aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-08 20:13:44 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:54:52 -0400
commit4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch)
tree6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6
parentf0703c80e5156406ad947cb67fe277725b48080f (diff)
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/esp.h7
-rw-r--r--net/ipv4/esp4.c16
-rw-r--r--net/ipv6/esp6.c15
3 files changed, 9 insertions, 29 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index d05d8d2c78f4..e793d769430e 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -13,8 +13,6 @@ struct esp_data
13 13
14 /* Confidentiality */ 14 /* Confidentiality */
15 struct { 15 struct {
16 u8 *key; /* Key */
17 int key_len; /* Key length */
18 int padlen; /* 0..255 */ 16 int padlen; /* 0..255 */
19 /* ivlen is offset from enc_data, where encrypted data start. 17 /* ivlen is offset from enc_data, where encrypted data start.
20 * It is logically different of crypto_tfm_alg_ivsize(tfm). 18 * It is logically different of crypto_tfm_alg_ivsize(tfm).
@@ -28,14 +26,9 @@ struct esp_data
28 26
29 /* Integrity. It is active when icv_full_len != 0 */ 27 /* Integrity. It is active when icv_full_len != 0 */
30 struct { 28 struct {
31 u8 *key; /* Key */
32 int key_len; /* Length of the key */
33 u8 *work_icv; 29 u8 *work_icv;
34 int icv_full_len; 30 int icv_full_len;
35 int icv_trunc_len; 31 int icv_trunc_len;
36 void (*icv)(struct esp_data*,
37 struct sk_buff *skb,
38 int offset, int len, u8 *icv);
39 struct crypto_hash *tfm; 32 struct crypto_hash *tfm;
40 } auth; 33 } auth;
41}; 34};
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 98767a4f1185..d233e2e62500 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
343 struct crypto_blkcipher *tfm; 343 struct crypto_blkcipher *tfm;
344 u32 align; 344 u32 align;
345 345
346 /* null auth and encryption can have zero length keys */
347 if (x->aalg) {
348 if (x->aalg->alg_key_len > 512)
349 goto error;
350 }
351 if (x->ealg == NULL) 346 if (x->ealg == NULL)
352 goto error; 347 goto error;
353 348
@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
359 struct xfrm_algo_desc *aalg_desc; 354 struct xfrm_algo_desc *aalg_desc;
360 struct crypto_hash *hash; 355 struct crypto_hash *hash;
361 356
362 esp->auth.key = x->aalg->alg_key;
363 esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
364 hash = crypto_alloc_hash(x->aalg->alg_name, 0, 357 hash = crypto_alloc_hash(x->aalg->alg_name, 0,
365 CRYPTO_ALG_ASYNC); 358 CRYPTO_ALG_ASYNC);
366 if (IS_ERR(hash)) 359 if (IS_ERR(hash))
367 goto error; 360 goto error;
368 361
369 esp->auth.tfm = hash; 362 esp->auth.tfm = hash;
370 if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) 363 if (crypto_hash_setkey(hash, x->aalg->alg_key,
364 (x->aalg->alg_key_len + 7) / 8))
371 goto error; 365 goto error;
372 366
373 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 367 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
389 if (!esp->auth.work_icv) 383 if (!esp->auth.work_icv)
390 goto error; 384 goto error;
391 } 385 }
392 esp->conf.key = x->ealg->alg_key; 386
393 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
394 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); 387 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
395 if (IS_ERR(tfm)) 388 if (IS_ERR(tfm))
396 goto error; 389 goto error;
@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
403 goto error; 396 goto error;
404 esp->conf.ivinitted = 0; 397 esp->conf.ivinitted = 0;
405 } 398 }
406 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 399 if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
400 (x->ealg->alg_key_len + 7) / 8))
407 goto error; 401 goto error;
408 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 402 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
409 if (x->props.mode == XFRM_MODE_TUNNEL) 403 if (x->props.mode == XFRM_MODE_TUNNEL)
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 2db31ce3c7e6..77281068d0f9 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
297 struct esp_data *esp = NULL; 297 struct esp_data *esp = NULL;
298 struct crypto_blkcipher *tfm; 298 struct crypto_blkcipher *tfm;
299 299
300 /* null auth and encryption can have zero length keys */
301 if (x->aalg) {
302 if (x->aalg->alg_key_len > 512)
303 goto error;
304 }
305 if (x->ealg == NULL) 300 if (x->ealg == NULL)
306 goto error; 301 goto error;
307 302
@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
316 struct xfrm_algo_desc *aalg_desc; 311 struct xfrm_algo_desc *aalg_desc;
317 struct crypto_hash *hash; 312 struct crypto_hash *hash;
318 313
319 esp->auth.key = x->aalg->alg_key;
320 esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
321 hash = crypto_alloc_hash(x->aalg->alg_name, 0, 314 hash = crypto_alloc_hash(x->aalg->alg_name, 0,
322 CRYPTO_ALG_ASYNC); 315 CRYPTO_ALG_ASYNC);
323 if (IS_ERR(hash)) 316 if (IS_ERR(hash))
324 goto error; 317 goto error;
325 318
326 esp->auth.tfm = hash; 319 esp->auth.tfm = hash;
327 if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) 320 if (crypto_hash_setkey(hash, x->aalg->alg_key,
321 (x->aalg->alg_key_len + 7) / 8))
328 goto error; 322 goto error;
329 323
330 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 324 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
346 if (!esp->auth.work_icv) 340 if (!esp->auth.work_icv)
347 goto error; 341 goto error;
348 } 342 }
349 esp->conf.key = x->ealg->alg_key;
350 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
351 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); 343 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
352 if (IS_ERR(tfm)) 344 if (IS_ERR(tfm))
353 goto error; 345 goto error;
@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
360 goto error; 352 goto error;
361 esp->conf.ivinitted = 0; 353 esp->conf.ivinitted = 0;
362 } 354 }
363 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 355 if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
356 (x->ealg->alg_key_len + 7) / 8))
364 goto error; 357 goto error;
365 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; 358 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
366 if (x->props.mode == XFRM_MODE_TUNNEL) 359 if (x->props.mode == XFRM_MODE_TUNNEL)