f4..e793d769430e 100644 --- a/include/net/esp.h +++ b/include/net/esp.h
@@ -13,8 +13,6 @@ struct esp_data
13		13
14	/* Confidentiality */	14	/* Confidentiality */
15	struct {	15	struct {
16	u8 key; / Key */
17	int key_len; /* Key length */
18	int padlen; /* 0..255 */	16	int padlen; /* 0..255 */
19	/* ivlen is offset from enc_data, where encrypted data start.	17	/* ivlen is offset from enc_data, where encrypted data start.
20	* It is logically different of crypto_tfm_alg_ivsize(tfm).	18	* It is logically different of crypto_tfm_alg_ivsize(tfm).
@@ -28,14 +26,9 @@ struct esp_data
28		26
29	/* Integrity. It is active when icv_full_len != 0 */	27	/* Integrity. It is active when icv_full_len != 0 */
30	struct {	28	struct {
31	u8 key; / Key */
32	int key_len; /* Length of the key */
33	u8 *work_icv;	29	u8 *work_icv;
34	int icv_full_len;	30	int icv_full_len;
35	int icv_trunc_len;	31	int icv_trunc_len;
36	void (icv)(struct esp_data,
37	struct sk_buff *skb,
38	int offset, int len, u8 *icv);
39	struct crypto_hash *tfm;	32	struct crypto_hash *tfm;
40	} auth;	33	} auth;
41	};	34	};


diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 98767a4f1185..d233e2e62500 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c
@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
343	struct crypto_blkcipher *tfm;	343	struct crypto_blkcipher *tfm;
344	u32 align;	344	u32 align;
345		345
346	/* null auth and encryption can have zero length keys */
347	if (x->aalg) {
348	if (x->aalg->alg_key_len > 512)
349	goto error;
350	}
351	if (x->ealg == NULL)	346	if (x->ealg == NULL)
352	goto error;	347	goto error;
353		348
@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
359	struct xfrm_algo_desc *aalg_desc;	354	struct xfrm_algo_desc *aalg_desc;
360	struct crypto_hash *hash;	355	struct crypto_hash *hash;
361		356
362	esp->auth.key = x->aalg->alg_key;
363	esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
364	hash = crypto_alloc_hash(x->aalg->alg_name, 0,	357	hash = crypto_alloc_hash(x->aalg->alg_name, 0,
365	CRYPTO_ALG_ASYNC);	358	CRYPTO_ALG_ASYNC);
366	if (IS_ERR(hash))	359	if (IS_ERR(hash))
367	goto error;	360	goto error;
368		361
369	esp->auth.tfm = hash;	362	esp->auth.tfm = hash;
370	if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))	363	if (crypto_hash_setkey(hash, x->aalg->alg_key,
		364	(x->aalg->alg_key_len + 7) / 8))
371	goto error;	365	goto error;
372		366
373	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);	367	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
389	if (!esp->auth.work_icv)	383	if (!esp->auth.work_icv)
390	goto error;	384	goto error;
391	}	385	}
392	esp->conf.key = x->ealg->alg_key;	386
393	esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
394	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);	387	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
395	if (IS_ERR(tfm))	388	if (IS_ERR(tfm))
396	goto error;	389	goto error;
@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
403	goto error;	396	goto error;
404	esp->conf.ivinitted = 0;	397	esp->conf.ivinitted = 0;
405	}	398	}
406	if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))	399	if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
		400	(x->ealg->alg_key_len + 7) / 8))
407	goto error;	401	goto error;
408	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;	402	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
409	if (x->props.mode == XFRM_MODE_TUNNEL)	403	if (x->props.mode == XFRM_MODE_TUNNEL)


diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 2db31ce3c7e6..77281068d0f9 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c
@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
297	struct esp_data *esp = NULL;	297	struct esp_data *esp = NULL;
298	struct crypto_blkcipher *tfm;	298	struct crypto_blkcipher *tfm;
299		299
300	/* null auth and encryption can have zero length keys */
301	if (x->aalg) {
302	if (x->aalg->alg_key_len > 512)
303	goto error;
304	}
305	if (x->ealg == NULL)	300	if (x->ealg == NULL)
306	goto error;	301	goto error;
307		302
@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
316	struct xfrm_algo_desc *aalg_desc;	311	struct xfrm_algo_desc *aalg_desc;
317	struct crypto_hash *hash;	312	struct crypto_hash *hash;
318		313
319	esp->auth.key = x->aalg->alg_key;
320	esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
321	hash = crypto_alloc_hash(x->aalg->alg_name, 0,	314	hash = crypto_alloc_hash(x->aalg->alg_name, 0,
322	CRYPTO_ALG_ASYNC);	315	CRYPTO_ALG_ASYNC);
323	if (IS_ERR(hash))	316	if (IS_ERR(hash))
324	goto error;	317	goto error;
325		318
326	esp->auth.tfm = hash;	319	esp->auth.tfm = hash;
327	if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))	320	if (crypto_hash_setkey(hash, x->aalg->alg_key,
		321	(x->aalg->alg_key_len + 7) / 8))
328	goto error;	322	goto error;
329		323
330	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);	324	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
346	if (!esp->auth.work_icv)	340	if (!esp->auth.work_icv)
347	goto error;	341	goto error;
348	}	342	}
349	esp->conf.key = x->ealg->alg_key;
350	esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
351	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);	343	tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
352	if (IS_ERR(tfm))	344	if (IS_ERR(tfm))
353	goto error;	345	goto error;
@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
360	goto error;	352	goto error;
361	esp->conf.ivinitted = 0;	353	esp->conf.ivinitted = 0;
362	}	354	}
363	if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))	355	if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
		356	(x->ealg->alg_key_len + 7) / 8))
364	goto error;	357	goto error;
365	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;	358	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
366	if (x->props.mode == XFRM_MODE_TUNNEL)	359	if (x->props.mode == XFRM_MODE_TUNNEL)