aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.osdl.org>2006-12-07 12:05:15 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-07 12:05:15 -0500
commit2685b267bce34c9b66626cb11664509c32a761a5 (patch)
treece8b4ad47b4a1aa1b0e7634298d63c4cb0ca46c5
parent4522d58275f124105819723e24e912c8e5bf3cdd (diff)
parent272491ef423b6976a230a998b10f46976aa91342 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (48 commits) [NETFILTER]: Fix non-ANSI func. decl. [TG3]: Identify Serdes devices more clearly. [TG3]: Use msleep. [TG3]: Use netif_msg_*. [TG3]: Allow partial speed advertisement. [TG3]: Add TG3_FLG2_IS_NIC flag. [TG3]: Add 5787F device ID. [TG3]: Fix Phy loopback. [WANROUTER]: Kill kmalloc debugging code. [TCP] inet_twdr_hangman: Delete unnecessary memory barrier(). [NET]: Memory barrier cleanups [IPSEC]: Fix inetpeer leak in ipv4 xfrm dst entries. audit: disable ipsec auditing when CONFIG_AUDITSYSCALL=n audit: Add auditing to ipsec [IRDA] irlan: Fix compile warning when CONFIG_PROC_FS=n [IrDA]: Incorrect TTP header reservation [IrDA]: PXA FIR code device model conversion [GENETLINK]: Fix misplaced command flags. [NETLIK]: Add a pointer to the Generic Netlink wiki page. [IPV6] RAW: Don't release unlocked sock. ...
Diffstat
-rw-r--r--Documentation/networking/00-INDEX2
-rw-r--r--Documentation/networking/generic_netlink.txt3
-rw-r--r--crypto/Kconfig34
-rw-r--r--crypto/Makefile3
-rw-r--r--crypto/api.c15
-rw-r--r--crypto/digest.c48
-rw-r--r--crypto/gf128mul.c466
-rw-r--r--crypto/lrw.c301
-rw-r--r--crypto/tcrypt.c15
-rw-r--r--crypto/tcrypt.h602
-rw-r--r--crypto/xcbc.c348
-rw-r--r--drivers/atm/Makefile2
-rw-r--r--drivers/block/Kconfig1
-rw-r--r--drivers/crypto/Kconfig13
-rw-r--r--drivers/crypto/Makefile1
-rw-r--r--drivers/crypto/geode-aes.c474
-rw-r--r--drivers/crypto/geode-aes.h40
-rw-r--r--drivers/md/dm-crypt.c68
-rw-r--r--drivers/net/irda/pxaficp_ir.c26
-rw-r--r--drivers/net/tg3.c142
-rw-r--r--drivers/net/tg3.h1
-rw-r--r--include/crypto/b128ops.h80
-rw-r--r--include/crypto/gf128mul.h198
-rw-r--r--include/linux/audit.h6
-rw-r--r--include/linux/crypto.h22
-rw-r--r--include/linux/genetlink.h6
-rw-r--r--include/linux/netfilter/nf_conntrack_pptp.h3
-rw-r--r--include/linux/pci_ids.h3
-rw-r--r--include/linux/pfkeyv2.h1
-rw-r--r--include/net/irda/irlan_filter.h2
-rw-r--r--include/net/xfrm.h24
-rw-r--r--kernel/auditsc.c6
-rw-r--r--net/bridge/br_netfilter.c36
-rw-r--r--net/core/wireless.c4
-rw-r--r--net/ipv4/inet_timewait_sock.c1
-rw-r--r--net/ipv4/netfilter/arp_tables.c48
-rw-r--r--net/ipv4/netfilter/ip_tables.c144
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/ipv4/tcp_input.c4
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv6/ip6_output.c2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c59
-rw-r--r--net/ipv6/raw.c3
-rw-r--r--net/irda/irttp.c4
-rw-r--r--net/key/af_key.c27
-rw-r--r--net/netfilter/nf_conntrack_core.c2
-rw-r--r--net/netfilter/nf_conntrack_expect.c27
-rw-r--r--net/netlink/genetlink.c18
-rw-r--r--net/packet/af_packet.c2
-rw-r--r--net/sched/cls_fw.c3
-rw-r--r--net/wanrouter/wanmain.c57
-rw-r--r--net/xfrm/xfrm_algo.c17
-rw-r--r--net/xfrm/xfrm_policy.c177
-rw-r--r--net/xfrm/xfrm_state.c42
-rw-r--r--net/xfrm/xfrm_user.c33
55 files changed, 3208 insertions, 462 deletions
diff --git a/Documentation/networking/00-INDEX b/Documentation/networking/00-INDEX
index b1181ce232d9..e06b6e3c1db5 100644
--- a/Documentation/networking/00-INDEX
+++ b/Documentation/networking/00-INDEX
@@ -58,6 +58,8 @@ fore200e.txt
58 - FORE Systems PCA-200E/SBA-200E ATM NIC driver info. 58 - FORE Systems PCA-200E/SBA-200E ATM NIC driver info.
59framerelay.txt 59framerelay.txt
60 - info on using Frame Relay/Data Link Connection Identifier (DLCI). 60 - info on using Frame Relay/Data Link Connection Identifier (DLCI).
61generic_netlink.txt
62 - info on Generic Netlink
61ip-sysctl.txt 63ip-sysctl.txt
62 - /proc/sys/net/ipv4/* variables 64 - /proc/sys/net/ipv4/* variables
63ip_dynaddr.txt 65ip_dynaddr.txt
diff --git a/Documentation/networking/generic_netlink.txt b/Documentation/networking/generic_netlink.txt
new file mode 100644
index 000000000000..d4f8b8b9b53c
--- /dev/null
+++ b/Documentation/networking/generic_netlink.txt
@@ -0,0 +1,3 @@
1A wiki document on how to use Generic Netlink can be found here:
2
3 * http://linux-net.osdl.org/index.php/Generic_Netlink_HOWTO
diff --git a/crypto/Kconfig b/crypto/Kconfig
index cbae8392ce11..92ba249f3a5b 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -39,6 +39,17 @@ config CRYPTO_HMAC
39 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 39 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
40 This is required for IPSec. 40 This is required for IPSec.
41 41
42config CRYPTO_XCBC
43 tristate "XCBC support"
44 depends on EXPERIMENTAL
45 select CRYPTO_HASH
46 select CRYPTO_MANAGER
47 help
48 XCBC: Keyed-Hashing with encryption algorithm
49 http://www.ietf.org/rfc/rfc3566.txt
50 http://csrc.nist.gov/encryption/modes/proposedmodes/
51 xcbc-mac/xcbc-mac-spec.pdf
52
42config CRYPTO_NULL 53config CRYPTO_NULL
43 tristate "Null algorithms" 54 tristate "Null algorithms"
44 select CRYPTO_ALGAPI 55 select CRYPTO_ALGAPI
@@ -128,6 +139,16 @@ config CRYPTO_TGR192
128 See also: 139 See also:
129 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 140 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
130 141
142config CRYPTO_GF128MUL
143 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
144 depends on EXPERIMENTAL
145 help
146 Efficient table driven implementation of multiplications in the
147 field GF(2^128). This is needed by some cypher modes. This
148 option will be selected automatically if you select such a
149 cipher mode. Only select this option by hand if you expect to load
150 an external module that requires these functions.
151
131config CRYPTO_ECB 152config CRYPTO_ECB
132 tristate "ECB support" 153 tristate "ECB support"
133 select CRYPTO_BLKCIPHER 154 select CRYPTO_BLKCIPHER
@@ -147,6 +168,19 @@ config CRYPTO_CBC
147 CBC: Cipher Block Chaining mode 168 CBC: Cipher Block Chaining mode
148 This block cipher algorithm is required for IPSec. 169 This block cipher algorithm is required for IPSec.
149 170
171config CRYPTO_LRW
172 tristate "LRW support (EXPERIMENTAL)"
173 depends on EXPERIMENTAL
174 select CRYPTO_BLKCIPHER
175 select CRYPTO_MANAGER
176 select CRYPTO_GF128MUL
177 help
178 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
179 narrow block cipher mode for dm-crypt. Use it with cipher
180 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
181 The first 128, 192 or 256 bits in the key are used for AES and the
182 rest is used to tie each cipher block to its logical position.
183
150config CRYPTO_DES 184config CRYPTO_DES
151 tristate "DES and Triple DES EDE cipher algorithms" 185 tristate "DES and Triple DES EDE cipher algorithms"
152 select CRYPTO_ALGAPI 186 select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index 72366208e291..60e3d24f61f5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
15 15
16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o 16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
18obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
18obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o 19obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
19obj-$(CONFIG_CRYPTO_MD4) += md4.o 20obj-$(CONFIG_CRYPTO_MD4) += md4.o
20obj-$(CONFIG_CRYPTO_MD5) += md5.o 21obj-$(CONFIG_CRYPTO_MD5) += md5.o
@@ -23,8 +24,10 @@ obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
23obj-$(CONFIG_CRYPTO_SHA512) += sha512.o 24obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
24obj-$(CONFIG_CRYPTO_WP512) += wp512.o 25obj-$(CONFIG_CRYPTO_WP512) += wp512.o
25obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o 26obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
27obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
26obj-$(CONFIG_CRYPTO_ECB) += ecb.o 28obj-$(CONFIG_CRYPTO_ECB) += ecb.o
27obj-$(CONFIG_CRYPTO_CBC) += cbc.o 29obj-$(CONFIG_CRYPTO_CBC) += cbc.o
30obj-$(CONFIG_CRYPTO_LRW) += lrw.o
28obj-$(CONFIG_CRYPTO_DES) += des.o 31obj-$(CONFIG_CRYPTO_DES) += des.o
29obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o 32obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
30obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o 33obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
diff --git a/crypto/api.c b/crypto/api.c
index 4fb7fa45cb0d..8c446871cd5b 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -466,23 +466,8 @@ void crypto_free_tfm(struct crypto_tfm *tfm)
466 kfree(tfm); 466 kfree(tfm);
467} 467}
468 468
469int crypto_alg_available(const char *name, u32 flags)
470{
471 int ret = 0;
472 struct crypto_alg *alg = crypto_alg_mod_lookup(name, 0,
473 CRYPTO_ALG_ASYNC);
474
475 if (!IS_ERR(alg)) {
476 crypto_mod_put(alg);
477 ret = 1;
478 }
479
480 return ret;
481}
482
483EXPORT_SYMBOL_GPL(crypto_alloc_tfm); 469EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
484EXPORT_SYMBOL_GPL(crypto_free_tfm); 470EXPORT_SYMBOL_GPL(crypto_free_tfm);
485EXPORT_SYMBOL_GPL(crypto_alg_available);
486 471
487int crypto_has_alg(const char *name, u32 type, u32 mask) 472int crypto_has_alg(const char *name, u32 type, u32 mask)
488{ 473{
diff --git a/crypto/digest.c b/crypto/digest.c
index 0155a94e4b15..8f4593268ce0 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -21,54 +21,6 @@
21#include "internal.h" 21#include "internal.h"
22#include "scatterwalk.h" 22#include "scatterwalk.h"
23 23
24void crypto_digest_init(struct crypto_tfm *tfm)
25{
26 struct crypto_hash *hash = crypto_hash_cast(tfm);
27 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
28
29 crypto_hash_init(&desc);
30}
31EXPORT_SYMBOL_GPL(crypto_digest_init);
32
33void crypto_digest_update(struct crypto_tfm *tfm,
34 struct scatterlist *sg, unsigned int nsg)
35{
36 struct crypto_hash *hash = crypto_hash_cast(tfm);
37 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
38 unsigned int nbytes = 0;
39 unsigned int i;
40
41 for (i = 0; i < nsg; i++)
42 nbytes += sg[i].length;
43
44 crypto_hash_update(&desc, sg, nbytes);
45}
46EXPORT_SYMBOL_GPL(crypto_digest_update);
47
48void crypto_digest_final(struct crypto_tfm *tfm, u8 *out)
49{
50 struct crypto_hash *hash = crypto_hash_cast(tfm);
51 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
52
53 crypto_hash_final(&desc, out);
54}
55EXPORT_SYMBOL_GPL(crypto_digest_final);
56
57void crypto_digest_digest(struct crypto_tfm *tfm,
58 struct scatterlist *sg, unsigned int nsg, u8 *out)
59{
60 struct crypto_hash *hash = crypto_hash_cast(tfm);
61 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
62 unsigned int nbytes = 0;
63 unsigned int i;
64
65 for (i = 0; i < nsg; i++)
66 nbytes += sg[i].length;
67
68 crypto_hash_digest(&desc, sg, nbytes, out);
69}
70EXPORT_SYMBOL_GPL(crypto_digest_digest);
71
72static int init(struct hash_desc *desc) 24static int init(struct hash_desc *desc)
73{ 25{
74 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); 26 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
new file mode 100644
index 000000000000..0a2aadfa1d85
--- /dev/null
+++ b/crypto/gf128mul.c
@@ -0,0 +1,466 @@
1/* gf128mul.c - GF(2^128) multiplication functions
2 *
3 * Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.
4 * Copyright (c) 2006, Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based on Dr Brian Gladman's (GPL'd) work published at
7 * http://fp.gladman.plus.com/cryptography_technology/index.htm
8 * See the original copyright notice below.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 */
15
16/*
17 ---------------------------------------------------------------------------
18 Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
19
20 LICENSE TERMS
21
22 The free distribution and use of this software in both source and binary
23 form is allowed (with or without changes) provided that:
24
25 1. distributions of this source code include the above copyright
26 notice, this list of conditions and the following disclaimer;
27
28 2. distributions in binary form include the above copyright
29 notice, this list of conditions and the following disclaimer
30 in the documentation and/or other associated materials;
31
32 3. the copyright holder's name is not used to endorse products
33 built using this software without specific written permission.
34
35 ALTERNATIVELY, provided that this notice is retained in full, this product
36 may be distributed under the terms of the GNU General Public License (GPL),
37 in which case the provisions of the GPL apply INSTEAD OF those given above.
38
39 DISCLAIMER
40
41 This software is provided 'as is' with no explicit or implied warranties
42 in respect of its properties, including, but not limited to, correctness
43 and/or fitness for purpose.
44 ---------------------------------------------------------------------------
45 Issue 31/01/2006
46
47 This file provides fast multiplication in GF(128) as required by several
48 cryptographic authentication modes
49*/
50
51#include <crypto/gf128mul.h>
52#include <linux/kernel.h>
53#include <linux/module.h>
54#include <linux/slab.h>
55
56#define gf128mul_dat(q) { \
57 q(0x00), q(0x01), q(0x02), q(0x03), q(0x04), q(0x05), q(0x06), q(0x07),\
58 q(0x08), q(0x09), q(0x0a), q(0x0b), q(0x0c), q(0x0d), q(0x0e), q(0x0f),\
59 q(0x10), q(0x11), q(0x12), q(0x13), q(0x14), q(0x15), q(0x16), q(0x17),\
60 q(0x18), q(0x19), q(0x1a), q(0x1b), q(0x1c), q(0x1d), q(0x1e), q(0x1f),\
61 q(0x20), q(0x21), q(0x22), q(0x23), q(0x24), q(0x25), q(0x26), q(0x27),\
62 q(0x28), q(0x29), q(0x2a), q(0x2b), q(0x2c), q(0x2d), q(0x2e), q(0x2f),\
63 q(0x30), q(0x31), q(0x32), q(0x33), q(0x34), q(0x35), q(0x36), q(0x37),\
64 q(0x38), q(0x39), q(0x3a), q(0x3b), q(0x3c), q(0x3d), q(0x3e), q(0x3f),\
65 q(0x40), q(0x41), q(0x42), q(0x43), q(0x44), q(0x45), q(0x46), q(0x47),\
66 q(0x48), q(0x49), q(0x4a), q(0x4b), q(0x4c), q(0x4d), q(0x4e), q(0x4f),\
67 q(0x50), q(0x51), q(0x52), q(0x53), q(0x54), q(0x55), q(0x56), q(0x57),\
68 q(0x58), q(0x59), q(0x5a), q(0x5b), q(0x5c), q(0x5d), q(0x5e), q(0x5f),\
69 q(0x60), q(0x61), q(0x62), q(0x63), q(0x64), q(0x65), q(0x66), q(0x67),\
70 q(0x68), q(0x69), q(0x6a), q(0x6b), q(0x6c), q(0x6d), q(0x6e), q(0x6f),\
71 q(0x70), q(0x71), q(0x72), q(0x73), q(0x74), q(0x75), q(0x76), q(0x77),\
72 q(0x78), q(0x79), q(0x7a), q(0x7b), q(0x7c), q(0x7d), q(0x7e), q(0x7f),\
73 q(0x80), q(0x81), q(0x82), q(0x83), q(0x84), q(0x85), q(0x86), q(0x87),\
74 q(0x88), q(0x89), q(0x8a), q(0x8b), q(0x8c), q(0x8d), q(0x8e), q(0x8f),\
75 q(0x90), q(0x91), q(0x92), q(0x93), q(0x94), q(0x95), q(0x96), q(0x97),\
76 q(0x98), q(0x99), q(0x9a), q(0x9b), q(0x9c), q(0x9d), q(0x9e), q(0x9f),\
77 q(0xa0), q(0xa1), q(0xa2), q(0xa3), q(0xa4), q(0xa5), q(0xa6), q(0xa7),\
78 q(0xa8), q(0xa9), q(0xaa), q(0xab), q(0xac), q(0xad), q(0xae), q(0xaf),\
79 q(0xb0), q(0xb1), q(0xb2), q(0xb3), q(0xb4), q(0xb5), q(0xb6), q(0xb7),\
80 q(0xb8), q(0xb9), q(0xba), q(0xbb), q(0xbc), q(0xbd), q(0xbe), q(0xbf),\
81 q(0xc0), q(0xc1), q(0xc2), q(0xc3), q(0xc4), q(0xc5), q(0xc6), q(0xc7),\
82 q(0xc8), q(0xc9), q(0xca), q(0xcb), q(0xcc), q(0xcd), q(0xce), q(0xcf),\
83 q(0xd0), q(0xd1), q(0xd2), q(0xd3), q(0xd4), q(0xd5), q(0xd6), q(0xd7),\
84 q(0xd8), q(0xd9), q(0xda), q(0xdb), q(0xdc), q(0xdd), q(0xde), q(0xdf),\
85 q(0xe0), q(0xe1), q(0xe2), q(0xe3), q(0xe4), q(0xe5), q(0xe6), q(0xe7),\
86 q(0xe8), q(0xe9), q(0xea), q(0xeb), q(0xec), q(0xed), q(0xee), q(0xef),\
87 q(0xf0), q(0xf1), q(0xf2), q(0xf3), q(0xf4), q(0xf5), q(0xf6), q(0xf7),\
88 q(0xf8), q(0xf9), q(0xfa), q(0xfb), q(0xfc), q(0xfd), q(0xfe), q(0xff) \
89}
90
91/* Given the value i in 0..255 as the byte overflow when a field element
92 in GHASH is multipled by x^8, this function will return the values that
93 are generated in the lo 16-bit word of the field value by applying the
94 modular polynomial. The values lo_byte and hi_byte are returned via the
95 macro xp_fun(lo_byte, hi_byte) so that the values can be assembled into
96 memory as required by a suitable definition of this macro operating on
97 the table above
98*/
99
100#define xx(p, q) 0x##p##q
101
102#define xda_bbe(i) ( \
103 (i & 0x80 ? xx(43, 80) : 0) ^ (i & 0x40 ? xx(21, c0) : 0) ^ \
104 (i & 0x20 ? xx(10, e0) : 0) ^ (i & 0x10 ? xx(08, 70) : 0) ^ \
105 (i & 0x08 ? xx(04, 38) : 0) ^ (i & 0x04 ? xx(02, 1c) : 0) ^ \
106 (i & 0x02 ? xx(01, 0e) : 0) ^ (i & 0x01 ? xx(00, 87) : 0) \
107)
108
109#define xda_lle(i) ( \
110 (i & 0x80 ? xx(e1, 00) : 0) ^ (i & 0x40 ? xx(70, 80) : 0) ^ \
111 (i & 0x20 ? xx(38, 40) : 0) ^ (i & 0x10 ? xx(1c, 20) : 0) ^ \
112 (i & 0x08 ? xx(0e, 10) : 0) ^ (i & 0x04 ? xx(07, 08) : 0) ^ \
113 (i & 0x02 ? xx(03, 84) : 0) ^ (i & 0x01 ? xx(01, c2) : 0) \
114)
115
116static const u16 gf128mul_table_lle[256] = gf128mul_dat(xda_lle);
117static const u16 gf128mul_table_bbe[256] = gf128mul_dat(xda_bbe);
118
119/* These functions multiply a field element by x, by x^4 and by x^8
120 * in the polynomial field representation. It uses 32-bit word operations
121 * to gain speed but compensates for machine endianess and hence works
122 * correctly on both styles of machine.
123 */
124
125static void gf128mul_x_lle(be128 *r, const be128 *x)
126{
127 u64 a = be64_to_cpu(x->a);
128 u64 b = be64_to_cpu(x->b);
129 u64 _tt = gf128mul_table_lle[(b << 7) & 0xff];
130
131 r->b = cpu_to_be64((b >> 1) | (a << 63));
132 r->a = cpu_to_be64((a >> 1) ^ (_tt << 48));
133}
134
135static void gf128mul_x_bbe(be128 *r, const be128 *x)
136{
137 u64 a = be64_to_cpu(x->a);
138 u64 b = be64_to_cpu(x->b);
139 u64 _tt = gf128mul_table_bbe[a >> 63];
140
141 r->a = cpu_to_be64((a << 1) | (b >> 63));
142 r->b = cpu_to_be64((b << 1) ^ _tt);
143}
144
145static void gf128mul_x8_lle(be128 *x)
146{
147 u64 a = be64_to_cpu(x->a);
148 u64 b = be64_to_cpu(x->b);
149 u64 _tt = gf128mul_table_lle[b & 0xff];
150
151 x->b = cpu_to_be64((b >> 8) | (a << 56));
152 x->a = cpu_to_be64((a >> 8) ^ (_tt << 48));
153}
154
155static void gf128mul_x8_bbe(be128 *x)
156{
157 u64 a = be64_to_cpu(x->a);
158 u64 b = be64_to_cpu(x->b);
159 u64 _tt = gf128mul_table_bbe[a >> 56];
160
161 x->a = cpu_to_be64((a << 8) | (b >> 56));
162 x->b = cpu_to_be64((b << 8) ^ _tt);
163}
164
165void gf128mul_lle(be128 *r, const be128 *b)
166{
167 be128 p[8];
168 int i;
169
170 p[0] = *r;
171 for (i = 0; i < 7; ++i)
172 gf128mul_x_lle(&p[i + 1], &p[i]);
173
174 memset(r, 0, sizeof(r));
175 for (i = 0;;) {
176 u8 ch = ((u8 *)b)[15 - i];
177
178 if (ch & 0x80)
179 be128_xor(r, r, &p[0]);
180 if (ch & 0x40)
181 be128_xor(r, r, &p[1]);
182 if (ch & 0x20)
183 be128_xor(r, r, &p[2]);
184 if (ch & 0x10)
185 be128_xor(r, r, &p[3]);
186 if (ch & 0x08)
187 be128_xor(r, r, &p[4]);
188 if (ch & 0x04)
189 be128_xor(r, r, &p[5]);
190 if (ch & 0x02)
191 be128_xor(r, r, &p[6]);
192 if (ch & 0x01)
193 be128_xor(r, r, &p[7]);
194
195 if (++i >= 16)
196 break;
197
198 gf128mul_x8_lle(r);
199 }
200}
201EXPORT_SYMBOL(gf128mul_lle);
202
203void gf128mul_bbe(be128 *r, const be128 *b)
204{
205 be128 p[8];
206 int i;
207
208 p[0] = *r;
209 for (i = 0; i < 7; ++i)
210 gf128mul_x_bbe(&p[i + 1], &p[i]);
211
212 memset(r, 0, sizeof(r));
213 for (i = 0;;) {
214 u8 ch = ((u8 *)b)[i];
215
216 if (ch & 0x80)
217 be128_xor(r, r, &p[7]);
218 if (ch & 0x40)
219 be128_xor(r, r, &p[6]);
220 if (ch & 0x20)
221 be128_xor(r, r, &p[5]);
222 if (ch & 0x10)
223 be128_xor(r, r, &p[4]);
224 if (ch & 0x08)
225 be128_xor(r, r, &p[3]);
226 if (ch & 0x04)
227 be128_xor(r, r, &p[2]);
228 if (ch & 0x02)
229 be128_xor(r, r, &p[1]);
230 if (ch & 0x01)
231 be128_xor(r, r, &p[0]);
232
233 if (++i >= 16)
234 break;
235
236 gf128mul_x8_bbe(r);
237 }
238}
239EXPORT_SYMBOL(gf128mul_bbe);
240
241/* This version uses 64k bytes of table space.
242 A 16 byte buffer has to be multiplied by a 16 byte key
243 value in GF(128). If we consider a GF(128) value in
244 the buffer's lowest byte, we can construct a table of
245 the 256 16 byte values that result from the 256 values
246 of this byte. This requires 4096 bytes. But we also
247 need tables for each of the 16 higher bytes in the
248 buffer as well, which makes 64 kbytes in total.
249*/
250/* additional explanation
251 * t[0][BYTE] contains g*BYTE
252 * t[1][BYTE] contains g*x^8*BYTE
253 * ..
254 * t[15][BYTE] contains g*x^120*BYTE */
255struct gf128mul_64k *gf128mul_init_64k_lle(const be128 *g)
256{
257 struct gf128mul_64k *t;
258 int i, j, k;
259
260 t = kzalloc(sizeof(*t), GFP_KERNEL);
261 if (!t)
262 goto out;
263
264 for (i = 0; i < 16; i++) {
265 t->t[i] = kzalloc(sizeof(*t->t[i]), GFP_KERNEL);
266 if (!t->t[i]) {
267 gf128mul_free_64k(t);
268 t = NULL;
269 goto out;
270 }
271 }
272
273 t->t[0]->t[128] = *g;
274 for (j = 64; j > 0; j >>= 1)
275 gf128mul_x_lle(&t->t[0]->t[j], &t->t[0]->t[j + j]);
276
277 for (i = 0;;) {
278 for (j = 2; j < 256; j += j)
279 for (k = 1; k < j; ++k)
280 be128_xor(&t->t[i]->t[j + k],
281 &t->t[i]->t[j], &t->t[i]->t[k]);
282
283 if (++i >= 16)
284 break;
285
286 for (j = 128; j > 0; j >>= 1) {
287 t->t[i]->t[j] = t->t[i - 1]->t[j];
288 gf128mul_x8_lle(&t->t[i]->t[j]);
289 }
290 }
291
292out:
293 return t;
294}
295EXPORT_SYMBOL(gf128mul_init_64k_lle);
296
297struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g)
298{
299 struct gf128mul_64k *t;
300 int i, j, k;
301
302 t = kzalloc(sizeof(*t), GFP_KERNEL);
303 if (!t)
304 goto out;
305
306 for (i = 0; i < 16; i++) {
307 t->t[i] = kzalloc(sizeof(*t->t[i]), GFP_KERNEL);
308 if (!t->t[i]) {
309 gf128mul_free_64k(t);
310 t = NULL;
311 goto out;
312 }
313 }
314
315 t->t[0]->t[1] = *g;
316 for (j = 1; j <= 64; j <<= 1)
317 gf128mul_x_bbe(&t->t[0]->t[j + j], &t->t[0]->t[j]);
318
319 for (i = 0;;) {
320 for (j = 2; j < 256; j += j)
321 for (k = 1; k < j; ++k)
322 be128_xor(&t->t[i]->t[j + k],
323 &t->t[i]->t[j], &t->t[i]->t[k]);
324
325 if (++i >= 16)
326 break;
327
328 for (j = 128; j > 0; j >>= 1) {
329 t->t[i]->t[j] = t->t[i - 1]->t[j];
330 gf128mul_x8_bbe(&t->t[i]->t[j]);
331 }
332 }
333
334out:
335 return t;
336}
337EXPORT_SYMBOL(gf128mul_init_64k_bbe);
338
339void gf128mul_free_64k(struct gf128mul_64k *t)
340{
341 int i;
342
343 for (i = 0; i < 16; i++)
344 kfree(t->t[i]);
345 kfree(t);
346}
347EXPORT_SYMBOL(gf128mul_free_64k);
348
349void gf128mul_64k_lle(be128 *a, struct gf128mul_64k *t)
350{
351 u8 *ap = (u8 *)a;
352 be128 r[1];
353 int i;
354
355 *r = t->t[0]->t[ap[0]];
356 for (i = 1; i < 16; ++i)
357 be128_xor(r, r, &t->t[i]->t[ap[i]]);
358 *a = *r;
359}
360EXPORT_SYMBOL(gf128mul_64k_lle);
361
362void gf128mul_64k_bbe(be128 *a, struct gf128mul_64k *t)
363{
364 u8 *ap = (u8 *)a;
365 be128 r[1];
366 int i;
367
368 *r = t->t[0]->t[ap[15]];
369 for (i = 1; i < 16; ++i)
370 be128_xor(r, r, &t->t[i]->t[ap[15 - i]]);
371 *a = *r;
372}
373EXPORT_SYMBOL(gf128mul_64k_bbe);
374
375/* This version uses 4k bytes of table space.
376 A 16 byte buffer has to be multiplied by a 16 byte key
377 value in GF(128). If we consider a GF(128) value in a
378 single byte, we can construct a table of the 256 16 byte
379 values that result from the 256 values of this byte.
380 This requires 4096 bytes. If we take the highest byte in
381 the buffer and use this table to get the result, we then
382 have to multiply by x^120 to get the final value. For the
383 next highest byte the result has to be multiplied by x^112
384 and so on. But we can do this by accumulating the result
385 in an accumulator starting with the result for the top
386 byte. We repeatedly multiply the accumulator value by
387 x^8 and then add in (i.e. xor) the 16 bytes of the next
388 lower byte in the buffer, stopping when we reach the
389 lowest byte. This requires a 4096 byte table.
390*/
391struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g)
392{
393 struct gf128mul_4k *t;
394 int j, k;
395
396 t = kzalloc(sizeof(*t), GFP_KERNEL);
397 if (!t)
398 goto out;
399
400 t->t[128] = *g;
401 for (j = 64; j > 0; j >>= 1)
402 gf128mul_x_lle(&t->t[j], &t->t[j+j]);
403
404 for (j = 2; j < 256; j += j)
405 for (k = 1; k < j; ++k)
406 be128_xor(&t->t[j + k], &t->t[j], &t->t[k]);
407
408out:
409 return t;
410}
411EXPORT_SYMBOL(gf128mul_init_4k_lle);
412
413struct gf128mul_4k *gf128mul_init_4k_bbe(const be128 *g)
414{
415 struct gf128mul_4k *t;
416 int j, k;
417
418 t = kzalloc(sizeof(*t), GFP_KERNEL);
419 if (!t)
420 goto out;
421
422 t->t[1] = *g;
423 for (j = 1; j <= 64; j <<= 1)
424 gf128mul_x_bbe(&t->t[j + j], &t->t[j]);
425
426 for (j = 2; j < 256; j += j)
427 for (k = 1; k < j; ++k)
428 be128_xor(&t->t[j + k], &t->t[j], &t->t[k]);
429
430out:
431 return t;
432}
433EXPORT_SYMBOL(gf128mul_init_4k_bbe);
434
435void gf128mul_4k_lle(be128 *a, struct gf128mul_4k *t)
436{
437 u8 *ap = (u8 *)a;
438 be128 r[1];
439 int i = 15;
440
441 *r = t->t[ap[15]];
442 while (i--) {
443 gf128mul_x8_lle(r);
444 be128_xor(r, r, &t->t[ap[i]]);
445 }
446 *a = *r;
447}
448EXPORT_SYMBOL(gf128mul_4k_lle);
449
450void gf128mul_4k_bbe(be128 *a, struct gf128mul_4k *t)
451{
452 u8 *ap = (u8 *)a;
453 be128 r[1];
454 int i = 0;
455
456 *r = t->t[ap[0]];
457 while (++i < 16) {
458 gf128mul_x8_bbe(r);
459 be128_xor(r, r, &t->t[ap[i]]);
460 }
461 *a = *r;
462}
463EXPORT_SYMBOL(gf128mul_4k_bbe);
464
465MODULE_LICENSE("GPL");
466MODULE_DESCRIPTION("Functions for multiplying elements of GF(2^128)");
diff --git a/crypto/lrw.c b/crypto/lrw.c
new file mode 100644
index 000000000000..56642586d84f
--- /dev/null
+++ b/crypto/lrw.c
@@ -0,0 +1,301 @@
1/* LRW: as defined by Cyril Guyot in
2 * http://grouper.ieee.org/groups/1619/email/pdf00017.pdf
3 *
4 * Copyright (c) 2006 Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based om ecb.c
7 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 */
14/* This implementation is checked against the test vectors in the above
15 * document and by a test vector provided by Ken Buchanan at
16 * http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html
17 *
18 * The test vectors are included in the testing module tcrypt.[ch] */
19#include <crypto/algapi.h>
20#include <linux/err.h>
21#include <linux/init.h>
22#include <linux/kernel.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/slab.h>
26
27#include <crypto/b128ops.h>
28#include <crypto/gf128mul.h>
29
30struct priv {
31 struct crypto_cipher *child;
32 /* optimizes multiplying a random (non incrementing, as at the
33 * start of a new sector) value with key2, we could also have
34 * used 4k optimization tables or no optimization at all. In the
35 * latter case we would have to store key2 here */
36 struct gf128mul_64k *table;
37 /* stores:
38 * key2*{ 0,0,...0,0,0,0,1 }, key2*{ 0,0,...0,0,0,1,1 },
39 * key2*{ 0,0,...0,0,1,1,1 }, key2*{ 0,0,...0,1,1,1,1 }
40 * key2*{ 0,0,...1,1,1,1,1 }, etc
41 * needed for optimized multiplication of incrementing values
42 * with key2 */
43 be128 mulinc[128];
44};
45
46static inline void setbit128_bbe(void *b, int bit)
47{
48 __set_bit(bit ^ 0x78, b);
49}
50
51static int setkey(struct crypto_tfm *parent, const u8 *key,
52 unsigned int keylen)
53{
54 struct priv *ctx = crypto_tfm_ctx(parent);
55 struct crypto_cipher *child = ctx->child;
56 int err, i;
57 be128 tmp = { 0 };
58 int bsize = crypto_cipher_blocksize(child);
59
60 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
61 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
62 CRYPTO_TFM_REQ_MASK);
63 if ((err = crypto_cipher_setkey(child, key, keylen - bsize)))
64 return err;
65 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
66 CRYPTO_TFM_RES_MASK);
67
68 if (ctx->table)
69 gf128mul_free_64k(ctx->table);
70
71 /* initialize multiplication table for Key2 */
72 ctx->table = gf128mul_init_64k_bbe((be128 *)(key + keylen - bsize));
73 if (!ctx->table)
74 return -ENOMEM;
75
76 /* initialize optimization table */
77 for (i = 0; i < 128; i++) {
78 setbit128_bbe(&tmp, i);
79 ctx->mulinc[i] = tmp;
80 gf128mul_64k_bbe(&ctx->mulinc[i], ctx->table);
81 }
82
83 return 0;
84}
85
86struct sinfo {
87 be128 t;
88 struct crypto_tfm *tfm;
89 void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
90};
91
92static inline void inc(be128 *iv)
93{
94 if (!(iv->b = cpu_to_be64(be64_to_cpu(iv->b) + 1)))
95 iv->a = cpu_to_be64(be64_to_cpu(iv->a) + 1);
96}
97
98static inline void lrw_round(struct sinfo *s, void *dst, const void *src)
99{
100 be128_xor(dst, &s->t, src); /* PP <- T xor P */
101 s->fn(s->tfm, dst, dst); /* CC <- E(Key2,PP) */
102 be128_xor(dst, dst, &s->t); /* C <- T xor CC */
103}
104
105/* this returns the number of consequative 1 bits starting
106 * from the right, get_index128(00 00 00 00 00 00 ... 00 00 10 FB) = 2 */
107static inline int get_index128(be128 *block)
108{
109 int x;
110 __be32 *p = (__be32 *) block;
111
112 for (p += 3, x = 0; x < 128; p--, x += 32) {
113 u32 val = be32_to_cpup(p);
114
115 if (!~val)
116 continue;
117
118 return x + ffz(val);
119 }
120
121 return x;
122}
123
124static int crypt(struct blkcipher_desc *d,
125 struct blkcipher_walk *w, struct priv *ctx,
126 void (*fn)(struct crypto_tfm *, u8 *, const u8 *))
127{
128 int err;
129 unsigned int avail;
130 const int bs = crypto_cipher_blocksize(ctx->child);
131 struct sinfo s = {
132 .tfm = crypto_cipher_tfm(ctx->child),
133 .fn = fn
134 };
135 be128 *iv;
136 u8 *wsrc;
137 u8 *wdst;
138
139 err = blkcipher_walk_virt(d, w);
140 if (!(avail = w->nbytes))
141 return err;
142
143 wsrc = w->src.virt.addr;
144 wdst = w->dst.virt.addr;
145
146 /* calculate first value of T */
147 iv = (be128 *)w->iv;
148 s.t = *iv;
149
150 /* T <- I*Key2 */
151 gf128mul_64k_bbe(&s.t, ctx->table);
152
153 goto first;
154
155 for (;;) {
156 do {
157 /* T <- I*Key2, using the optimization
158 * discussed in the specification */
159 be128_xor(&s.t, &s.t, &ctx->mulinc[get_index128(iv)]);
160 inc(iv);
161
162first:
163 lrw_round(&s, wdst, wsrc);
164
165 wsrc += bs;
166 wdst += bs;
167 } while ((avail -= bs) >= bs);
168
169 err = blkcipher_walk_done(d, w, avail);
170 if (!(avail = w->nbytes))
171 break;
172
173 wsrc = w->src.virt.addr;
174 wdst = w->dst.virt.addr;
175 }
176
177 return err;
178}
179
180static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
181 struct scatterlist *src, unsigned int nbytes)
182{
183 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
184 struct blkcipher_walk w;
185
186 blkcipher_walk_init(&w, dst, src, nbytes);
187 return crypt(desc, &w, ctx,
188 crypto_cipher_alg(ctx->child)->cia_encrypt);
189}
190
191static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
192 struct scatterlist *src, unsigned int nbytes)
193{
194 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
195 struct blkcipher_walk w;
196
197 blkcipher_walk_init(&w, dst, src, nbytes);
198 return crypt(desc, &w, ctx,
199 crypto_cipher_alg(ctx->child)->cia_decrypt);
200}
201
202static int init_tfm(struct crypto_tfm *tfm)
203{
204 struct crypto_instance *inst = (void *)tfm->__crt_alg;
205 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
206 struct priv *ctx = crypto_tfm_ctx(tfm);
207 u32 *flags = &tfm->crt_flags;
208
209 tfm = crypto_spawn_tfm(spawn);
210 if (IS_ERR(tfm))
211 return PTR_ERR(tfm);
212
213 if (crypto_tfm_alg_blocksize(tfm) != 16) {
214 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
215 return -EINVAL;
216 }
217
218 ctx->child = crypto_cipher_cast(tfm);
219 return 0;
220}
221
222static void exit_tfm(struct crypto_tfm *tfm)
223{
224 struct priv *ctx = crypto_tfm_ctx(tfm);
225 if (ctx->table)
226 gf128mul_free_64k(ctx->table);
227 crypto_free_cipher(ctx->child);
228}
229
230static struct crypto_instance *alloc(void *param, unsigned int len)
231{
232 struct crypto_instance *inst;
233 struct crypto_alg *alg;
234
235 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
236 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
237 if (IS_ERR(alg))
238 return ERR_PTR(PTR_ERR(alg));
239
240 inst = crypto_alloc_instance("lrw", alg);
241 if (IS_ERR(inst))
242 goto out_put_alg;
243
244 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
245 inst->alg.cra_priority = alg->cra_priority;
246 inst->alg.cra_blocksize = alg->cra_blocksize;
247
248 if (alg->cra_alignmask < 7) inst->alg.cra_alignmask = 7;
249 else inst->alg.cra_alignmask = alg->cra_alignmask;
250 inst->alg.cra_type = &crypto_blkcipher_type;
251
252 if (!(alg->cra_blocksize % 4))
253 inst->alg.cra_alignmask |= 3;
254 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
255 inst->alg.cra_blkcipher.min_keysize =
256 alg->cra_cipher.cia_min_keysize + alg->cra_blocksize;
257 inst->alg.cra_blkcipher.max_keysize =
258 alg->cra_cipher.cia_max_keysize + alg->cra_blocksize;
259
260 inst->alg.cra_ctxsize = sizeof(struct priv);
261
262 inst->alg.cra_init = init_tfm;
263 inst->alg.cra_exit = exit_tfm;
264
265 inst->alg.cra_blkcipher.setkey = setkey;
266 inst->alg.cra_blkcipher.encrypt = encrypt;
267 inst->alg.cra_blkcipher.decrypt = decrypt;
268
269out_put_alg:
270 crypto_mod_put(alg);
271 return inst;
272}
273
274static void free(struct crypto_instance *inst)
275{
276 crypto_drop_spawn(crypto_instance_ctx(inst));
277 kfree(inst);
278}
279
280static struct crypto_template crypto_tmpl = {
281 .name = "lrw",
282 .alloc = alloc,
283 .free = free,
284 .module = THIS_MODULE,
285};
286
287static int __init crypto_module_init(void)
288{
289 return crypto_register_template(&crypto_tmpl);
290}
291
292static void __exit crypto_module_exit(void)
293{
294 crypto_unregister_template(&crypto_tmpl);
295}
296
297module_init(crypto_module_init);
298module_exit(crypto_module_exit);
299
300MODULE_LICENSE("GPL");
301MODULE_DESCRIPTION("LRW block cipher mode");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 83307420d31c..d671e8942b1f 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -906,6 +906,10 @@ static void do_test(void)
906 AES_CBC_ENC_TEST_VECTORS); 906 AES_CBC_ENC_TEST_VECTORS);
907 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, 907 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template,
908 AES_CBC_DEC_TEST_VECTORS); 908 AES_CBC_DEC_TEST_VECTORS);
909 test_cipher("lrw(aes)", ENCRYPT, aes_lrw_enc_tv_template,
910 AES_LRW_ENC_TEST_VECTORS);
911 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
912 AES_LRW_DEC_TEST_VECTORS);
909 913
910 //CAST5 914 //CAST5
911 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 915 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -977,6 +981,9 @@ static void do_test(void)
977 test_hash("hmac(sha256)", hmac_sha256_tv_template, 981 test_hash("hmac(sha256)", hmac_sha256_tv_template,
978 HMAC_SHA256_TEST_VECTORS); 982 HMAC_SHA256_TEST_VECTORS);
979 983
984 test_hash("xcbc(aes)", aes_xcbc128_tv_template,
985 XCBC_AES_TEST_VECTORS);
986
980 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS); 987 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS);
981 break; 988 break;
982 989
@@ -1052,6 +1059,10 @@ static void do_test(void)
1052 AES_CBC_ENC_TEST_VECTORS); 1059 AES_CBC_ENC_TEST_VECTORS);
1053 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, 1060 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template,
1054 AES_CBC_DEC_TEST_VECTORS); 1061 AES_CBC_DEC_TEST_VECTORS);
1062 test_cipher("lrw(aes)", ENCRYPT, aes_lrw_enc_tv_template,
1063 AES_LRW_ENC_TEST_VECTORS);
1064 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
1065 AES_LRW_DEC_TEST_VECTORS);
1055 break; 1066 break;
1056 1067
1057 case 11: 1068 case 11:
@@ -1191,6 +1202,10 @@ static void do_test(void)
1191 aes_speed_template); 1202 aes_speed_template);
1192 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0, 1203 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0,
1193 aes_speed_template); 1204 aes_speed_template);
1205 test_cipher_speed("lrw(aes)", ENCRYPT, sec, NULL, 0,
1206 aes_lrw_speed_template);
1207 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
1208 aes_lrw_speed_template);
1194 break; 1209 break;
1195 1210
1196 case 201: 1211 case 201:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index a40c4411729e..48a81362cb85 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -39,15 +39,15 @@ struct hash_testvec {
39struct cipher_testvec { 39struct cipher_testvec {
40 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4))); 40 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4)));
41 char iv[MAX_IVLEN]; 41 char iv[MAX_IVLEN];
42 char input[48]; 42 char input[512];
43 char result[48]; 43 char result[512];
44 unsigned char tap[MAX_TAP]; 44 unsigned char tap[MAX_TAP];
45 int np; 45 int np;
46 unsigned char fail; 46 unsigned char fail;
47 unsigned char wk; /* weak key flag */ 47 unsigned char wk; /* weak key flag */
48 unsigned char klen; 48 unsigned char klen;
49 unsigned char ilen; 49 unsigned short ilen;
50 unsigned char rlen; 50 unsigned short rlen;
51}; 51};
52 52
53struct cipher_speed { 53struct cipher_speed {
@@ -933,6 +933,74 @@ static struct hash_testvec hmac_sha256_tv_template[] = {
933 }, 933 },
934}; 934};
935 935
936#define XCBC_AES_TEST_VECTORS 6
937
938static struct hash_testvec aes_xcbc128_tv_template[] = {
939 {
940 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
941 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
942 .plaintext = { [0 ... 15] = 0 },
943 .digest = { 0x75, 0xf0, 0x25, 0x1d, 0x52, 0x8a, 0xc0, 0x1c,
944 0x45, 0x73, 0xdf, 0xd5, 0x84, 0xd7, 0x9f, 0x29 },
945 .psize = 0,
946 .ksize = 16,
947 }, {
948 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
949 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
950 .plaintext = { 0x00, 0x01, 0x02 },
951 .digest = { 0x5b, 0x37, 0x65, 0x80, 0xae, 0x2f, 0x19, 0xaf,
952 0xe7, 0x21, 0x9c, 0xee, 0xf1, 0x72, 0x75, 0x6f },
953 .psize = 3,
954 .ksize = 16,
955 } , {
956 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
957 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
958 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
959 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
960 .digest = { 0xd2, 0xa2, 0x46, 0xfa, 0x34, 0x9b, 0x68, 0xa7,
961 0x99, 0x98, 0xa4, 0x39, 0x4f, 0xf7, 0xa2, 0x63 },
962 .psize = 16,
963 .ksize = 16,
964 }, {
965 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
966 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
967 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
968 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
969 0x10, 0x11, 0x12, 0x13 },
970 .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15,
971 0xb8, 0x98, 0x5c, 0x63, 0x05, 0x5e, 0xd3, 0x08 },
972 .tap = { 10, 10 },
973 .psize = 20,
974 .np = 2,
975 .ksize = 16,
976 }, {
977 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
978 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
979 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
980 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
981 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
983 .digest = { 0xf5, 0x4f, 0x0e, 0xc8, 0xd2, 0xb9, 0xf3, 0xd3,
984 0x68, 0x07, 0x73, 0x4b, 0xd5, 0x28, 0x3f, 0xd4 },
985 .psize = 32,
986 .ksize = 16,
987 }, {
988 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
989 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
990 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
991 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
992 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
993 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
994 0x20, 0x21 },
995 .digest = { 0xbe, 0xcb, 0xb3, 0xbc, 0xcd, 0xb5, 0x18, 0xa3,
996 0x06, 0x77, 0xd5, 0x48, 0x1f, 0xb6, 0xb4, 0xd8 },
997 .tap = { 17, 17 },
998 .psize = 34,
999 .np = 2,
1000 .ksize = 16,
1001 }
1002};
1003
936/* 1004/*
937 * DES test vectors. 1005 * DES test vectors.
938 */ 1006 */
@@ -1831,6 +1899,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
1831#define AES_DEC_TEST_VECTORS 3 1899#define AES_DEC_TEST_VECTORS 3
1832#define AES_CBC_ENC_TEST_VECTORS 2 1900#define AES_CBC_ENC_TEST_VECTORS 2
1833#define AES_CBC_DEC_TEST_VECTORS 2 1901#define AES_CBC_DEC_TEST_VECTORS 2
1902#define AES_LRW_ENC_TEST_VECTORS 8
1903#define AES_LRW_DEC_TEST_VECTORS 8
1834 1904
1835static struct cipher_testvec aes_enc_tv_template[] = { 1905static struct cipher_testvec aes_enc_tv_template[] = {
1836 { /* From FIPS-197 */ 1906 { /* From FIPS-197 */
@@ -1968,6 +2038,509 @@ static struct cipher_testvec aes_cbc_dec_tv_template[] = {
1968 }, 2038 },
1969}; 2039};
1970 2040
2041static struct cipher_testvec aes_lrw_enc_tv_template[] = {
2042 /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */
2043 { /* LRW-32-AES 1 */
2044 .key = { 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d,
2045 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85,
2046 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03,
2047 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
2048 .klen = 32,
2049 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2050 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2051 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2052 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2053 .ilen = 16,
2054 .result = { 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f,
2055 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 },
2056 .rlen = 16,
2057 }, { /* LRW-32-AES 2 */
2058 .key = { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c,
2059 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44,
2060 0x0d, 0x48, 0xf0, 0xb7, 0xb1, 0x5a, 0x53, 0xea,
2061 0x1c, 0xaa, 0x6b, 0x29, 0xc2, 0xca, 0xfb, 0xaf
2062 },
2063 .klen = 32,
2064 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2065 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
2066 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2067 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2068 .ilen = 16,
2069 .result = { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5,
2070 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
2071 .rlen = 16,
2072 }, { /* LRW-32-AES 3 */
2073 .key = { 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50,
2074 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47,
2075 0xcd, 0xf9, 0x0b, 0x16, 0x0c, 0x64, 0x8f, 0xb6,
2076 0xb0, 0x0d, 0x0d, 0x1b, 0xae, 0x85, 0x87, 0x1f },
2077 .klen = 32,
2078 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2079 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2080 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2081 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2082 .ilen = 16,
2083 .result = { 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82,
2084 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
2085 .rlen = 16,
2086 }, { /* LRW-32-AES 4 */
2087 .key = { 0x0f, 0x6a, 0xef, 0xf8, 0xd3, 0xd2, 0xbb, 0x15,
2088 0x25, 0x83, 0xf7, 0x3c, 0x1f, 0x01, 0x28, 0x74,
2089 0xca, 0xc6, 0xbc, 0x35, 0x4d, 0x4a, 0x65, 0x54,
2090 0x90, 0xae, 0x61, 0xcf, 0x7b, 0xae, 0xbd, 0xcc,
2091 0xad, 0xe4, 0x94, 0xc5, 0x4a, 0x29, 0xae, 0x70 },
2092 .klen = 40,
2093 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2094 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2095 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2096 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2097 .ilen = 16,
2098 .result = { 0x9c, 0x0f, 0x15, 0x2f, 0x55, 0xa2, 0xd8, 0xf0,
2099 0xd6, 0x7b, 0x8f, 0x9e, 0x28, 0x22, 0xbc, 0x41 },
2100 .rlen = 16,
2101 }, { /* LRW-32-AES 5 */
2102 .key = { 0x8a, 0xd4, 0xee, 0x10, 0x2f, 0xbd, 0x81, 0xff,
2103 0xf8, 0x86, 0xce, 0xac, 0x93, 0xc5, 0xad, 0xc6,
2104 0xa0, 0x19, 0x07, 0xc0, 0x9d, 0xf7, 0xbb, 0xdd,
2105 0x52, 0x13, 0xb2, 0xb7, 0xf0, 0xff, 0x11, 0xd8,
2106 0xd6, 0x08, 0xd0, 0xcd, 0x2e, 0xb1, 0x17, 0x6f },
2107 .klen = 40,
2108 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2109 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2110 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2111 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2112 .ilen = 16,
2113 .result = { 0xd4, 0x27, 0x6a, 0x7f, 0x14, 0x91, 0x3d, 0x65,
2114 0xc8, 0x60, 0x48, 0x02, 0x87, 0xe3, 0x34, 0x06 },
2115 .rlen = 16,
2116 }, { /* LRW-32-AES 6 */
2117 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2118 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2119 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2120 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2121 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2122 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2123 .klen = 48,
2124 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2126 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2127 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2128 .ilen = 16,
2129 .result = { 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e,
2130 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b },
2131 .rlen = 16,
2132 }, { /* LRW-32-AES 7 */
2133 .key = { 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d,
2134 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
2135 0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d,
2136 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7,
2137 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4,
2138 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
2139 .klen = 48,
2140 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2141 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2142 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2143 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2144 .ilen = 16,
2145 .result = { 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f,
2146 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 },
2147 .rlen = 16,
2148 }, {
2149/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
2150 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2151 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2152 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2153 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2154 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2155 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2156 .klen = 48,
2157 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2159 .input = { 0x05, 0x11, 0xb7, 0x18, 0xab, 0xc6, 0x2d, 0xac,
2160 0x70, 0x5d, 0xf6, 0x22, 0x94, 0xcd, 0xe5, 0x6c,
2161 0x17, 0x6b, 0xf6, 0x1c, 0xf0, 0xf3, 0x6e, 0xf8,
2162 0x50, 0x38, 0x1f, 0x71, 0x49, 0xb6, 0x57, 0xd6,
2163 0x8f, 0xcb, 0x8d, 0x6b, 0xe3, 0xa6, 0x29, 0x90,
2164 0xfe, 0x2a, 0x62, 0x82, 0xae, 0x6d, 0x8b, 0xf6,
2165 0xad, 0x1e, 0x9e, 0x20, 0x5f, 0x38, 0xbe, 0x04,
2166 0xda, 0x10, 0x8e, 0xed, 0xa2, 0xa4, 0x87, 0xab,
2167 0xda, 0x6b, 0xb4, 0x0c, 0x75, 0xba, 0xd3, 0x7c,
2168 0xc9, 0xac, 0x42, 0x31, 0x95, 0x7c, 0xc9, 0x04,
2169 0xeb, 0xd5, 0x6e, 0x32, 0x69, 0x8a, 0xdb, 0xa6,
2170 0x15, 0xd7, 0x3f, 0x4f, 0x2f, 0x66, 0x69, 0x03,
2171 0x9c, 0x1f, 0x54, 0x0f, 0xde, 0x1f, 0xf3, 0x65,
2172 0x4c, 0x96, 0x12, 0xed, 0x7c, 0x92, 0x03, 0x01,
2173 0x6f, 0xbc, 0x35, 0x93, 0xac, 0xf1, 0x27, 0xf1,
2174 0xb4, 0x96, 0x82, 0x5a, 0x5f, 0xb0, 0xa0, 0x50,
2175 0x89, 0xa4, 0x8e, 0x66, 0x44, 0x85, 0xcc, 0xfd,
2176 0x33, 0x14, 0x70, 0xe3, 0x96, 0xb2, 0xc3, 0xd3,
2177 0xbb, 0x54, 0x5a, 0x1a, 0xf9, 0x74, 0xa2, 0xc5,
2178 0x2d, 0x64, 0x75, 0xdd, 0xb4, 0x54, 0xe6, 0x74,
2179 0x8c, 0xd3, 0x9d, 0x9e, 0x86, 0xab, 0x51, 0x53,
2180 0xb7, 0x93, 0x3e, 0x6f, 0xd0, 0x4e, 0x2c, 0x40,
2181 0xf6, 0xa8, 0x2e, 0x3e, 0x9d, 0xf4, 0x66, 0xa5,
2182 0x76, 0x12, 0x73, 0x44, 0x1a, 0x56, 0xd7, 0x72,
2183 0x88, 0xcd, 0x21, 0x8c, 0x4c, 0x0f, 0xfe, 0xda,
2184 0x95, 0xe0, 0x3a, 0xa6, 0xa5, 0x84, 0x46, 0xcd,
2185 0xd5, 0x3e, 0x9d, 0x3a, 0xe2, 0x67, 0xe6, 0x60,
2186 0x1a, 0xe2, 0x70, 0x85, 0x58, 0xc2, 0x1b, 0x09,
2187 0xe1, 0xd7, 0x2c, 0xca, 0xad, 0xa8, 0x8f, 0xf9,
2188 0xac, 0xb3, 0x0e, 0xdb, 0xca, 0x2e, 0xe2, 0xb8,
2189 0x51, 0x71, 0xd9, 0x3c, 0x6c, 0xf1, 0x56, 0xf8,
2190 0xea, 0x9c, 0xf1, 0xfb, 0x0c, 0xe6, 0xb7, 0x10,
2191 0x1c, 0xf8, 0xa9, 0x7c, 0xe8, 0x53, 0x35, 0xc1,
2192 0x90, 0x3e, 0x76, 0x4a, 0x74, 0xa4, 0x21, 0x2c,
2193 0xf6, 0x2c, 0x4e, 0x0f, 0x94, 0x3a, 0x88, 0x2e,
2194 0x41, 0x09, 0x6a, 0x33, 0x7d, 0xf6, 0xdd, 0x3f,
2195 0x8d, 0x23, 0x31, 0x74, 0x84, 0xeb, 0x88, 0x6e,
2196 0xcc, 0xb9, 0xbc, 0x22, 0x83, 0x19, 0x07, 0x22,
2197 0xa5, 0x2d, 0xdf, 0xa5, 0xf3, 0x80, 0x85, 0x78,
2198 0x84, 0x39, 0x6a, 0x6d, 0x6a, 0x99, 0x4f, 0xa5,
2199 0x15, 0xfe, 0x46, 0xb0, 0xe4, 0x6c, 0xa5, 0x41,
2200 0x3c, 0xce, 0x8f, 0x42, 0x60, 0x71, 0xa7, 0x75,
2201 0x08, 0x40, 0x65, 0x8a, 0x82, 0xbf, 0xf5, 0x43,
2202 0x71, 0x96, 0xa9, 0x4d, 0x44, 0x8a, 0x20, 0xbe,
2203 0xfa, 0x4d, 0xbb, 0xc0, 0x7d, 0x31, 0x96, 0x65,
2204 0xe7, 0x75, 0xe5, 0x3e, 0xfd, 0x92, 0x3b, 0xc9,
2205 0x55, 0xbb, 0x16, 0x7e, 0xf7, 0xc2, 0x8c, 0xa4,
2206 0x40, 0x1d, 0xe5, 0xef, 0x0e, 0xdf, 0xe4, 0x9a,
2207 0x62, 0x73, 0x65, 0xfd, 0x46, 0x63, 0x25, 0x3d,
2208 0x2b, 0xaf, 0xe5, 0x64, 0xfe, 0xa5, 0x5c, 0xcf,
2209 0x24, 0xf3, 0xb4, 0xac, 0x64, 0xba, 0xdf, 0x4b,
2210 0xc6, 0x96, 0x7d, 0x81, 0x2d, 0x8d, 0x97, 0xf7,
2211 0xc5, 0x68, 0x77, 0x84, 0x32, 0x2b, 0xcc, 0x85,
2212 0x74, 0x96, 0xf0, 0x12, 0x77, 0x61, 0xb9, 0xeb,
2213 0x71, 0xaa, 0x82, 0xcb, 0x1c, 0xdb, 0x89, 0xc8,
2214 0xc6, 0xb5, 0xe3, 0x5c, 0x7d, 0x39, 0x07, 0x24,
2215 0xda, 0x39, 0x87, 0x45, 0xc0, 0x2b, 0xbb, 0x01,
2216 0xac, 0xbc, 0x2a, 0x5c, 0x7f, 0xfc, 0xe8, 0xce,
2217 0x6d, 0x9c, 0x6f, 0xed, 0xd3, 0xc1, 0xa1, 0xd6,
2218 0xc5, 0x55, 0xa9, 0x66, 0x2f, 0xe1, 0xc8, 0x32,
2219 0xa6, 0x5d, 0xa4, 0x3a, 0x98, 0x73, 0xe8, 0x45,
2220 0xa4, 0xc7, 0xa8, 0xb4, 0xf6, 0x13, 0x03, 0xf6,
2221 0xe9, 0x2e, 0xc4, 0x29, 0x0f, 0x84, 0xdb, 0xc4,
2222 0x21, 0xc4, 0xc2, 0x75, 0x67, 0x89, 0x37, 0x0a },
2223 .ilen = 512,
2224 .result = { 0x1a, 0x1d, 0xa9, 0x30, 0xad, 0xf9, 0x2f, 0x9b,
2225 0xb6, 0x1d, 0xae, 0xef, 0xf0, 0x2f, 0xf8, 0x5a,
2226 0x39, 0x3c, 0xbf, 0x2a, 0xb2, 0x45, 0xb2, 0x23,
2227 0x1b, 0x63, 0x3c, 0xcf, 0xaa, 0xbe, 0xcf, 0x4e,
2228 0xfa, 0xe8, 0x29, 0xc2, 0x20, 0x68, 0x2b, 0x3c,
2229 0x2e, 0x8b, 0xf7, 0x6e, 0x25, 0xbd, 0xe3, 0x3d,
2230 0x66, 0x27, 0xd6, 0xaf, 0xd6, 0x64, 0x3e, 0xe3,
2231 0xe8, 0x58, 0x46, 0x97, 0x39, 0x51, 0x07, 0xde,
2232 0xcb, 0x37, 0xbc, 0xa9, 0xc0, 0x5f, 0x75, 0xc3,
2233 0x0e, 0x84, 0x23, 0x1d, 0x16, 0xd4, 0x1c, 0x59,
2234 0x9c, 0x1a, 0x02, 0x55, 0xab, 0x3a, 0x97, 0x1d,
2235 0xdf, 0xdd, 0xc7, 0x06, 0x51, 0xd7, 0x70, 0xae,
2236 0x23, 0xc6, 0x8c, 0xf5, 0x1e, 0xa0, 0xe5, 0x82,
2237 0xb8, 0xb2, 0xbf, 0x04, 0xa0, 0x32, 0x8e, 0x68,
2238 0xeb, 0xaf, 0x6e, 0x2d, 0x94, 0x22, 0x2f, 0xce,
2239 0x4c, 0xb5, 0x59, 0xe2, 0xa2, 0x2f, 0xa0, 0x98,
2240 0x1a, 0x97, 0xc6, 0xd4, 0xb5, 0x00, 0x59, 0xf2,
2241 0x84, 0x14, 0x72, 0xb1, 0x9a, 0x6e, 0xa3, 0x7f,
2242 0xea, 0x20, 0xe7, 0xcb, 0x65, 0x77, 0x3a, 0xdf,
2243 0xc8, 0x97, 0x67, 0x15, 0xc2, 0x2a, 0x27, 0xcc,
2244 0x18, 0x55, 0xa1, 0x24, 0x0b, 0x24, 0x24, 0xaf,
2245 0x5b, 0xec, 0x68, 0xb8, 0xc8, 0xf5, 0xba, 0x63,
2246 0xff, 0xed, 0x89, 0xce, 0xd5, 0x3d, 0x88, 0xf3,
2247 0x25, 0xef, 0x05, 0x7c, 0x3a, 0xef, 0xeb, 0xd8,
2248 0x7a, 0x32, 0x0d, 0xd1, 0x1e, 0x58, 0x59, 0x99,
2249 0x90, 0x25, 0xb5, 0x26, 0xb0, 0xe3, 0x2b, 0x6c,
2250 0x4c, 0xa9, 0x8b, 0x84, 0x4f, 0x5e, 0x01, 0x50,
2251 0x41, 0x30, 0x58, 0xc5, 0x62, 0x74, 0x52, 0x1d,
2252 0x45, 0x24, 0x6a, 0x42, 0x64, 0x4f, 0x97, 0x1c,
2253 0xa8, 0x66, 0xb5, 0x6d, 0x79, 0xd4, 0x0d, 0x48,
2254 0xc5, 0x5f, 0xf3, 0x90, 0x32, 0xdd, 0xdd, 0xe1,
2255 0xe4, 0xa9, 0x9f, 0xfc, 0xc3, 0x52, 0x5a, 0x46,
2256 0xe4, 0x81, 0x84, 0x95, 0x36, 0x59, 0x7a, 0x6b,
2257 0xaa, 0xb3, 0x60, 0xad, 0xce, 0x9f, 0x9f, 0x28,
2258 0xe0, 0x01, 0x75, 0x22, 0xc4, 0x4e, 0xa9, 0x62,
2259 0x5c, 0x62, 0x0d, 0x00, 0xcb, 0x13, 0xe8, 0x43,
2260 0x72, 0xd4, 0x2d, 0x53, 0x46, 0xb5, 0xd1, 0x16,
2261 0x22, 0x18, 0xdf, 0x34, 0x33, 0xf5, 0xd6, 0x1c,
2262 0xb8, 0x79, 0x78, 0x97, 0x94, 0xff, 0x72, 0x13,
2263 0x4c, 0x27, 0xfc, 0xcb, 0xbf, 0x01, 0x53, 0xa6,
2264 0xb4, 0x50, 0x6e, 0xde, 0xdf, 0xb5, 0x43, 0xa4,
2265 0x59, 0xdf, 0x52, 0xf9, 0x7c, 0xe0, 0x11, 0x6f,
2266 0x2d, 0x14, 0x8e, 0x24, 0x61, 0x2c, 0xe1, 0x17,
2267 0xcc, 0xce, 0x51, 0x0c, 0x19, 0x8a, 0x82, 0x30,
2268 0x94, 0xd5, 0x3d, 0x6a, 0x53, 0x06, 0x5e, 0xbd,
2269 0xb7, 0xeb, 0xfa, 0xfd, 0x27, 0x51, 0xde, 0x85,
2270 0x1e, 0x86, 0x53, 0x11, 0x53, 0x94, 0x00, 0xee,
2271 0x2b, 0x8c, 0x08, 0x2a, 0xbf, 0xdd, 0xae, 0x11,
2272 0xcb, 0x1e, 0xa2, 0x07, 0x9a, 0x80, 0xcf, 0x62,
2273 0x9b, 0x09, 0xdc, 0x95, 0x3c, 0x96, 0x8e, 0xb1,
2274 0x09, 0xbd, 0xe4, 0xeb, 0xdb, 0xca, 0x70, 0x7a,
2275 0x9e, 0xfa, 0x31, 0x18, 0x45, 0x3c, 0x21, 0x33,
2276 0xb0, 0xb3, 0x2b, 0xea, 0xf3, 0x71, 0x2d, 0xe1,
2277 0x03, 0xad, 0x1b, 0x48, 0xd4, 0x67, 0x27, 0xf0,
2278 0x62, 0xe4, 0x3d, 0xfb, 0x9b, 0x08, 0x76, 0xe7,
2279 0xdd, 0x2b, 0x01, 0x39, 0x04, 0x5a, 0x58, 0x7a,
2280 0xf7, 0x11, 0x90, 0xec, 0xbd, 0x51, 0x5c, 0x32,
2281 0x6b, 0xd7, 0x35, 0x39, 0x02, 0x6b, 0xf2, 0xa6,
2282 0xd0, 0x0d, 0x07, 0xe1, 0x06, 0xc4, 0x5b, 0x7d,
2283 0xe4, 0x6a, 0xd7, 0xee, 0x15, 0x1f, 0x83, 0xb4,
2284 0xa3, 0xa7, 0x5e, 0xc3, 0x90, 0xb7, 0xef, 0xd3,
2285 0xb7, 0x4f, 0xf8, 0x92, 0x4c, 0xb7, 0x3c, 0x29,
2286 0xcd, 0x7e, 0x2b, 0x5d, 0x43, 0xea, 0x42, 0xe7,
2287 0x74, 0x3f, 0x7d, 0x58, 0x88, 0x75, 0xde, 0x3e },
2288 .rlen = 512,
2289 }
2290};
2291
2292static struct cipher_testvec aes_lrw_dec_tv_template[] = {
2293 /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */
2294 /* same as enc vectors with input and result reversed */
2295 { /* LRW-32-AES 1 */
2296 .key = { 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d,
2297 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85,
2298 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03,
2299 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
2300 .klen = 32,
2301 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2303 .input = { 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f,
2304 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 },
2305 .ilen = 16,
2306 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2307 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2308 .rlen = 16,
2309 }, { /* LRW-32-AES 2 */
2310 .key = { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c,
2311 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44,
2312 0x0d, 0x48, 0xf0, 0xb7, 0xb1, 0x5a, 0x53, 0xea,
2313 0x1c, 0xaa, 0x6b, 0x29, 0xc2, 0xca, 0xfb, 0xaf
2314 },
2315 .klen = 32,
2316 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
2318 .input = { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5,
2319 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
2320 .ilen = 16,
2321 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2322 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2323 .rlen = 16,
2324 }, { /* LRW-32-AES 3 */
2325 .key = { 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50,
2326 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47,
2327 0xcd, 0xf9, 0x0b, 0x16, 0x0c, 0x64, 0x8f, 0xb6,
2328 0xb0, 0x0d, 0x0d, 0x1b, 0xae, 0x85, 0x87, 0x1f },
2329 .klen = 32,
2330 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2331 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2332 .input = { 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82,
2333 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
2334 .ilen = 16,
2335 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2336 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2337 .rlen = 16,
2338 }, { /* LRW-32-AES 4 */
2339 .key = { 0x0f, 0x6a, 0xef, 0xf8, 0xd3, 0xd2, 0xbb, 0x15,
2340 0x25, 0x83, 0xf7, 0x3c, 0x1f, 0x01, 0x28, 0x74,
2341 0xca, 0xc6, 0xbc, 0x35, 0x4d, 0x4a, 0x65, 0x54,
2342 0x90, 0xae, 0x61, 0xcf, 0x7b, 0xae, 0xbd, 0xcc,
2343 0xad, 0xe4, 0x94, 0xc5, 0x4a, 0x29, 0xae, 0x70 },
2344 .klen = 40,
2345 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2346 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2347 .input = { 0x9c, 0x0f, 0x15, 0x2f, 0x55, 0xa2, 0xd8, 0xf0,
2348 0xd6, 0x7b, 0x8f, 0x9e, 0x28, 0x22, 0xbc, 0x41 },
2349 .ilen = 16,
2350 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2351 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2352 .rlen = 16,
2353 }, { /* LRW-32-AES 5 */
2354 .key = { 0x8a, 0xd4, 0xee, 0x10, 0x2f, 0xbd, 0x81, 0xff,
2355 0xf8, 0x86, 0xce, 0xac, 0x93, 0xc5, 0xad, 0xc6,
2356 0xa0, 0x19, 0x07, 0xc0, 0x9d, 0xf7, 0xbb, 0xdd,
2357 0x52, 0x13, 0xb2, 0xb7, 0xf0, 0xff, 0x11, 0xd8,
2358 0xd6, 0x08, 0xd0, 0xcd, 0x2e, 0xb1, 0x17, 0x6f },
2359 .klen = 40,
2360 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2361 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2362 .input = { 0xd4, 0x27, 0x6a, 0x7f, 0x14, 0x91, 0x3d, 0x65,
2363 0xc8, 0x60, 0x48, 0x02, 0x87, 0xe3, 0x34, 0x06 },
2364 .ilen = 16,
2365 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2366 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2367 .rlen = 16,
2368 }, { /* LRW-32-AES 6 */
2369 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2370 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2371 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2372 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2373 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2374 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2375 .klen = 48,
2376 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2378 .input = { 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e,
2379 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b },
2380 .ilen = 16,
2381 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2382 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2383 .rlen = 16,
2384 }, { /* LRW-32-AES 7 */
2385 .key = { 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d,
2386 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
2387 0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d,
2388 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7,
2389 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4,
2390 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
2391 .klen = 48,
2392 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2393 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2394 .input = { 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f,
2395 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 },
2396 .ilen = 16,
2397 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2398 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2399 .rlen = 16,
2400 }, {
2401/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
2402 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2403 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2404 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2405 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2406 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2407 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2408 .klen = 48,
2409 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2410 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2411 .input = { 0x1a, 0x1d, 0xa9, 0x30, 0xad, 0xf9, 0x2f, 0x9b,
2412 0xb6, 0x1d, 0xae, 0xef, 0xf0, 0x2f, 0xf8, 0x5a,
2413 0x39, 0x3c, 0xbf, 0x2a, 0xb2, 0x45, 0xb2, 0x23,
2414 0x1b, 0x63, 0x3c, 0xcf, 0xaa, 0xbe, 0xcf, 0x4e,
2415 0xfa, 0xe8, 0x29, 0xc2, 0x20, 0x68, 0x2b, 0x3c,
2416 0x2e, 0x8b, 0xf7, 0x6e, 0x25, 0xbd, 0xe3, 0x3d,
2417 0x66, 0x27, 0xd6, 0xaf, 0xd6, 0x64, 0x3e, 0xe3,
2418 0xe8, 0x58, 0x46, 0x97, 0x39, 0x51, 0x07, 0xde,
2419 0xcb, 0x37, 0xbc, 0xa9, 0xc0, 0x5f, 0x75, 0xc3,
2420 0x0e, 0x84, 0x23, 0x1d, 0x16, 0xd4, 0x1c, 0x59,
2421 0x9c, 0x1a, 0x02, 0x55, 0xab, 0x3a, 0x97, 0x1d,
2422 0xdf, 0xdd, 0xc7, 0x06, 0x51, 0xd7, 0x70, 0xae,
2423 0x23, 0xc6, 0x8c, 0xf5, 0x1e, 0xa0, 0xe5, 0x82,
2424 0xb8, 0xb2, 0xbf, 0x04, 0xa0, 0x32, 0x8e, 0x68,
2425 0xeb, 0xaf, 0x6e, 0x2d, 0x94, 0x22, 0x2f, 0xce,
2426 0x4c, 0xb5, 0x59, 0xe2, 0xa2, 0x2f, 0xa0, 0x98,
2427 0x1a, 0x97, 0xc6, 0xd4, 0xb5, 0x00, 0x59, 0xf2,
2428 0x84, 0x14, 0x72, 0xb1, 0x9a, 0x6e, 0xa3, 0x7f,
2429 0xea, 0x20, 0xe7, 0xcb, 0x65, 0x77, 0x3a, 0xdf,
2430 0xc8, 0x97, 0x67, 0x15, 0xc2, 0x2a, 0x27, 0xcc,
2431 0x18, 0x55, 0xa1, 0x24, 0x0b, 0x24, 0x24, 0xaf,
2432 0x5b, 0xec, 0x68, 0xb8, 0xc8, 0xf5, 0xba, 0x63,
2433 0xff, 0xed, 0x89, 0xce, 0xd5, 0x3d, 0x88, 0xf3,
2434 0x25, 0xef, 0x05, 0x7c, 0x3a, 0xef, 0xeb, 0xd8,
2435 0x7a, 0x32, 0x0d, 0xd1, 0x1e, 0x58, 0x59, 0x99,
2436 0x90, 0x25, 0xb5, 0x26, 0xb0, 0xe3, 0x2b, 0x6c,
2437 0x4c, 0xa9, 0x8b, 0x84, 0x4f, 0x5e, 0x01, 0x50,
2438 0x41, 0x30, 0x58, 0xc5, 0x62, 0x74, 0x52, 0x1d,
2439 0x45, 0x24, 0x6a, 0x42, 0x64, 0x4f, 0x97, 0x1c,
2440 0xa8, 0x66, 0xb5, 0x6d, 0x79, 0xd4, 0x0d, 0x48,
2441 0xc5, 0x5f, 0xf3, 0x90, 0x32, 0xdd, 0xdd, 0xe1,
2442 0xe4, 0xa9, 0x9f, 0xfc, 0xc3, 0x52, 0x5a, 0x46,
2443 0xe4, 0x81, 0x84, 0x95, 0x36, 0x59, 0x7a, 0x6b,
2444 0xaa, 0xb3, 0x60, 0xad, 0xce, 0x9f, 0x9f, 0x28,
2445 0xe0, 0x01, 0x75, 0x22, 0xc4, 0x4e, 0xa9, 0x62,
2446 0x5c, 0x62, 0x0d, 0x00, 0xcb, 0x13, 0xe8, 0x43,
2447 0x72, 0xd4, 0x2d, 0x53, 0x46, 0xb5, 0xd1, 0x16,
2448 0x22, 0x18, 0xdf, 0x34, 0x33, 0xf5, 0xd6, 0x1c,
2449 0xb8, 0x79, 0x78, 0x97, 0x94, 0xff, 0x72, 0x13,
2450 0x4c, 0x27, 0xfc, 0xcb, 0xbf, 0x01, 0x53, 0xa6,
2451 0xb4, 0x50, 0x6e, 0xde, 0xdf, 0xb5, 0x43, 0xa4,
2452 0x59, 0xdf, 0x52, 0xf9, 0x7c, 0xe0, 0x11, 0x6f,
2453 0x2d, 0x14, 0x8e, 0x24, 0x61, 0x2c, 0xe1, 0x17,
2454 0xcc, 0xce, 0x51, 0x0c, 0x19, 0x8a, 0x82, 0x30,
2455 0x94, 0xd5, 0x3d, 0x6a, 0x53, 0x06, 0x5e, 0xbd,
2456 0xb7, 0xeb, 0xfa, 0xfd, 0x27, 0x51, 0xde, 0x85,
2457 0x1e, 0x86, 0x53, 0x11, 0x53, 0x94, 0x00, 0xee,
2458 0x2b, 0x8c, 0x08, 0x2a, 0xbf, 0xdd, 0xae, 0x11,
2459 0xcb, 0x1e, 0xa2, 0x07, 0x9a, 0x80, 0xcf, 0x62,
2460 0x9b, 0x09, 0xdc, 0x95, 0x3c, 0x96, 0x8e, 0xb1,
2461 0x09, 0xbd, 0xe4, 0xeb, 0xdb, 0xca, 0x70, 0x7a,
2462 0x9e, 0xfa, 0x31, 0x18, 0x45, 0x3c, 0x21, 0x33,
2463 0xb0, 0xb3, 0x2b, 0xea, 0xf3, 0x71, 0x2d, 0xe1,
2464 0x03, 0xad, 0x1b, 0x48, 0xd4, 0x67, 0x27, 0xf0,
2465 0x62, 0xe4, 0x3d, 0xfb, 0x9b, 0x08, 0x76, 0xe7,
2466 0xdd, 0x2b, 0x01, 0x39, 0x04, 0x5a, 0x58, 0x7a,
2467 0xf7, 0x11, 0x90, 0xec, 0xbd, 0x51, 0x5c, 0x32,
2468 0x6b, 0xd7, 0x35, 0x39, 0x02, 0x6b, 0xf2, 0xa6,
2469 0xd0, 0x0d, 0x07, 0xe1, 0x06, 0xc4, 0x5b, 0x7d,
2470 0xe4, 0x6a, 0xd7, 0xee, 0x15, 0x1f, 0x83, 0xb4,
2471 0xa3, 0xa7, 0x5e, 0xc3, 0x90, 0xb7, 0xef, 0xd3,
2472 0xb7, 0x4f, 0xf8, 0x92, 0x4c, 0xb7, 0x3c, 0x29,
2473 0xcd, 0x7e, 0x2b, 0x5d, 0x43, 0xea, 0x42, 0xe7,
2474 0x74, 0x3f, 0x7d, 0x58, 0x88, 0x75, 0xde, 0x3e },
2475 .ilen = 512,
2476 .result = { 0x05, 0x11, 0xb7, 0x18, 0xab, 0xc6, 0x2d, 0xac,
2477 0x70, 0x5d, 0xf6, 0x22, 0x94, 0xcd, 0xe5, 0x6c,
2478 0x17, 0x6b, 0xf6, 0x1c, 0xf0, 0xf3, 0x6e, 0xf8,
2479 0x50, 0x38, 0x1f, 0x71, 0x49, 0xb6, 0x57, 0xd6,
2480 0x8f, 0xcb, 0x8d, 0x6b, 0xe3, 0xa6, 0x29, 0x90,
2481 0xfe, 0x2a, 0x62, 0x82, 0xae, 0x6d, 0x8b, 0xf6,
2482 0xad, 0x1e, 0x9e, 0x20, 0x5f, 0x38, 0xbe, 0x04,
2483 0xda, 0x10, 0x8e, 0xed, 0xa2, 0xa4, 0x87, 0xab,
2484 0xda, 0x6b, 0xb4, 0x0c, 0x75, 0xba, 0xd3, 0x7c,
2485 0xc9, 0xac, 0x42, 0x31, 0x95, 0x7c, 0xc9, 0x04,
2486 0xeb, 0xd5, 0x6e, 0x32, 0x69, 0x8a, 0xdb, 0xa6,
2487 0x15, 0xd7, 0x3f, 0x4f, 0x2f, 0x66, 0x69, 0x03,
2488 0x9c, 0x1f, 0x54, 0x0f, 0xde, 0x1f, 0xf3, 0x65,
2489 0x4c, 0x96, 0x12, 0xed, 0x7c, 0x92, 0x03, 0x01,
2490 0x6f, 0xbc, 0x35, 0x93, 0xac, 0xf1, 0x27, 0xf1,
2491 0xb4, 0x96, 0x82, 0x5a, 0x5f, 0xb0, 0xa0, 0x50,
2492 0x89, 0xa4, 0x8e, 0x66, 0x44, 0x85, 0xcc, 0xfd,
2493 0x33, 0x14, 0x70, 0xe3, 0x96, 0xb2, 0xc3, 0xd3,
2494 0xbb, 0x54, 0x5a, 0x1a, 0xf9, 0x74, 0xa2, 0xc5,
2495 0x2d, 0x64, 0x75, 0xdd, 0xb4, 0x54, 0xe6, 0x74,
2496 0x8c, 0xd3, 0x9d, 0x9e, 0x86, 0xab, 0x51, 0x53,
2497 0xb7, 0x93, 0x3e, 0x6f, 0xd0, 0x4e, 0x2c, 0x40,
2498 0xf6, 0xa8, 0x2e, 0x3e, 0x9d, 0xf4, 0x66, 0xa5,
2499 0x76, 0x12, 0x73, 0x44, 0x1a, 0x56, 0xd7, 0x72,
2500 0x88, 0xcd, 0x21, 0x8c, 0x4c, 0x0f, 0xfe, 0xda,
2501 0x95, 0xe0, 0x3a, 0xa6, 0xa5, 0x84, 0x46, 0xcd,
2502 0xd5, 0x3e, 0x9d, 0x3a, 0xe2, 0x67, 0xe6, 0x60,
2503 0x1a, 0xe2, 0x70, 0x85, 0x58, 0xc2, 0x1b, 0x09,
2504 0xe1, 0xd7, 0x2c, 0xca, 0xad, 0xa8, 0x8f, 0xf9,
2505 0xac, 0xb3, 0x0e, 0xdb, 0xca, 0x2e, 0xe2, 0xb8,
2506 0x51, 0x71, 0xd9, 0x3c, 0x6c, 0xf1, 0x56, 0xf8,
2507 0xea, 0x9c, 0xf1, 0xfb, 0x0c, 0xe6, 0xb7, 0x10,
2508 0x1c, 0xf8, 0xa9, 0x7c, 0xe8, 0x53, 0x35, 0xc1,
2509 0x90, 0x3e, 0x76, 0x4a, 0x74, 0xa4, 0x21, 0x2c,
2510 0xf6, 0x2c, 0x4e, 0x0f, 0x94, 0x3a, 0x88, 0x2e,
2511 0x41, 0x09, 0x6a, 0x33, 0x7d, 0xf6, 0xdd, 0x3f,
2512 0x8d, 0x23, 0x31, 0x74, 0x84, 0xeb, 0x88, 0x6e,
2513 0xcc, 0xb9, 0xbc, 0x22, 0x83, 0x19, 0x07, 0x22,
2514 0xa5, 0x2d, 0xdf, 0xa5, 0xf3, 0x80, 0x85, 0x78,
2515 0x84, 0x39, 0x6a, 0x6d, 0x6a, 0x99, 0x4f, 0xa5,
2516 0x15, 0xfe, 0x46, 0xb0, 0xe4, 0x6c, 0xa5, 0x41,
2517 0x3c, 0xce, 0x8f, 0x42, 0x60, 0x71, 0xa7, 0x75,
2518 0x08, 0x40, 0x65, 0x8a, 0x82, 0xbf, 0xf5, 0x43,
2519 0x71, 0x96, 0xa9, 0x4d, 0x44, 0x8a, 0x20, 0xbe,
2520 0xfa, 0x4d, 0xbb, 0xc0, 0x7d, 0x31, 0x96, 0x65,
2521 0xe7, 0x75, 0xe5, 0x3e, 0xfd, 0x92, 0x3b, 0xc9,
2522 0x55, 0xbb, 0x16, 0x7e, 0xf7, 0xc2, 0x8c, 0xa4,
2523 0x40, 0x1d, 0xe5, 0xef, 0x0e, 0xdf, 0xe4, 0x9a,
2524 0x62, 0x73, 0x65, 0xfd, 0x46, 0x63, 0x25, 0x3d,
2525 0x2b, 0xaf, 0xe5, 0x64, 0xfe, 0xa5, 0x5c, 0xcf,
2526 0x24, 0xf3, 0xb4, 0xac, 0x64, 0xba, 0xdf, 0x4b,
2527 0xc6, 0x96, 0x7d, 0x81, 0x2d, 0x8d, 0x97, 0xf7,
2528 0xc5, 0x68, 0x77, 0x84, 0x32, 0x2b, 0xcc, 0x85,
2529 0x74, 0x96, 0xf0, 0x12, 0x77, 0x61, 0xb9, 0xeb,
2530 0x71, 0xaa, 0x82, 0xcb, 0x1c, 0xdb, 0x89, 0xc8,
2531 0xc6, 0xb5, 0xe3, 0x5c, 0x7d, 0x39, 0x07, 0x24,
2532 0xda, 0x39, 0x87, 0x45, 0xc0, 0x2b, 0xbb, 0x01,
2533 0xac, 0xbc, 0x2a, 0x5c, 0x7f, 0xfc, 0xe8, 0xce,
2534 0x6d, 0x9c, 0x6f, 0xed, 0xd3, 0xc1, 0xa1, 0xd6,
2535 0xc5, 0x55, 0xa9, 0x66, 0x2f, 0xe1, 0xc8, 0x32,
2536 0xa6, 0x5d, 0xa4, 0x3a, 0x98, 0x73, 0xe8, 0x45,
2537 0xa4, 0xc7, 0xa8, 0xb4, 0xf6, 0x13, 0x03, 0xf6,
2538 0xe9, 0x2e, 0xc4, 0x29, 0x0f, 0x84, 0xdb, 0xc4,
2539 0x21, 0xc4, 0xc2, 0x75, 0x67, 0x89, 0x37, 0x0a },
2540 .rlen = 512,
2541 }
2542};
2543
1971/* Cast5 test vectors from RFC 2144 */ 2544/* Cast5 test vectors from RFC 2144 */
1972#define CAST5_ENC_TEST_VECTORS 3 2545#define CAST5_ENC_TEST_VECTORS 3
1973#define CAST5_DEC_TEST_VECTORS 3 2546#define CAST5_DEC_TEST_VECTORS 3
@@ -3084,6 +3657,27 @@ static struct cipher_speed aes_speed_template[] = {
3084 { .klen = 0, .blen = 0, } 3657 { .klen = 0, .blen = 0, }
3085}; 3658};
3086 3659
3660static struct cipher_speed aes_lrw_speed_template[] = {
3661 { .klen = 32, .blen = 16, },
3662 { .klen = 32, .blen = 64, },
3663 { .klen = 32, .blen = 256, },
3664 { .klen = 32, .blen = 1024, },
3665 { .klen = 32, .blen = 8192, },
3666 { .klen = 40, .blen = 16, },
3667 { .klen = 40, .blen = 64, },
3668 { .klen = 40, .blen = 256, },
3669 { .klen = 40, .blen = 1024, },
3670 { .klen = 40, .blen = 8192, },
3671 { .klen = 48, .blen = 16, },
3672 { .klen = 48, .blen = 64, },
3673 { .klen = 48, .blen = 256, },
3674 { .klen = 48, .blen = 1024, },
3675 { .klen = 48, .blen = 8192, },
3676
3677 /* End marker */
3678 { .klen = 0, .blen = 0, }
3679};
3680
3087static struct cipher_speed des3_ede_speed_template[] = { 3681static struct cipher_speed des3_ede_speed_template[] = {
3088 { .klen = 24, .blen = 16, }, 3682 { .klen = 24, .blen = 16, },
3089 { .klen = 24, .blen = 64, }, 3683 { .klen = 24, .blen = 64, },
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
new file mode 100644
index 000000000000..9347eb6bcf69
--- /dev/null
+++ b/crypto/xcbc.c
@@ -0,0 +1,348 @@
1/*
2 * Copyright (C)2006 USAGI/WIDE Project
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author:
19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org>
20 */
21
22#include <linux/crypto.h>
23#include <linux/err.h>
24#include <linux/kernel.h>
25#include <linux/mm.h>
26#include <linux/rtnetlink.h>
27#include <linux/slab.h>
28#include <linux/scatterlist.h>
29#include "internal.h"
30
31static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
32 0x02020202, 0x02020202, 0x02020202, 0x02020202,
33 0x03030303, 0x03030303, 0x03030303, 0x03030303};
34/*
35 * +------------------------
36 * | <parent tfm>
37 * +------------------------
38 * | crypto_xcbc_ctx
39 * +------------------------
40 * | odds (block size)
41 * +------------------------
42 * | prev (block size)
43 * +------------------------
44 * | key (block size)
45 * +------------------------
46 * | consts (block size * 3)
47 * +------------------------
48 */
49struct crypto_xcbc_ctx {
50 struct crypto_tfm *child;
51 u8 *odds;
52 u8 *prev;
53 u8 *key;
54 u8 *consts;
55 void (*xor)(u8 *a, const u8 *b, unsigned int bs);
56 unsigned int keylen;
57 unsigned int len;
58};
59
60static void xor_128(u8 *a, const u8 *b, unsigned int bs)
61{
62 ((u32 *)a)[0] ^= ((u32 *)b)[0];
63 ((u32 *)a)[1] ^= ((u32 *)b)[1];
64 ((u32 *)a)[2] ^= ((u32 *)b)[2];
65 ((u32 *)a)[3] ^= ((u32 *)b)[3];
66}
67
68static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
69 struct crypto_xcbc_ctx *ctx)
70{
71 int bs = crypto_hash_blocksize(parent);
72 int err = 0;
73 u8 key1[bs];
74
75 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen)))
76 return err;
77
78 ctx->child->__crt_alg->cra_cipher.cia_encrypt(ctx->child, key1,
79 ctx->consts);
80
81 return crypto_cipher_setkey(ctx->child, key1, bs);
82}
83
84static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
85 const u8 *inkey, unsigned int keylen)
86{
87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
88
89 if (keylen != crypto_tfm_alg_blocksize(ctx->child))
90 return -EINVAL;
91
92 ctx->keylen = keylen;
93 memcpy(ctx->key, inkey, keylen);
94 ctx->consts = (u8*)ks;
95
96 return _crypto_xcbc_digest_setkey(parent, ctx);
97}
98
99static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
100{
101 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm);
102 int bs = crypto_hash_blocksize(pdesc->tfm);
103
104 ctx->len = 0;
105 memset(ctx->odds, 0, bs);
106 memset(ctx->prev, 0, bs);
107
108 return 0;
109}
110
111static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
112 struct scatterlist *sg,
113 unsigned int nbytes)
114{
115 struct crypto_hash *parent = pdesc->tfm;
116 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
117 struct crypto_tfm *tfm = ctx->child;
118 int bs = crypto_hash_blocksize(parent);
119 unsigned int i = 0;
120
121 do {
122
123 struct page *pg = sg[i].page;
124 unsigned int offset = sg[i].offset;
125 unsigned int slen = sg[i].length;
126
127 while (slen > 0) {
128 unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
129 char *p = crypto_kmap(pg, 0) + offset;
130
131 /* checking the data can fill the block */
132 if ((ctx->len + len) <= bs) {
133 memcpy(ctx->odds + ctx->len, p, len);
134 ctx->len += len;
135 slen -= len;
136
137 /* checking the rest of the page */
138 if (len + offset >= PAGE_SIZE) {
139 offset = 0;
140 pg++;
141 } else
142 offset += len;
143
144 crypto_kunmap(p, 0);
145 crypto_yield(tfm->crt_flags);
146 continue;
147 }
148
149 /* filling odds with new data and encrypting it */
150 memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
151 len -= bs - ctx->len;
152 p += bs - ctx->len;
153
154 ctx->xor(ctx->prev, ctx->odds, bs);
155 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
156
157 /* clearing the length */
158 ctx->len = 0;
159
160 /* encrypting the rest of data */
161 while (len > bs) {
162 ctx->xor(ctx->prev, p, bs);
163 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
164 p += bs;
165 len -= bs;
166 }
167
168 /* keeping the surplus of blocksize */
169 if (len) {
170 memcpy(ctx->odds, p, len);
171 ctx->len = len;
172 }
173 crypto_kunmap(p, 0);
174 crypto_yield(tfm->crt_flags);
175 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
176 offset = 0;
177 pg++;
178 }
179 nbytes-=sg[i].length;
180 i++;
181 } while (nbytes>0);
182
183 return 0;
184}
185
186static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
187{
188 struct crypto_hash *parent = pdesc->tfm;
189 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
190 struct crypto_tfm *tfm = ctx->child;
191 int bs = crypto_hash_blocksize(parent);
192 int err = 0;
193
194 if (ctx->len == bs) {
195 u8 key2[bs];
196
197 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
198 return err;
199
200 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key2, (const u8*)(ctx->consts+bs));
201
202 ctx->xor(ctx->prev, ctx->odds, bs);
203 ctx->xor(ctx->prev, key2, bs);
204 _crypto_xcbc_digest_setkey(parent, ctx);
205
206 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
207 } else {
208 u8 key3[bs];
209 unsigned int rlen;
210 u8 *p = ctx->odds + ctx->len;
211 *p = 0x80;
212 p++;
213
214 rlen = bs - ctx->len -1;
215 if (rlen)
216 memset(p, 0, rlen);
217
218 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
219 return err;
220
221 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key3, (const u8*)(ctx->consts+bs*2));
222
223 ctx->xor(ctx->prev, ctx->odds, bs);
224 ctx->xor(ctx->prev, key3, bs);
225
226 _crypto_xcbc_digest_setkey(parent, ctx);
227
228 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
229 }
230
231 return 0;
232}
233
234static int crypto_xcbc_digest(struct hash_desc *pdesc,
235 struct scatterlist *sg, unsigned int nbytes, u8 *out)
236{
237 crypto_xcbc_digest_init(pdesc);
238 crypto_xcbc_digest_update(pdesc, sg, nbytes);
239 return crypto_xcbc_digest_final(pdesc, out);
240}
241
242static int xcbc_init_tfm(struct crypto_tfm *tfm)
243{
244 struct crypto_instance *inst = (void *)tfm->__crt_alg;
245 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
246 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
247 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
248
249 tfm = crypto_spawn_tfm(spawn);
250 if (IS_ERR(tfm))
251 return PTR_ERR(tfm);
252
253 switch(bs) {
254 case 16:
255 ctx->xor = xor_128;
256 break;
257 default:
258 return -EINVAL;
259 }
260
261 ctx->child = crypto_cipher_cast(tfm);
262 ctx->odds = (u8*)(ctx+1);
263 ctx->prev = ctx->odds + bs;
264 ctx->key = ctx->prev + bs;
265
266 return 0;
267};
268
269static void xcbc_exit_tfm(struct crypto_tfm *tfm)
270{
271 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
272 crypto_free_cipher(ctx->child);
273}
274
275static struct crypto_instance *xcbc_alloc(void *param, unsigned int len)
276{
277 struct crypto_instance *inst;
278 struct crypto_alg *alg;
279 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
280 CRYPTO_ALG_TYPE_HASH_MASK | CRYPTO_ALG_ASYNC);
281 if (IS_ERR(alg))
282 return ERR_PTR(PTR_ERR(alg));
283
284 switch(alg->cra_blocksize) {
285 case 16:
286 break;
287 default:
288 return ERR_PTR(PTR_ERR(alg));
289 }
290
291 inst = crypto_alloc_instance("xcbc", alg);
292 if (IS_ERR(inst))
293 goto out_put_alg;
294
295 inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
296 inst->alg.cra_priority = alg->cra_priority;
297 inst->alg.cra_blocksize = alg->cra_blocksize;
298 inst->alg.cra_alignmask = alg->cra_alignmask;
299 inst->alg.cra_type = &crypto_hash_type;
300
301 inst->alg.cra_hash.digestsize =
302 (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
303 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
304 alg->cra_blocksize;
305 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
306 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
307 inst->alg.cra_init = xcbc_init_tfm;
308 inst->alg.cra_exit = xcbc_exit_tfm;
309
310 inst->alg.cra_hash.init = crypto_xcbc_digest_init;
311 inst->alg.cra_hash.update = crypto_xcbc_digest_update;
312 inst->alg.cra_hash.final = crypto_xcbc_digest_final;
313 inst->alg.cra_hash.digest = crypto_xcbc_digest;
314 inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey;
315
316out_put_alg:
317 crypto_mod_put(alg);
318 return inst;
319}
320
321static void xcbc_free(struct crypto_instance *inst)
322{
323 crypto_drop_spawn(crypto_instance_ctx(inst));
324 kfree(inst);
325}
326
327static struct crypto_template crypto_xcbc_tmpl = {
328 .name = "xcbc",
329 .alloc = xcbc_alloc,
330 .free = xcbc_free,
331 .module = THIS_MODULE,
332};
333
334static int __init crypto_xcbc_module_init(void)
335{
336 return crypto_register_template(&crypto_xcbc_tmpl);
337}
338
339static void __exit crypto_xcbc_module_exit(void)
340{
341 crypto_unregister_template(&crypto_xcbc_tmpl);
342}
343
344module_init(crypto_xcbc_module_init);
345module_exit(crypto_xcbc_module_exit);
346
347MODULE_LICENSE("GPL");
348MODULE_DESCRIPTION("XCBC keyed hash algorithm");
diff --git a/drivers/atm/Makefile b/drivers/atm/Makefile
index b5077ce8cb40..1b16f8166b09 100644
--- a/drivers/atm/Makefile
+++ b/drivers/atm/Makefile
@@ -41,7 +41,7 @@ ifeq ($(CONFIG_ATM_FORE200E_PCA),y)
41 # guess the target endianess to choose the right PCA-200E firmware image 41 # guess the target endianess to choose the right PCA-200E firmware image
42 ifeq ($(CONFIG_ATM_FORE200E_PCA_DEFAULT_FW),y) 42 ifeq ($(CONFIG_ATM_FORE200E_PCA_DEFAULT_FW),y)
43 byteorder.h := include$(if $(patsubst $(srctree),,$(objtree)),2)/asm/byteorder.h 43 byteorder.h := include$(if $(patsubst $(srctree),,$(objtree)),2)/asm/byteorder.h
44 CONFIG_ATM_FORE200E_PCA_FW := $(obj)/pca200e$(if $(shell $(CC) -E -dM $(byteorder.h) | grep ' __LITTLE_ENDIAN '),.bin,_ecd.bin2) 44 CONFIG_ATM_FORE200E_PCA_FW := $(obj)/pca200e$(if $(shell $(CC) $(CPPFLAGS) -E -dM $(byteorder.h) | grep ' __LITTLE_ENDIAN '),.bin,_ecd.bin2)
45 endif 45 endif
46endif 46endif
47 47
diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig
index 432c17e1e0e6..85072446d772 100644
--- a/drivers/block/Kconfig
+++ b/drivers/block/Kconfig
@@ -306,6 +306,7 @@ config BLK_DEV_LOOP
306config BLK_DEV_CRYPTOLOOP 306config BLK_DEV_CRYPTOLOOP
307 tristate "Cryptoloop Support" 307 tristate "Cryptoloop Support"
308 select CRYPTO 308 select CRYPTO
309 select CRYPTO_CBC
309 depends on BLK_DEV_LOOP 310 depends on BLK_DEV_LOOP
310 ---help--- 311 ---help---
311 Say Y here if you want to be able to use the ciphers that are 312 Say Y here if you want to be able to use the ciphers that are
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index adb554153f67..e816535ab305 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -51,4 +51,17 @@ config CRYPTO_DEV_PADLOCK_SHA
51 If unsure say M. The compiled module will be 51 If unsure say M. The compiled module will be
52 called padlock-sha.ko 52 called padlock-sha.ko
53 53
54config CRYPTO_DEV_GEODE
55 tristate "Support for the Geode LX AES engine"
56 depends on CRYPTO && X86_32
57 select CRYPTO_ALGAPI
58 select CRYPTO_BLKCIPHER
59 default m
60 help
61 Say 'Y' here to use the AMD Geode LX processor on-board AES
62 engine for the CryptoAPI AES alogrithm.
63
64 To compile this driver as a module, choose M here: the module
65 will be called geode-aes.
66
54endmenu 67endmenu
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index 4c3d0ec1cf80..6059cf869414 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -1,3 +1,4 @@
1obj-$(CONFIG_CRYPTO_DEV_PADLOCK) += padlock.o 1obj-$(CONFIG_CRYPTO_DEV_PADLOCK) += padlock.o
2obj-$(CONFIG_CRYPTO_DEV_PADLOCK_AES) += padlock-aes.o 2obj-$(CONFIG_CRYPTO_DEV_PADLOCK_AES) += padlock-aes.o
3obj-$(CONFIG_CRYPTO_DEV_PADLOCK_SHA) += padlock-sha.o 3obj-$(CONFIG_CRYPTO_DEV_PADLOCK_SHA) += padlock-sha.o
4obj-$(CONFIG_CRYPTO_DEV_GEODE) += geode-aes.o
diff --git a/drivers/crypto/geode-aes.c b/drivers/crypto/geode-aes.c
new file mode 100644
index 000000000000..43a68398656f
--- /dev/null
+++ b/drivers/crypto/geode-aes.c
@@ -0,0 +1,474 @@
1 /* Copyright (C) 2004-2006, Advanced Micro Devices, Inc.
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 */
8
9#include <linux/module.h>
10#include <linux/kernel.h>
11#include <linux/sched.h>
12#include <linux/pci.h>
13#include <linux/pci_ids.h>
14#include <linux/crypto.h>
15#include <linux/spinlock.h>
16#include <crypto/algapi.h>
17
18#include <asm/io.h>
19#include <asm/delay.h>
20
21#include "geode-aes.h"
22
23/* Register definitions */
24
25#define AES_CTRLA_REG 0x0000
26
27#define AES_CTRL_START 0x01
28#define AES_CTRL_DECRYPT 0x00
29#define AES_CTRL_ENCRYPT 0x02
30#define AES_CTRL_WRKEY 0x04
31#define AES_CTRL_DCA 0x08
32#define AES_CTRL_SCA 0x10
33#define AES_CTRL_CBC 0x20
34
35#define AES_INTR_REG 0x0008
36
37#define AES_INTRA_PENDING (1 << 16)
38#define AES_INTRB_PENDING (1 << 17)
39
40#define AES_INTR_PENDING (AES_INTRA_PENDING | AES_INTRB_PENDING)
41#define AES_INTR_MASK 0x07
42
43#define AES_SOURCEA_REG 0x0010
44#define AES_DSTA_REG 0x0014
45#define AES_LENA_REG 0x0018
46#define AES_WRITEKEY0_REG 0x0030
47#define AES_WRITEIV0_REG 0x0040
48
49/* A very large counter that is used to gracefully bail out of an
50 * operation in case of trouble
51 */
52
53#define AES_OP_TIMEOUT 0x50000
54
55/* Static structures */
56
57static void __iomem * _iobase;
58static spinlock_t lock;
59
60/* Write a 128 bit field (either a writable key or IV) */
61static inline void
62_writefield(u32 offset, void *value)
63{
64 int i;
65 for(i = 0; i < 4; i++)
66 iowrite32(((u32 *) value)[i], _iobase + offset + (i * 4));
67}
68
69/* Read a 128 bit field (either a writable key or IV) */
70static inline void
71_readfield(u32 offset, void *value)
72{
73 int i;
74 for(i = 0; i < 4; i++)
75 ((u32 *) value)[i] = ioread32(_iobase + offset + (i * 4));
76}
77
78static int
79do_crypt(void *src, void *dst, int len, u32 flags)
80{
81 u32 status;
82 u32 counter = AES_OP_TIMEOUT;
83
84 iowrite32(virt_to_phys(src), _iobase + AES_SOURCEA_REG);
85 iowrite32(virt_to_phys(dst), _iobase + AES_DSTA_REG);
86 iowrite32(len, _iobase + AES_LENA_REG);
87
88 /* Start the operation */
89 iowrite32(AES_CTRL_START | flags, _iobase + AES_CTRLA_REG);
90
91 do
92 status = ioread32(_iobase + AES_INTR_REG);
93 while(!(status & AES_INTRA_PENDING) && --counter);
94
95 /* Clear the event */
96 iowrite32((status & 0xFF) | AES_INTRA_PENDING, _iobase + AES_INTR_REG);
97 return counter ? 0 : 1;
98}
99
100static unsigned int
101geode_aes_crypt(struct geode_aes_op *op)
102{
103
104 u32 flags = 0;
105 int iflags;
106
107 if (op->len == 0 || op->src == op->dst)
108 return 0;
109
110 if (op->flags & AES_FLAGS_COHERENT)
111 flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
112
113 if (op->dir == AES_DIR_ENCRYPT)
114 flags |= AES_CTRL_ENCRYPT;
115
116 /* Start the critical section */
117
118 spin_lock_irqsave(&lock, iflags);
119
120 if (op->mode == AES_MODE_CBC) {
121 flags |= AES_CTRL_CBC;
122 _writefield(AES_WRITEIV0_REG, op->iv);
123 }
124
125 if (op->flags & AES_FLAGS_USRKEY) {
126 flags |= AES_CTRL_WRKEY;
127 _writefield(AES_WRITEKEY0_REG, op->key);
128 }
129
130 do_crypt(op->src, op->dst, op->len, flags);
131
132 if (op->mode == AES_MODE_CBC)
133 _readfield(AES_WRITEIV0_REG, op->iv);
134
135 spin_unlock_irqrestore(&lock, iflags);
136
137 return op->len;
138}
139
140/* CRYPTO-API Functions */
141
142static int
143geode_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int len)
144{
145 struct geode_aes_op *op = crypto_tfm_ctx(tfm);
146
147 if (len != AES_KEY_LENGTH) {
148 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
149 return -EINVAL;
150 }
151
152 memcpy(op->key, key, len);
153 return 0;
154}
155
156static void
157geode_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
158{
159 struct geode_aes_op *op = crypto_tfm_ctx(tfm);
160
161 if ((out == NULL) || (in == NULL))
162 return;
163
164 op->src = (void *) in;
165 op->dst = (void *) out;
166 op->mode = AES_MODE_ECB;
167 op->flags = 0;
168 op->len = AES_MIN_BLOCK_SIZE;
169 op->dir = AES_DIR_ENCRYPT;
170
171 geode_aes_crypt(op);
172}
173
174
175static void
176geode_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
177{
178 struct geode_aes_op *op = crypto_tfm_ctx(tfm);
179
180 if ((out == NULL) || (in == NULL))
181 return;
182
183 op->src = (void *) in;
184 op->dst = (void *) out;
185 op->mode = AES_MODE_ECB;
186 op->flags = 0;
187 op->len = AES_MIN_BLOCK_SIZE;
188 op->dir = AES_DIR_DECRYPT;
189
190 geode_aes_crypt(op);
191}
192
193
194static struct crypto_alg geode_alg = {
195 .cra_name = "aes",
196 .cra_driver_name = "geode-aes-128",
197 .cra_priority = 300,
198 .cra_alignmask = 15,
199 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
200 .cra_blocksize = AES_MIN_BLOCK_SIZE,
201 .cra_ctxsize = sizeof(struct geode_aes_op),
202 .cra_module = THIS_MODULE,
203 .cra_list = LIST_HEAD_INIT(geode_alg.cra_list),
204 .cra_u = {
205 .cipher = {
206 .cia_min_keysize = AES_KEY_LENGTH,
207 .cia_max_keysize = AES_KEY_LENGTH,
208 .cia_setkey = geode_setkey,
209 .cia_encrypt = geode_encrypt,
210 .cia_decrypt = geode_decrypt
211 }
212 }
213};
214
215static int
216geode_cbc_decrypt(struct blkcipher_desc *desc,
217 struct scatterlist *dst, struct scatterlist *src,
218 unsigned int nbytes)
219{
220 struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
221 struct blkcipher_walk walk;
222 int err, ret;
223
224 blkcipher_walk_init(&walk, dst, src, nbytes);
225 err = blkcipher_walk_virt(desc, &walk);
226
227 while((nbytes = walk.nbytes)) {
228 op->src = walk.src.virt.addr,
229 op->dst = walk.dst.virt.addr;
230 op->mode = AES_MODE_CBC;
231 op->len = nbytes - (nbytes % AES_MIN_BLOCK_SIZE);
232 op->dir = AES_DIR_DECRYPT;
233
234 memcpy(op->iv, walk.iv, AES_IV_LENGTH);
235
236 ret = geode_aes_crypt(op);
237
238 memcpy(walk.iv, op->iv, AES_IV_LENGTH);
239 nbytes -= ret;
240
241 err = blkcipher_walk_done(desc, &walk, nbytes);
242 }
243
244 return err;
245}
246
247static int
248geode_cbc_encrypt(struct blkcipher_desc *desc,
249 struct scatterlist *dst, struct scatterlist *src,
250 unsigned int nbytes)
251{
252 struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
253 struct blkcipher_walk walk;
254 int err, ret;
255
256 blkcipher_walk_init(&walk, dst, src, nbytes);
257 err = blkcipher_walk_virt(desc, &walk);
258
259 while((nbytes = walk.nbytes)) {
260 op->src = walk.src.virt.addr,
261 op->dst = walk.dst.virt.addr;
262 op->mode = AES_MODE_CBC;
263 op->len = nbytes - (nbytes % AES_MIN_BLOCK_SIZE);
264 op->dir = AES_DIR_ENCRYPT;
265
266 memcpy(op->iv, walk.iv, AES_IV_LENGTH);
267
268 ret = geode_aes_crypt(op);
269 nbytes -= ret;
270 err = blkcipher_walk_done(desc, &walk, nbytes);
271 }
272
273 return err;
274}
275
276static struct crypto_alg geode_cbc_alg = {
277 .cra_name = "cbc(aes)",
278 .cra_driver_name = "cbc-aes-geode-128",
279 .cra_priority = 400,
280 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
281 .cra_blocksize = AES_MIN_BLOCK_SIZE,
282 .cra_ctxsize = sizeof(struct geode_aes_op),
283 .cra_alignmask = 15,
284 .cra_type = &crypto_blkcipher_type,
285 .cra_module = THIS_MODULE,
286 .cra_list = LIST_HEAD_INIT(geode_cbc_alg.cra_list),
287 .cra_u = {
288 .blkcipher = {
289 .min_keysize = AES_KEY_LENGTH,
290 .max_keysize = AES_KEY_LENGTH,
291 .setkey = geode_setkey,
292 .encrypt = geode_cbc_encrypt,
293 .decrypt = geode_cbc_decrypt,
294 }
295 }
296};
297
298static int
299geode_ecb_decrypt(struct blkcipher_desc *desc,
300 struct scatterlist *dst, struct scatterlist *src,
301 unsigned int nbytes)
302{
303 struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
304 struct blkcipher_walk walk;
305 int err, ret;
306
307 blkcipher_walk_init(&walk, dst, src, nbytes);
308 err = blkcipher_walk_virt(desc, &walk);
309
310 while((nbytes = walk.nbytes)) {
311 op->src = walk.src.virt.addr,
312 op->dst = walk.dst.virt.addr;
313 op->mode = AES_MODE_ECB;
314 op->len = nbytes - (nbytes % AES_MIN_BLOCK_SIZE);
315 op->dir = AES_DIR_DECRYPT;
316
317 ret = geode_aes_crypt(op);
318 nbytes -= ret;
319 err = blkcipher_walk_done(desc, &walk, nbytes);
320 }
321
322 return err;
323}
324
325static int
326geode_ecb_encrypt(struct blkcipher_desc *desc,
327 struct scatterlist *dst, struct scatterlist *src,
328 unsigned int nbytes)
329{
330 struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
331 struct blkcipher_walk walk;
332 int err, ret;
333
334 blkcipher_walk_init(&walk, dst, src, nbytes);
335 err = blkcipher_walk_virt(desc, &walk);
336
337 while((nbytes = walk.nbytes)) {
338 op->src = walk.src.virt.addr,
339 op->dst = walk.dst.virt.addr;
340 op->mode = AES_MODE_ECB;
341 op->len = nbytes - (nbytes % AES_MIN_BLOCK_SIZE);
342 op->dir = AES_DIR_ENCRYPT;
343
344 ret = geode_aes_crypt(op);
345 nbytes -= ret;
346 ret = blkcipher_walk_done(desc, &walk, nbytes);
347 }
348
349 return err;
350}
351
352static struct crypto_alg geode_ecb_alg = {
353 .cra_name = "ecb(aes)",
354 .cra_driver_name = "ecb-aes-geode-128",
355 .cra_priority = 400,
356 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
357 .cra_blocksize = AES_MIN_BLOCK_SIZE,
358 .cra_ctxsize = sizeof(struct geode_aes_op),
359 .cra_alignmask = 15,
360 .cra_type = &crypto_blkcipher_type,
361 .cra_module = THIS_MODULE,
362 .cra_list = LIST_HEAD_INIT(geode_ecb_alg.cra_list),
363 .cra_u = {
364 .blkcipher = {
365 .min_keysize = AES_KEY_LENGTH,
366 .max_keysize = AES_KEY_LENGTH,
367 .setkey = geode_setkey,
368 .encrypt = geode_ecb_encrypt,
369 .decrypt = geode_ecb_decrypt,
370 }
371 }
372};
373
374static void
375geode_aes_remove(struct pci_dev *dev)
376{
377 crypto_unregister_alg(&geode_alg);
378 crypto_unregister_alg(&geode_ecb_alg);
379 crypto_unregister_alg(&geode_cbc_alg);
380
381 pci_iounmap(dev, _iobase);
382 _iobase = NULL;
383
384 pci_release_regions(dev);
385 pci_disable_device(dev);
386}
387
388
389static int
390geode_aes_probe(struct pci_dev *dev, const struct pci_device_id *id)
391{
392 int ret;
393
394 if ((ret = pci_enable_device(dev)))
395 return ret;
396
397 if ((ret = pci_request_regions(dev, "geode-aes-128")))
398 goto eenable;
399
400 _iobase = pci_iomap(dev, 0, 0);
401
402 if (_iobase == NULL) {
403 ret = -ENOMEM;
404 goto erequest;
405 }
406
407 spin_lock_init(&lock);
408
409 /* Clear any pending activity */
410 iowrite32(AES_INTR_PENDING | AES_INTR_MASK, _iobase + AES_INTR_REG);
411
412 if ((ret = crypto_register_alg(&geode_alg)))
413 goto eiomap;
414
415 if ((ret = crypto_register_alg(&geode_ecb_alg)))
416 goto ealg;
417
418 if ((ret = crypto_register_alg(&geode_cbc_alg)))
419 goto eecb;
420
421 printk(KERN_NOTICE "geode-aes: GEODE AES engine enabled.\n");
422 return 0;
423
424 eecb:
425 crypto_unregister_alg(&geode_ecb_alg);
426
427 ealg:
428 crypto_unregister_alg(&geode_alg);
429
430 eiomap:
431 pci_iounmap(dev, _iobase);
432
433 erequest:
434 pci_release_regions(dev);
435
436 eenable:
437 pci_disable_device(dev);
438
439 printk(KERN_ERR "geode-aes: GEODE AES initialization failed.\n");
440 return ret;
441}
442
443static struct pci_device_id geode_aes_tbl[] = {
444 { PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_LX_AES, PCI_ANY_ID, PCI_ANY_ID} ,
445 { 0, }
446};
447
448MODULE_DEVICE_TABLE(pci, geode_aes_tbl);
449
450static struct pci_driver geode_aes_driver = {
451 .name = "Geode LX AES",
452 .id_table = geode_aes_tbl,
453 .probe = geode_aes_probe,
454 .remove = __devexit_p(geode_aes_remove)
455};
456
457static int __init
458geode_aes_init(void)
459{
460 return pci_module_init(&geode_aes_driver);
461}
462
463static void __exit
464geode_aes_exit(void)
465{
466 pci_unregister_driver(&geode_aes_driver);
467}
468
469MODULE_AUTHOR("Advanced Micro Devices, Inc.");
470MODULE_DESCRIPTION("Geode LX Hardware AES driver");
471MODULE_LICENSE("GPL");
472
473module_init(geode_aes_init);
474module_exit(geode_aes_exit);
diff --git a/drivers/crypto/geode-aes.h b/drivers/crypto/geode-aes.h
new file mode 100644
index 000000000000..8003a36f3a83
--- /dev/null
+++ b/drivers/crypto/geode-aes.h
@@ -0,0 +1,40 @@
1/* Copyright (C) 2003-2006, Advanced Micro Devices, Inc.
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 */
8
9#ifndef _GEODE_AES_H_
10#define _GEODE_AES_H_
11
12#define AES_KEY_LENGTH 16
13#define AES_IV_LENGTH 16
14
15#define AES_MIN_BLOCK_SIZE 16
16
17#define AES_MODE_ECB 0
18#define AES_MODE_CBC 1
19
20#define AES_DIR_DECRYPT 0
21#define AES_DIR_ENCRYPT 1
22
23#define AES_FLAGS_USRKEY (1 << 0)
24#define AES_FLAGS_COHERENT (1 << 1)
25
26struct geode_aes_op {
27
28 void *src;
29 void *dst;
30
31 u32 mode;
32 u32 dir;
33 u32 flags;
34 int len;
35
36 u8 key[AES_KEY_LENGTH];
37 u8 iv[AES_IV_LENGTH];
38};
39
40#endif
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index c7bee4f2eedb..a1086ee8cccd 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -20,6 +20,7 @@
20#include <asm/atomic.h> 20#include <asm/atomic.h>
21#include <linux/scatterlist.h> 21#include <linux/scatterlist.h>
22#include <asm/page.h> 22#include <asm/page.h>
23#include <asm/unaligned.h>
23 24
24#include "dm.h" 25#include "dm.h"
25 26
@@ -85,7 +86,10 @@ struct crypt_config {
85 */ 86 */
86 struct crypt_iv_operations *iv_gen_ops; 87 struct crypt_iv_operations *iv_gen_ops;
87 char *iv_mode; 88 char *iv_mode;
88 struct crypto_cipher *iv_gen_private; 89 union {
90 struct crypto_cipher *essiv_tfm;
91 int benbi_shift;
92 } iv_gen_private;
89 sector_t iv_offset; 93 sector_t iv_offset;
90 unsigned int iv_size; 94 unsigned int iv_size;
91 95
@@ -113,6 +117,9 @@ static struct kmem_cache *_crypt_io_pool;
113 * encrypted with the bulk cipher using a salt as key. The salt 117 * encrypted with the bulk cipher using a salt as key. The salt
114 * should be derived from the bulk cipher's key via hashing. 118 * should be derived from the bulk cipher's key via hashing.
115 * 119 *
120 * benbi: the 64-bit "big-endian 'narrow block'-count", starting at 1
121 * (needed for LRW-32-AES and possible other narrow block modes)
122 *
116 * plumb: unimplemented, see: 123 * plumb: unimplemented, see:
117 * http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/454 124 * http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/454
118 */ 125 */
@@ -191,21 +198,61 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
191 } 198 }
192 kfree(salt); 199 kfree(salt);
193 200
194 cc->iv_gen_private = essiv_tfm; 201 cc->iv_gen_private.essiv_tfm = essiv_tfm;
195 return 0; 202 return 0;
196} 203}
197 204
198static void crypt_iv_essiv_dtr(struct crypt_config *cc) 205static void crypt_iv_essiv_dtr(struct crypt_config *cc)
199{ 206{
200 crypto_free_cipher(cc->iv_gen_private); 207 crypto_free_cipher(cc->iv_gen_private.essiv_tfm);
201 cc->iv_gen_private = NULL; 208 cc->iv_gen_private.essiv_tfm = NULL;
202} 209}
203 210
204static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) 211static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
205{ 212{
206 memset(iv, 0, cc->iv_size); 213 memset(iv, 0, cc->iv_size);
207 *(u64 *)iv = cpu_to_le64(sector); 214 *(u64 *)iv = cpu_to_le64(sector);
208 crypto_cipher_encrypt_one(cc->iv_gen_private, iv, iv); 215 crypto_cipher_encrypt_one(cc->iv_gen_private.essiv_tfm, iv, iv);
216 return 0;
217}
218
219static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
220 const char *opts)
221{
222 unsigned int bs = crypto_blkcipher_blocksize(cc->tfm);
223 int log = long_log2(bs);
224
225 /* we need to calculate how far we must shift the sector count
226 * to get the cipher block count, we use this shift in _gen */
227
228 if (1 << log != bs) {
229 ti->error = "cypher blocksize is not a power of 2";
230 return -EINVAL;
231 }
232
233 if (log > 9) {
234 ti->error = "cypher blocksize is > 512";
235 return -EINVAL;
236 }
237
238 cc->iv_gen_private.benbi_shift = 9 - log;
239
240 return 0;
241}
242
243static void crypt_iv_benbi_dtr(struct crypt_config *cc)
244{
245}
246
247static int crypt_iv_benbi_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
248{
249 __be64 val;
250
251 memset(iv, 0, cc->iv_size - sizeof(u64)); /* rest is cleared below */
252
253 val = cpu_to_be64(((u64)sector << cc->iv_gen_private.benbi_shift) + 1);
254 put_unaligned(val, (__be64 *)(iv + cc->iv_size - sizeof(u64)));
255
209 return 0; 256 return 0;
210} 257}
211 258
@@ -219,13 +266,18 @@ static struct crypt_iv_operations crypt_iv_essiv_ops = {
219 .generator = crypt_iv_essiv_gen 266 .generator = crypt_iv_essiv_gen
220}; 267};
221 268
269static struct crypt_iv_operations crypt_iv_benbi_ops = {
270 .ctr = crypt_iv_benbi_ctr,
271 .dtr = crypt_iv_benbi_dtr,
272 .generator = crypt_iv_benbi_gen
273};
222 274
223static int 275static int
224crypt_convert_scatterlist(struct crypt_config *cc, struct scatterlist *out, 276crypt_convert_scatterlist(struct crypt_config *cc, struct scatterlist *out,
225 struct scatterlist *in, unsigned int length, 277 struct scatterlist *in, unsigned int length,
226 int write, sector_t sector) 278 int write, sector_t sector)
227{ 279{
228 u8 iv[cc->iv_size]; 280 u8 iv[cc->iv_size] __attribute__ ((aligned(__alignof__(u64))));
229 struct blkcipher_desc desc = { 281 struct blkcipher_desc desc = {
230 .tfm = cc->tfm, 282 .tfm = cc->tfm,
231 .info = iv, 283 .info = iv,
@@ -768,7 +820,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
768 cc->tfm = tfm; 820 cc->tfm = tfm;
769 821
770 /* 822 /*
771 * Choose ivmode. Valid modes: "plain", "essiv:<esshash>". 823 * Choose ivmode. Valid modes: "plain", "essiv:<esshash>", "benbi".
772 * See comments at iv code 824 * See comments at iv code
773 */ 825 */
774 826
@@ -778,6 +830,8 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
778 cc->iv_gen_ops = &crypt_iv_plain_ops; 830 cc->iv_gen_ops = &crypt_iv_plain_ops;
779 else if (strcmp(ivmode, "essiv") == 0) 831 else if (strcmp(ivmode, "essiv") == 0)
780 cc->iv_gen_ops = &crypt_iv_essiv_ops; 832 cc->iv_gen_ops = &crypt_iv_essiv_ops;
833 else if (strcmp(ivmode, "benbi") == 0)
834 cc->iv_gen_ops = &crypt_iv_benbi_ops;
781 else { 835 else {
782 ti->error = "Invalid IV mode"; 836 ti->error = "Invalid IV mode";
783 goto bad2; 837 goto bad2;
diff --git a/drivers/net/irda/pxaficp_ir.c b/drivers/net/irda/pxaficp_ir.c
index f9a1c88a4283..9137e239fac2 100644
--- a/drivers/net/irda/pxaficp_ir.c
+++ b/drivers/net/irda/pxaficp_ir.c
@@ -704,9 +704,9 @@ static int pxa_irda_stop(struct net_device *dev)
704 return 0; 704 return 0;
705} 705}
706 706
707static int pxa_irda_suspend(struct device *_dev, pm_message_t state) 707static int pxa_irda_suspend(struct platform_device *_dev, pm_message_t state)
708{ 708{
709 struct net_device *dev = dev_get_drvdata(_dev); 709 struct net_device *dev = platform_get_drvdata(_dev);
710 struct pxa_irda *si; 710 struct pxa_irda *si;
711 711
712 if (dev && netif_running(dev)) { 712 if (dev && netif_running(dev)) {
@@ -718,9 +718,9 @@ static int pxa_irda_suspend(struct device *_dev, pm_message_t state)
718 return 0; 718 return 0;
719} 719}
720 720
721static int pxa_irda_resume(struct device *_dev) 721static int pxa_irda_resume(struct platform_device *_dev)
722{ 722{
723 struct net_device *dev = dev_get_drvdata(_dev); 723 struct net_device *dev = platform_get_drvdata(_dev);
724 struct pxa_irda *si; 724 struct pxa_irda *si;
725 725
726 if (dev && netif_running(dev)) { 726 if (dev && netif_running(dev)) {
@@ -746,9 +746,8 @@ static int pxa_irda_init_iobuf(iobuff_t *io, int size)
746 return io->head ? 0 : -ENOMEM; 746 return io->head ? 0 : -ENOMEM;
747} 747}
748 748
749static int pxa_irda_probe(struct device *_dev) 749static int pxa_irda_probe(struct platform_device *pdev)
750{ 750{
751 struct platform_device *pdev = to_platform_device(_dev);
752 struct net_device *dev; 751 struct net_device *dev;
753 struct pxa_irda *si; 752 struct pxa_irda *si;
754 unsigned int baudrate_mask; 753 unsigned int baudrate_mask;
@@ -822,9 +821,9 @@ err_mem_1:
822 return err; 821 return err;
823} 822}
824 823
825static int pxa_irda_remove(struct device *_dev) 824static int pxa_irda_remove(struct platform_device *_dev)
826{ 825{
827 struct net_device *dev = dev_get_drvdata(_dev); 826 struct net_device *dev = platform_get_drvdata(_dev);
828 827
829 if (dev) { 828 if (dev) {
830 struct pxa_irda *si = netdev_priv(dev); 829 struct pxa_irda *si = netdev_priv(dev);
@@ -840,9 +839,10 @@ static int pxa_irda_remove(struct device *_dev)
840 return 0; 839 return 0;
841} 840}
842 841
843static struct device_driver pxa_ir_driver = { 842static struct platform_driver pxa_ir_driver = {
844 .name = "pxa2xx-ir", 843 .driver = {
845 .bus = &platform_bus_type, 844 .name = "pxa2xx-ir",
845 },
846 .probe = pxa_irda_probe, 846 .probe = pxa_irda_probe,
847 .remove = pxa_irda_remove, 847 .remove = pxa_irda_remove,
848 .suspend = pxa_irda_suspend, 848 .suspend = pxa_irda_suspend,
@@ -851,12 +851,12 @@ static struct device_driver pxa_ir_driver = {
851 851
852static int __init pxa_irda_init(void) 852static int __init pxa_irda_init(void)
853{ 853{
854 return driver_register(&pxa_ir_driver); 854 return platform_driver_register(&pxa_ir_driver);
855} 855}
856 856
857static void __exit pxa_irda_exit(void) 857static void __exit pxa_irda_exit(void)
858{ 858{
859 driver_unregister(&pxa_ir_driver); 859 platform_driver_unregister(&pxa_ir_driver);
860} 860}
861 861
862module_init(pxa_irda_init); 862module_init(pxa_irda_init);
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index d9123c9adc1e..571320ae87ab 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -68,8 +68,8 @@
68 68
69#define DRV_MODULE_NAME "tg3" 69#define DRV_MODULE_NAME "tg3"
70#define PFX DRV_MODULE_NAME ": " 70#define PFX DRV_MODULE_NAME ": "
71#define DRV_MODULE_VERSION "3.69" 71#define DRV_MODULE_VERSION "3.70"
72#define DRV_MODULE_RELDATE "November 15, 2006" 72#define DRV_MODULE_RELDATE "December 1, 2006"
73 73
74#define TG3_DEF_MAC_MODE 0 74#define TG3_DEF_MAC_MODE 0
75#define TG3_DEF_RX_MODE 0 75#define TG3_DEF_RX_MODE 0
@@ -192,6 +192,7 @@ static struct pci_device_id tg3_pci_tbl[] = {
192 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786)}, 192 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786)},
193 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787)}, 193 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787)},
194 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M)}, 194 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M)},
195 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787F)},
195 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714)}, 196 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714)},
196 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S)}, 197 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S)},
197 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715)}, 198 {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715)},
@@ -1061,7 +1062,7 @@ static void tg3_frob_aux_power(struct tg3 *tp)
1061{ 1062{
1062 struct tg3 *tp_peer = tp; 1063 struct tg3 *tp_peer = tp;
1063 1064
1064 if ((tp->tg3_flags & TG3_FLAG_EEPROM_WRITE_PROT) != 0) 1065 if ((tp->tg3_flags2 & TG3_FLG2_IS_NIC) == 0)
1065 return; 1066 return;
1066 1067
1067 if ((GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5704) || 1068 if ((GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5704) ||
@@ -1212,8 +1213,8 @@ static int tg3_set_power_state(struct tg3 *tp, pci_power_t state)
1212 power_control); 1213 power_control);
1213 udelay(100); /* Delay after power state change */ 1214 udelay(100); /* Delay after power state change */
1214 1215
1215 /* Switch out of Vaux if it is not a LOM */ 1216 /* Switch out of Vaux if it is a NIC */
1216 if (!(tp->tg3_flags & TG3_FLAG_EEPROM_WRITE_PROT)) 1217 if (tp->tg3_flags2 & TG3_FLG2_IS_NIC)
1217 tw32_wait_f(GRC_LOCAL_CTRL, tp->grc_local_ctrl, 100); 1218 tw32_wait_f(GRC_LOCAL_CTRL, tp->grc_local_ctrl, 100);
1218 1219
1219 return 0; 1220 return 0;
@@ -1401,8 +1402,10 @@ static int tg3_set_power_state(struct tg3 *tp, pci_power_t state)
1401static void tg3_link_report(struct tg3 *tp) 1402static void tg3_link_report(struct tg3 *tp)
1402{ 1403{
1403 if (!netif_carrier_ok(tp->dev)) { 1404 if (!netif_carrier_ok(tp->dev)) {
1404 printk(KERN_INFO PFX "%s: Link is down.\n", tp->dev->name); 1405 if (netif_msg_link(tp))
1405 } else { 1406 printk(KERN_INFO PFX "%s: Link is down.\n",
1407 tp->dev->name);
1408 } else if (netif_msg_link(tp)) {
1406 printk(KERN_INFO PFX "%s: Link is up at %d Mbps, %s duplex.\n", 1409 printk(KERN_INFO PFX "%s: Link is up at %d Mbps, %s duplex.\n",
1407 tp->dev->name, 1410 tp->dev->name,
1408 (tp->link_config.active_speed == SPEED_1000 ? 1411 (tp->link_config.active_speed == SPEED_1000 ?
@@ -1557,12 +1560,6 @@ static void tg3_phy_copper_begin(struct tg3 *tp)
1557 1560
1558 tg3_writephy(tp, MII_ADVERTISE, new_adv); 1561 tg3_writephy(tp, MII_ADVERTISE, new_adv);
1559 } else if (tp->link_config.speed == SPEED_INVALID) { 1562 } else if (tp->link_config.speed == SPEED_INVALID) {
1560 tp->link_config.advertising =
1561 (ADVERTISED_10baseT_Half | ADVERTISED_10baseT_Full |
1562 ADVERTISED_100baseT_Half | ADVERTISED_100baseT_Full |
1563 ADVERTISED_1000baseT_Half | ADVERTISED_1000baseT_Full |
1564 ADVERTISED_Autoneg | ADVERTISED_MII);
1565
1566 if (tp->tg3_flags & TG3_FLAG_10_100_ONLY) 1563 if (tp->tg3_flags & TG3_FLAG_10_100_ONLY)
1567 tp->link_config.advertising &= 1564 tp->link_config.advertising &=
1568 ~(ADVERTISED_1000baseT_Half | 1565 ~(ADVERTISED_1000baseT_Half |
@@ -1706,25 +1703,36 @@ static int tg3_init_5401phy_dsp(struct tg3 *tp)
1706 return err; 1703 return err;
1707} 1704}
1708 1705
1709static int tg3_copper_is_advertising_all(struct tg3 *tp) 1706static int tg3_copper_is_advertising_all(struct tg3 *tp, u32 mask)
1710{ 1707{
1711 u32 adv_reg, all_mask; 1708 u32 adv_reg, all_mask = 0;
1709
1710 if (mask & ADVERTISED_10baseT_Half)
1711 all_mask |= ADVERTISE_10HALF;
1712 if (mask & ADVERTISED_10baseT_Full)
1713 all_mask |= ADVERTISE_10FULL;
1714 if (mask & ADVERTISED_100baseT_Half)
1715 all_mask |= ADVERTISE_100HALF;
1716 if (mask & ADVERTISED_100baseT_Full)
1717 all_mask |= ADVERTISE_100FULL;
1712 1718
1713 if (tg3_readphy(tp, MII_ADVERTISE, &adv_reg)) 1719 if (tg3_readphy(tp, MII_ADVERTISE, &adv_reg))
1714 return 0; 1720 return 0;
1715 1721
1716 all_mask = (ADVERTISE_10HALF | ADVERTISE_10FULL |
1717 ADVERTISE_100HALF | ADVERTISE_100FULL);
1718 if ((adv_reg & all_mask) != all_mask) 1722 if ((adv_reg & all_mask) != all_mask)
1719 return 0; 1723 return 0;
1720 if (!(tp->tg3_flags & TG3_FLAG_10_100_ONLY)) { 1724 if (!(tp->tg3_flags & TG3_FLAG_10_100_ONLY)) {
1721 u32 tg3_ctrl; 1725 u32 tg3_ctrl;
1722 1726
1727 all_mask = 0;
1728 if (mask & ADVERTISED_1000baseT_Half)
1729 all_mask |= ADVERTISE_1000HALF;
1730 if (mask & ADVERTISED_1000baseT_Full)
1731 all_mask |= ADVERTISE_1000FULL;
1732
1723 if (tg3_readphy(tp, MII_TG3_CTRL, &tg3_ctrl)) 1733 if (tg3_readphy(tp, MII_TG3_CTRL, &tg3_ctrl))
1724 return 0; 1734 return 0;
1725 1735
1726 all_mask = (MII_TG3_CTRL_ADV_1000_HALF |
1727 MII_TG3_CTRL_ADV_1000_FULL);
1728 if ((tg3_ctrl & all_mask) != all_mask) 1736 if ((tg3_ctrl & all_mask) != all_mask)
1729 return 0; 1737 return 0;
1730 } 1738 }
@@ -1884,7 +1892,8 @@ static int tg3_setup_copper_phy(struct tg3 *tp, int force_reset)
1884 /* Force autoneg restart if we are exiting 1892 /* Force autoneg restart if we are exiting
1885 * low power mode. 1893 * low power mode.
1886 */ 1894 */
1887 if (!tg3_copper_is_advertising_all(tp)) 1895 if (!tg3_copper_is_advertising_all(tp,
1896 tp->link_config.advertising))
1888 current_link_up = 0; 1897 current_link_up = 0;
1889 } else { 1898 } else {
1890 current_link_up = 0; 1899 current_link_up = 0;
@@ -3703,8 +3712,9 @@ static void tg3_tx_timeout(struct net_device *dev)
3703{ 3712{
3704 struct tg3 *tp = netdev_priv(dev); 3713 struct tg3 *tp = netdev_priv(dev);
3705 3714
3706 printk(KERN_ERR PFX "%s: transmit timed out, resetting\n", 3715 if (netif_msg_tx_err(tp))
3707 dev->name); 3716 printk(KERN_ERR PFX "%s: transmit timed out, resetting\n",
3717 dev->name);
3708 3718
3709 schedule_work(&tp->reset_task); 3719 schedule_work(&tp->reset_task);
3710} 3720}
@@ -6396,16 +6406,17 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
6396 udelay(40); 6406 udelay(40);
6397 6407
6398 /* tp->grc_local_ctrl is partially set up during tg3_get_invariants(). 6408 /* tp->grc_local_ctrl is partially set up during tg3_get_invariants().
6399 * If TG3_FLAG_EEPROM_WRITE_PROT is set, we should read the 6409 * If TG3_FLG2_IS_NIC is zero, we should read the
6400 * register to preserve the GPIO settings for LOMs. The GPIOs, 6410 * register to preserve the GPIO settings for LOMs. The GPIOs,
6401 * whether used as inputs or outputs, are set by boot code after 6411 * whether used as inputs or outputs, are set by boot code after
6402 * reset. 6412 * reset.
6403 */ 6413 */
6404 if (tp->tg3_flags & TG3_FLAG_EEPROM_WRITE_PROT) { 6414 if (!(tp->tg3_flags2 & TG3_FLG2_IS_NIC)) {
6405 u32 gpio_mask; 6415 u32 gpio_mask;
6406 6416
6407 gpio_mask = GRC_LCLCTRL_GPIO_OE0 | GRC_LCLCTRL_GPIO_OE2 | 6417 gpio_mask = GRC_LCLCTRL_GPIO_OE0 | GRC_LCLCTRL_GPIO_OE1 |
6408 GRC_LCLCTRL_GPIO_OUTPUT0 | GRC_LCLCTRL_GPIO_OUTPUT2; 6418 GRC_LCLCTRL_GPIO_OE2 | GRC_LCLCTRL_GPIO_OUTPUT0 |
6419 GRC_LCLCTRL_GPIO_OUTPUT1 | GRC_LCLCTRL_GPIO_OUTPUT2;
6409 6420
6410 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5752) 6421 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5752)
6411 gpio_mask |= GRC_LCLCTRL_GPIO_OE3 | 6422 gpio_mask |= GRC_LCLCTRL_GPIO_OE3 |
@@ -6417,8 +6428,9 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
6417 tp->grc_local_ctrl |= tr32(GRC_LOCAL_CTRL) & gpio_mask; 6428 tp->grc_local_ctrl |= tr32(GRC_LOCAL_CTRL) & gpio_mask;
6418 6429
6419 /* GPIO1 must be driven high for eeprom write protect */ 6430 /* GPIO1 must be driven high for eeprom write protect */
6420 tp->grc_local_ctrl |= (GRC_LCLCTRL_GPIO_OE1 | 6431 if (tp->tg3_flags & TG3_FLAG_EEPROM_WRITE_PROT)
6421 GRC_LCLCTRL_GPIO_OUTPUT1); 6432 tp->grc_local_ctrl |= (GRC_LCLCTRL_GPIO_OE1 |
6433 GRC_LCLCTRL_GPIO_OUTPUT1);
6422 } 6434 }
6423 tw32_f(GRC_LOCAL_CTRL, tp->grc_local_ctrl); 6435 tw32_f(GRC_LOCAL_CTRL, tp->grc_local_ctrl);
6424 udelay(100); 6436 udelay(100);
@@ -8656,7 +8668,9 @@ static int tg3_test_registers(struct tg3 *tp)
8656 return 0; 8668 return 0;
8657 8669
8658out: 8670out:
8659 printk(KERN_ERR PFX "Register test failed at offset %x\n", offset); 8671 if (netif_msg_hw(tp))
8672 printk(KERN_ERR PFX "Register test failed at offset %x\n",
8673 offset);
8660 tw32(offset, save_val); 8674 tw32(offset, save_val);
8661 return -EIO; 8675 return -EIO;
8662} 8676}
@@ -8781,17 +8795,20 @@ static int tg3_run_loopback(struct tg3 *tp, int loopback_mode)
8781 tg3_writephy(tp, 0x10, phy & ~0x4000); 8795 tg3_writephy(tp, 0x10, phy & ~0x4000);
8782 tg3_writephy(tp, MII_TG3_EPHY_TEST, phytest); 8796 tg3_writephy(tp, MII_TG3_EPHY_TEST, phytest);
8783 } 8797 }
8784 } 8798 val = BMCR_LOOPBACK | BMCR_FULLDPLX | BMCR_SPEED100;
8785 val = BMCR_LOOPBACK | BMCR_FULLDPLX; 8799 } else
8786 if (tp->tg3_flags & TG3_FLAG_10_100_ONLY) 8800 val = BMCR_LOOPBACK | BMCR_FULLDPLX | BMCR_SPEED1000;
8787 val |= BMCR_SPEED100;
8788 else
8789 val |= BMCR_SPEED1000;
8790 8801
8791 tg3_writephy(tp, MII_BMCR, val); 8802 tg3_writephy(tp, MII_BMCR, val);
8792 udelay(40); 8803 udelay(40);
8793 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) 8804
8805 mac_mode = (tp->mac_mode & ~MAC_MODE_PORT_MODE_MASK) |
8806 MAC_MODE_LINK_POLARITY;
8807 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) {
8794 tg3_writephy(tp, MII_TG3_EPHY_PTEST, 0x1800); 8808 tg3_writephy(tp, MII_TG3_EPHY_PTEST, 0x1800);
8809 mac_mode |= MAC_MODE_PORT_MODE_MII;
8810 } else
8811 mac_mode |= MAC_MODE_PORT_MODE_GMII;
8795 8812
8796 /* reset to prevent losing 1st rx packet intermittently */ 8813 /* reset to prevent losing 1st rx packet intermittently */
8797 if (tp->tg3_flags2 & TG3_FLG2_MII_SERDES) { 8814 if (tp->tg3_flags2 & TG3_FLG2_MII_SERDES) {
@@ -8799,12 +8816,6 @@ static int tg3_run_loopback(struct tg3 *tp, int loopback_mode)
8799 udelay(10); 8816 udelay(10);
8800 tw32_f(MAC_RX_MODE, tp->rx_mode); 8817 tw32_f(MAC_RX_MODE, tp->rx_mode);
8801 } 8818 }
8802 mac_mode = (tp->mac_mode & ~MAC_MODE_PORT_MODE_MASK) |
8803 MAC_MODE_LINK_POLARITY;
8804 if (tp->tg3_flags & TG3_FLAG_10_100_ONLY)
8805 mac_mode |= MAC_MODE_PORT_MODE_MII;
8806 else
8807 mac_mode |= MAC_MODE_PORT_MODE_GMII;
8808 if ((tp->phy_id & PHY_ID_MASK) == PHY_ID_BCM5401) { 8819 if ((tp->phy_id & PHY_ID_MASK) == PHY_ID_BCM5401) {
8809 mac_mode &= ~MAC_MODE_LINK_POLARITY; 8820 mac_mode &= ~MAC_MODE_LINK_POLARITY;
8810 tg3_writephy(tp, MII_TG3_EXT_CTRL, 8821 tg3_writephy(tp, MII_TG3_EXT_CTRL,
@@ -9456,16 +9467,12 @@ static void __devinit tg3_get_5906_nvram_info(struct tg3 *tp)
9456/* Chips other than 5700/5701 use the NVRAM for fetching info. */ 9467/* Chips other than 5700/5701 use the NVRAM for fetching info. */
9457static void __devinit tg3_nvram_init(struct tg3 *tp) 9468static void __devinit tg3_nvram_init(struct tg3 *tp)
9458{ 9469{
9459 int j;
9460
9461 tw32_f(GRC_EEPROM_ADDR, 9470 tw32_f(GRC_EEPROM_ADDR,
9462 (EEPROM_ADDR_FSM_RESET | 9471 (EEPROM_ADDR_FSM_RESET |
9463 (EEPROM_DEFAULT_CLOCK_PERIOD << 9472 (EEPROM_DEFAULT_CLOCK_PERIOD <<
9464 EEPROM_ADDR_CLKPERD_SHIFT))); 9473 EEPROM_ADDR_CLKPERD_SHIFT)));
9465 9474
9466 /* XXX schedule_timeout() ... */ 9475 msleep(1);
9467 for (j = 0; j < 100; j++)
9468 udelay(10);
9469 9476
9470 /* Enable seeprom accesses. */ 9477 /* Enable seeprom accesses. */
9471 tw32_f(GRC_LOCAL_CTRL, 9478 tw32_f(GRC_LOCAL_CTRL,
@@ -9526,12 +9533,12 @@ static int tg3_nvram_read_using_eeprom(struct tg3 *tp,
9526 EEPROM_ADDR_ADDR_MASK) | 9533 EEPROM_ADDR_ADDR_MASK) |
9527 EEPROM_ADDR_READ | EEPROM_ADDR_START); 9534 EEPROM_ADDR_READ | EEPROM_ADDR_START);
9528 9535
9529 for (i = 0; i < 10000; i++) { 9536 for (i = 0; i < 1000; i++) {
9530 tmp = tr32(GRC_EEPROM_ADDR); 9537 tmp = tr32(GRC_EEPROM_ADDR);
9531 9538
9532 if (tmp & EEPROM_ADDR_COMPLETE) 9539 if (tmp & EEPROM_ADDR_COMPLETE)
9533 break; 9540 break;
9534 udelay(100); 9541 msleep(1);
9535 } 9542 }
9536 if (!(tmp & EEPROM_ADDR_COMPLETE)) 9543 if (!(tmp & EEPROM_ADDR_COMPLETE))
9537 return -EBUSY; 9544 return -EBUSY;
@@ -9656,12 +9663,12 @@ static int tg3_nvram_write_block_using_eeprom(struct tg3 *tp,
9656 EEPROM_ADDR_START | 9663 EEPROM_ADDR_START |
9657 EEPROM_ADDR_WRITE); 9664 EEPROM_ADDR_WRITE);
9658 9665
9659 for (j = 0; j < 10000; j++) { 9666 for (j = 0; j < 1000; j++) {
9660 val = tr32(GRC_EEPROM_ADDR); 9667 val = tr32(GRC_EEPROM_ADDR);
9661 9668
9662 if (val & EEPROM_ADDR_COMPLETE) 9669 if (val & EEPROM_ADDR_COMPLETE)
9663 break; 9670 break;
9664 udelay(100); 9671 msleep(1);
9665 } 9672 }
9666 if (!(val & EEPROM_ADDR_COMPLETE)) { 9673 if (!(val & EEPROM_ADDR_COMPLETE)) {
9667 rc = -EBUSY; 9674 rc = -EBUSY;
@@ -9965,8 +9972,10 @@ static void __devinit tg3_get_eeprom_hw_cfg(struct tg3 *tp)
9965 tp->tg3_flags |= TG3_FLAG_EEPROM_WRITE_PROT; 9972 tp->tg3_flags |= TG3_FLAG_EEPROM_WRITE_PROT;
9966 9973
9967 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) { 9974 if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) {
9968 if (!(tr32(PCIE_TRANSACTION_CFG) & PCIE_TRANS_CFG_LOM)) 9975 if (!(tr32(PCIE_TRANSACTION_CFG) & PCIE_TRANS_CFG_LOM)) {
9969 tp->tg3_flags &= ~TG3_FLAG_EEPROM_WRITE_PROT; 9976 tp->tg3_flags &= ~TG3_FLAG_EEPROM_WRITE_PROT;
9977 tp->tg3_flags2 |= TG3_FLG2_IS_NIC;
9978 }
9970 return; 9979 return;
9971 } 9980 }
9972 9981
@@ -10066,10 +10075,17 @@ static void __devinit tg3_get_eeprom_hw_cfg(struct tg3 *tp)
10066 tp->pdev->subsystem_vendor == PCI_VENDOR_ID_DELL) 10075 tp->pdev->subsystem_vendor == PCI_VENDOR_ID_DELL)
10067 tp->led_ctrl = LED_CTRL_MODE_PHY_2; 10076 tp->led_ctrl = LED_CTRL_MODE_PHY_2;
10068 10077
10069 if (nic_cfg & NIC_SRAM_DATA_CFG_EEPROM_WP) 10078 if (nic_cfg & NIC_SRAM_DATA_CFG_EEPROM_WP) {
10070 tp->tg3_flags |= TG3_FLAG_EEPROM_WRITE_PROT; 10079 tp->tg3_flags |= TG3_FLAG_EEPROM_WRITE_PROT;
10071 else 10080 if ((tp->pdev->subsystem_vendor ==
10081 PCI_VENDOR_ID_ARIMA) &&
10082 (tp->pdev->subsystem_device == 0x205a ||
10083 tp->pdev->subsystem_device == 0x2063))
10084 tp->tg3_flags &= ~TG3_FLAG_EEPROM_WRITE_PROT;
10085 } else {
10072 tp->tg3_flags &= ~TG3_FLAG_EEPROM_WRITE_PROT; 10086 tp->tg3_flags &= ~TG3_FLAG_EEPROM_WRITE_PROT;
10087 tp->tg3_flags2 |= TG3_FLG2_IS_NIC;
10088 }
10073 10089
10074 if (nic_cfg & NIC_SRAM_DATA_CFG_ASF_ENABLE) { 10090 if (nic_cfg & NIC_SRAM_DATA_CFG_ASF_ENABLE) {
10075 tp->tg3_flags |= TG3_FLAG_ENABLE_ASF; 10091 tp->tg3_flags |= TG3_FLAG_ENABLE_ASF;
@@ -10147,7 +10163,7 @@ static int __devinit tg3_phy_probe(struct tg3 *tp)
10147 10163
10148 if (!(tp->tg3_flags2 & TG3_FLG2_ANY_SERDES) && 10164 if (!(tp->tg3_flags2 & TG3_FLG2_ANY_SERDES) &&
10149 !(tp->tg3_flags & TG3_FLAG_ENABLE_ASF)) { 10165 !(tp->tg3_flags & TG3_FLAG_ENABLE_ASF)) {
10150 u32 bmsr, adv_reg, tg3_ctrl; 10166 u32 bmsr, adv_reg, tg3_ctrl, mask;
10151 10167
10152 tg3_readphy(tp, MII_BMSR, &bmsr); 10168 tg3_readphy(tp, MII_BMSR, &bmsr);
10153 if (!tg3_readphy(tp, MII_BMSR, &bmsr) && 10169 if (!tg3_readphy(tp, MII_BMSR, &bmsr) &&
@@ -10171,7 +10187,10 @@ static int __devinit tg3_phy_probe(struct tg3 *tp)
10171 MII_TG3_CTRL_ENABLE_AS_MASTER); 10187 MII_TG3_CTRL_ENABLE_AS_MASTER);
10172 } 10188 }
10173 10189
10174 if (!tg3_copper_is_advertising_all(tp)) { 10190 mask = (ADVERTISED_10baseT_Half | ADVERTISED_10baseT_Full |
10191 ADVERTISED_100baseT_Half | ADVERTISED_100baseT_Full |
10192 ADVERTISED_1000baseT_Half | ADVERTISED_1000baseT_Full);
10193 if (!tg3_copper_is_advertising_all(tp, mask)) {
10175 tg3_writephy(tp, MII_ADVERTISE, adv_reg); 10194 tg3_writephy(tp, MII_ADVERTISE, adv_reg);
10176 10195
10177 if (!(tp->tg3_flags & TG3_FLAG_10_100_ONLY)) 10196 if (!(tp->tg3_flags & TG3_FLAG_10_100_ONLY))
@@ -10695,7 +10714,7 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
10695 tp->tg3_flags |= TG3_FLAG_SRAM_USE_CONFIG; 10714 tp->tg3_flags |= TG3_FLAG_SRAM_USE_CONFIG;
10696 10715
10697 /* Get eeprom hw config before calling tg3_set_power_state(). 10716 /* Get eeprom hw config before calling tg3_set_power_state().
10698 * In particular, the TG3_FLAG_EEPROM_WRITE_PROT flag must be 10717 * In particular, the TG3_FLG2_IS_NIC flag must be
10699 * determined before calling tg3_set_power_state() so that 10718 * determined before calling tg3_set_power_state() so that
10700 * we know whether or not to switch out of Vaux power. 10719 * we know whether or not to switch out of Vaux power.
10701 * When the flag is set, it means that GPIO1 is used for eeprom 10720 * When the flag is set, it means that GPIO1 is used for eeprom
@@ -10862,7 +10881,8 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
10862 tp->pdev->device == PCI_DEVICE_ID_TIGON3_5705F)) || 10881 tp->pdev->device == PCI_DEVICE_ID_TIGON3_5705F)) ||
10863 (tp->pdev->vendor == PCI_VENDOR_ID_BROADCOM && 10882 (tp->pdev->vendor == PCI_VENDOR_ID_BROADCOM &&
10864 (tp->pdev->device == PCI_DEVICE_ID_TIGON3_5751F || 10883 (tp->pdev->device == PCI_DEVICE_ID_TIGON3_5751F ||
10865 tp->pdev->device == PCI_DEVICE_ID_TIGON3_5753F)) || 10884 tp->pdev->device == PCI_DEVICE_ID_TIGON3_5753F ||
10885 tp->pdev->device == PCI_DEVICE_ID_TIGON3_5787F)) ||
10866 GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) 10886 GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906)
10867 tp->tg3_flags |= TG3_FLAG_10_100_ONLY; 10887 tp->tg3_flags |= TG3_FLAG_10_100_ONLY;
10868 10888
@@ -11912,13 +11932,15 @@ static int __devinit tg3_init_one(struct pci_dev *pdev,
11912 11932
11913 pci_set_drvdata(pdev, dev); 11933 pci_set_drvdata(pdev, dev);
11914 11934
11915 printk(KERN_INFO "%s: Tigon3 [partno(%s) rev %04x PHY(%s)] (%s) %sBaseT Ethernet ", 11935 printk(KERN_INFO "%s: Tigon3 [partno(%s) rev %04x PHY(%s)] (%s) %s Ethernet ",
11916 dev->name, 11936 dev->name,
11917 tp->board_part_number, 11937 tp->board_part_number,
11918 tp->pci_chip_rev_id, 11938 tp->pci_chip_rev_id,
11919 tg3_phy_string(tp), 11939 tg3_phy_string(tp),
11920 tg3_bus_string(tp, str), 11940 tg3_bus_string(tp, str),
11921 (tp->tg3_flags & TG3_FLAG_10_100_ONLY) ? "10/100" : "10/100/1000"); 11941 ((tp->tg3_flags & TG3_FLAG_10_100_ONLY) ? "10/100Base-TX" :
11942 ((tp->tg3_flags2 & TG3_FLG2_ANY_SERDES) ? "1000Base-SX" :
11943 "10/100/1000Base-T")));
11922 11944
11923 for (i = 0; i < 6; i++) 11945 for (i = 0; i < 6; i++)
11924 printk("%2.2x%c", dev->dev_addr[i], 11946 printk("%2.2x%c", dev->dev_addr[i],
diff --git a/drivers/net/tg3.h b/drivers/net/tg3.h
index 92f53000bce6..dfaf4ed127bd 100644
--- a/drivers/net/tg3.h
+++ b/drivers/net/tg3.h
@@ -2233,6 +2233,7 @@ struct tg3 {
2233#define TG3_FLG2_PCI_EXPRESS 0x00000200 2233#define TG3_FLG2_PCI_EXPRESS 0x00000200
2234#define TG3_FLG2_ASF_NEW_HANDSHAKE 0x00000400 2234#define TG3_FLG2_ASF_NEW_HANDSHAKE 0x00000400
2235#define TG3_FLG2_HW_AUTONEG 0x00000800 2235#define TG3_FLG2_HW_AUTONEG 0x00000800
2236#define TG3_FLG2_IS_NIC 0x00001000
2236#define TG3_FLG2_PHY_SERDES 0x00002000 2237#define TG3_FLG2_PHY_SERDES 0x00002000
2237#define TG3_FLG2_CAPACITIVE_COUPLING 0x00004000 2238#define TG3_FLG2_CAPACITIVE_COUPLING 0x00004000
2238#define TG3_FLG2_FLASH 0x00008000 2239#define TG3_FLG2_FLASH 0x00008000
diff --git a/include/crypto/b128ops.h b/include/crypto/b128ops.h
new file mode 100644
index 000000000000..0b8e6bc55301
--- /dev/null
+++ b/include/crypto/b128ops.h
@@ -0,0 +1,80 @@
1/* b128ops.h - common 128-bit block operations
2 *
3 * Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.
4 * Copyright (c) 2006, Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based on Dr Brian Gladman's (GPL'd) work published at
7 * http://fp.gladman.plus.com/cryptography_technology/index.htm
8 * See the original copyright notice below.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 */
15/*
16 ---------------------------------------------------------------------------
17 Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
18
19 LICENSE TERMS
20
21 The free distribution and use of this software in both source and binary
22 form is allowed (with or without changes) provided that:
23
24 1. distributions of this source code include the above copyright
25 notice, this list of conditions and the following disclaimer;
26
27 2. distributions in binary form include the above copyright
28 notice, this list of conditions and the following disclaimer
29 in the documentation and/or other associated materials;
30
31 3. the copyright holder's name is not used to endorse products
32 built using this software without specific written permission.
33
34 ALTERNATIVELY, provided that this notice is retained in full, this product
35 may be distributed under the terms of the GNU General Public License (GPL),
36 in which case the provisions of the GPL apply INSTEAD OF those given above.
37
38 DISCLAIMER
39
40 This software is provided 'as is' with no explicit or implied warranties
41 in respect of its properties, including, but not limited to, correctness
42 and/or fitness for purpose.
43 ---------------------------------------------------------------------------
44 Issue Date: 13/06/2006
45*/
46
47#ifndef _CRYPTO_B128OPS_H
48#define _CRYPTO_B128OPS_H
49
50#include <linux/types.h>
51
52typedef struct {
53 u64 a, b;
54} u128;
55
56typedef struct {
57 __be64 a, b;
58} be128;
59
60typedef struct {
61 __le64 b, a;
62} le128;
63
64static inline void u128_xor(u128 *r, const u128 *p, const u128 *q)
65{
66 r->a = p->a ^ q->a;
67 r->b = p->b ^ q->b;
68}
69
70static inline void be128_xor(be128 *r, const be128 *p, const be128 *q)
71{
72 u128_xor((u128 *)r, (u128 *)p, (u128 *)q);
73}
74
75static inline void le128_xor(le128 *r, const le128 *p, const le128 *q)
76{
77 u128_xor((u128 *)r, (u128 *)p, (u128 *)q);
78}
79
80#endif /* _CRYPTO_B128OPS_H */
diff --git a/include/crypto/gf128mul.h b/include/crypto/gf128mul.h
new file mode 100644
index 000000000000..4fd315202442
--- /dev/null
+++ b/include/crypto/gf128mul.h
@@ -0,0 +1,198 @@
1/* gf128mul.h - GF(2^128) multiplication functions
2 *
3 * Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.
4 * Copyright (c) 2006 Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based on Dr Brian Gladman's (GPL'd) work published at
7 * http://fp.gladman.plus.com/cryptography_technology/index.htm
8 * See the original copyright notice below.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 */
15/*
16 ---------------------------------------------------------------------------
17 Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
18
19 LICENSE TERMS
20
21 The free distribution and use of this software in both source and binary
22 form is allowed (with or without changes) provided that:
23
24 1. distributions of this source code include the above copyright
25 notice, this list of conditions and the following disclaimer;
26
27 2. distributions in binary form include the above copyright
28 notice, this list of conditions and the following disclaimer
29 in the documentation and/or other associated materials;
30
31 3. the copyright holder's name is not used to endorse products
32 built using this software without specific written permission.
33
34 ALTERNATIVELY, provided that this notice is retained in full, this product
35 may be distributed under the terms of the GNU General Public License (GPL),
36 in which case the provisions of the GPL apply INSTEAD OF those given above.
37
38 DISCLAIMER
39
40 This software is provided 'as is' with no explicit or implied warranties
41 in respect of its properties, including, but not limited to, correctness
42 and/or fitness for purpose.
43 ---------------------------------------------------------------------------
44 Issue Date: 31/01/2006
45
46 An implementation of field multiplication in Galois Field GF(128)
47*/
48
49#ifndef _CRYPTO_GF128MUL_H
50#define _CRYPTO_GF128MUL_H
51
52#include <crypto/b128ops.h>
53#include <linux/slab.h>
54
55/* Comment by Rik:
56 *
57 * For some background on GF(2^128) see for example: http://-
58 * csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcm/gcm-revised-spec.pdf
59 *
60 * The elements of GF(2^128) := GF(2)[X]/(X^128-X^7-X^2-X^1-1) can
61 * be mapped to computer memory in a variety of ways. Let's examine
62 * three common cases.
63 *
64 * Take a look at the 16 binary octets below in memory order. The msb's
65 * are left and the lsb's are right. char b[16] is an array and b[0] is
66 * the first octet.
67 *
68 * 80000000 00000000 00000000 00000000 .... 00000000 00000000 00000000
69 * b[0] b[1] b[2] b[3] b[13] b[14] b[15]
70 *
71 * Every bit is a coefficient of some power of X. We can store the bits
72 * in every byte in little-endian order and the bytes themselves also in
73 * little endian order. I will call this lle (little-little-endian).
74 * The above buffer represents the polynomial 1, and X^7+X^2+X^1+1 looks
75 * like 11100001 00000000 .... 00000000 = { 0xE1, 0x00, }.
76 * This format was originally implemented in gf128mul and is used
77 * in GCM (Galois/Counter mode) and in ABL (Arbitrary Block Length).
78 *
79 * Another convention says: store the bits in bigendian order and the
80 * bytes also. This is bbe (big-big-endian). Now the buffer above
81 * represents X^127. X^7+X^2+X^1+1 looks like 00000000 .... 10000111,
82 * b[15] = 0x87 and the rest is 0. LRW uses this convention and bbe
83 * is partly implemented.
84 *
85 * Both of the above formats are easy to implement on big-endian
86 * machines.
87 *
88 * EME (which is patent encumbered) uses the ble format (bits are stored
89 * in big endian order and the bytes in little endian). The above buffer
90 * represents X^7 in this case and the primitive polynomial is b[0] = 0x87.
91 *
92 * The common machine word-size is smaller than 128 bits, so to make
93 * an efficient implementation we must split into machine word sizes.
94 * This file uses one 32bit for the moment. Machine endianness comes into
95 * play. The lle format in relation to machine endianness is discussed
96 * below by the original author of gf128mul Dr Brian Gladman.
97 *
98 * Let's look at the bbe and ble format on a little endian machine.
99 *
100 * bbe on a little endian machine u32 x[4]:
101 *
102 * MS x[0] LS MS x[1] LS
103 * ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
104 * 103..96 111.104 119.112 127.120 71...64 79...72 87...80 95...88
105 *
106 * MS x[2] LS MS x[3] LS
107 * ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
108 * 39...32 47...40 55...48 63...56 07...00 15...08 23...16 31...24
109 *
110 * ble on a little endian machine
111 *
112 * MS x[0] LS MS x[1] LS
113 * ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
114 * 31...24 23...16 15...08 07...00 63...56 55...48 47...40 39...32
115 *
116 * MS x[2] LS MS x[3] LS
117 * ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
118 * 95...88 87...80 79...72 71...64 127.120 199.112 111.104 103..96
119 *
120 * Multiplications in GF(2^128) are mostly bit-shifts, so you see why
121 * ble (and lbe also) are easier to implement on a little-endian
122 * machine than on a big-endian machine. The converse holds for bbe
123 * and lle.
124 *
125 * Note: to have good alignment, it seems to me that it is sufficient
126 * to keep elements of GF(2^128) in type u64[2]. On 32-bit wordsize
127 * machines this will automatically aligned to wordsize and on a 64-bit
128 * machine also.
129 */
130/* Multiply a GF128 field element by x. Field elements are held in arrays
131 of bytes in which field bits 8n..8n + 7 are held in byte[n], with lower
132 indexed bits placed in the more numerically significant bit positions
133 within bytes.
134
135 On little endian machines the bit indexes translate into the bit
136 positions within four 32-bit words in the following way
137
138 MS x[0] LS MS x[1] LS
139 ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
140 24...31 16...23 08...15 00...07 56...63 48...55 40...47 32...39
141
142 MS x[2] LS MS x[3] LS
143 ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
144 88...95 80...87 72...79 64...71 120.127 112.119 104.111 96..103
145
146 On big endian machines the bit indexes translate into the bit
147 positions within four 32-bit words in the following way
148
149 MS x[0] LS MS x[1] LS
150 ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
151 00...07 08...15 16...23 24...31 32...39 40...47 48...55 56...63
152
153 MS x[2] LS MS x[3] LS
154 ms ls ms ls ms ls ms ls ms ls ms ls ms ls ms ls
155 64...71 72...79 80...87 88...95 96..103 104.111 112.119 120.127
156*/
157
158/* A slow generic version of gf_mul, implemented for lle and bbe
159 * It multiplies a and b and puts the result in a */
160void gf128mul_lle(be128 *a, const be128 *b);
161
162void gf128mul_bbe(be128 *a, const be128 *b);
163
164
165/* 4k table optimization */
166
167struct gf128mul_4k {
168 be128 t[256];
169};
170
171struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g);
172struct gf128mul_4k *gf128mul_init_4k_bbe(const be128 *g);
173void gf128mul_4k_lle(be128 *a, struct gf128mul_4k *t);
174void gf128mul_4k_bbe(be128 *a, struct gf128mul_4k *t);
175
176static inline void gf128mul_free_4k(struct gf128mul_4k *t)
177{
178 kfree(t);
179}
180
181
182/* 64k table optimization, implemented for lle and bbe */
183
184struct gf128mul_64k {
185 struct gf128mul_4k *t[16];
186};
187
188/* first initialize with the constant factor with which you
189 * want to multiply and then call gf128_64k_lle with the other
190 * factor in the first argument, the table in the second and a
191 * scratch register in the third. Afterwards *a = *r. */
192struct gf128mul_64k *gf128mul_init_64k_lle(const be128 *g);
193struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g);
194void gf128mul_free_64k(struct gf128mul_64k *t);
195void gf128mul_64k_lle(be128 *a, struct gf128mul_64k *t);
196void gf128mul_64k_bbe(be128 *a, struct gf128mul_64k *t);
197
198#endif /* _CRYPTO_GF128MUL_H */
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b2ca666d9997..0e07db6cc0d0 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -101,6 +101,10 @@
101#define AUDIT_MAC_CIPSOV4_DEL 1408 /* NetLabel: del CIPSOv4 DOI entry */ 101#define AUDIT_MAC_CIPSOV4_DEL 1408 /* NetLabel: del CIPSOv4 DOI entry */
102#define AUDIT_MAC_MAP_ADD 1409 /* NetLabel: add LSM domain mapping */ 102#define AUDIT_MAC_MAP_ADD 1409 /* NetLabel: add LSM domain mapping */
103#define AUDIT_MAC_MAP_DEL 1410 /* NetLabel: del LSM domain mapping */ 103#define AUDIT_MAC_MAP_DEL 1410 /* NetLabel: del LSM domain mapping */
104#define AUDIT_MAC_IPSEC_ADDSA 1411 /* Add a XFRM state */
105#define AUDIT_MAC_IPSEC_DELSA 1412 /* Delete a XFRM state */
106#define AUDIT_MAC_IPSEC_ADDSPD 1413 /* Add a XFRM policy */
107#define AUDIT_MAC_IPSEC_DELSPD 1414 /* Delete a XFRM policy */
104 108
105#define AUDIT_FIRST_KERN_ANOM_MSG 1700 109#define AUDIT_FIRST_KERN_ANOM_MSG 1700
106#define AUDIT_LAST_KERN_ANOM_MSG 1799 110#define AUDIT_LAST_KERN_ANOM_MSG 1799
@@ -377,6 +381,7 @@ extern void auditsc_get_stamp(struct audit_context *ctx,
377 struct timespec *t, unsigned int *serial); 381 struct timespec *t, unsigned int *serial);
378extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 382extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
379extern uid_t audit_get_loginuid(struct audit_context *ctx); 383extern uid_t audit_get_loginuid(struct audit_context *ctx);
384extern void audit_log_task_context(struct audit_buffer *ab);
380extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); 385extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
381extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 386extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
382extern int audit_bprm(struct linux_binprm *bprm); 387extern int audit_bprm(struct linux_binprm *bprm);
@@ -449,6 +454,7 @@ extern int audit_n_rules;
449#define audit_inode_update(i) do { ; } while (0) 454#define audit_inode_update(i) do { ; } while (0)
450#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 455#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
451#define audit_get_loginuid(c) ({ -1; }) 456#define audit_get_loginuid(c) ({ -1; })
457#define audit_log_task_context(b) do { ; } while (0)
452#define audit_ipc_obj(i) ({ 0; }) 458#define audit_ipc_obj(i) ({ 0; })
453#define audit_ipc_set_perm(q,u,g,m) ({ 0; }) 459#define audit_ipc_set_perm(q,u,g,m) ({ 0; })
454#define audit_bprm(p) ({ 0; }) 460#define audit_bprm(p) ({ 0; })
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 6485e9716b36..4aa9046601da 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -241,12 +241,8 @@ int crypto_unregister_alg(struct crypto_alg *alg);
241 * Algorithm query interface. 241 * Algorithm query interface.
242 */ 242 */
243#ifdef CONFIG_CRYPTO 243#ifdef CONFIG_CRYPTO
244int crypto_alg_available(const char *name, u32 flags)
245 __deprecated_for_modules;
246int crypto_has_alg(const char *name, u32 type, u32 mask); 244int crypto_has_alg(const char *name, u32 type, u32 mask);
247#else 245#else
248static int crypto_alg_available(const char *name, u32 flags)
249 __deprecated_for_modules;
250static inline int crypto_alg_available(const char *name, u32 flags) 246static inline int crypto_alg_available(const char *name, u32 flags)
251{ 247{
252 return 0; 248 return 0;
@@ -707,16 +703,6 @@ static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
707 dst, src); 703 dst, src);
708} 704}
709 705
710void crypto_digest_init(struct crypto_tfm *tfm) __deprecated_for_modules;
711void crypto_digest_update(struct crypto_tfm *tfm,
712 struct scatterlist *sg, unsigned int nsg)
713 __deprecated_for_modules;
714void crypto_digest_final(struct crypto_tfm *tfm, u8 *out)
715 __deprecated_for_modules;
716void crypto_digest_digest(struct crypto_tfm *tfm,
717 struct scatterlist *sg, unsigned int nsg, u8 *out)
718 __deprecated_for_modules;
719
720static inline struct crypto_hash *__crypto_hash_cast(struct crypto_tfm *tfm) 706static inline struct crypto_hash *__crypto_hash_cast(struct crypto_tfm *tfm)
721{ 707{
722 return (struct crypto_hash *)tfm; 708 return (struct crypto_hash *)tfm;
@@ -729,14 +715,6 @@ static inline struct crypto_hash *crypto_hash_cast(struct crypto_tfm *tfm)
729 return __crypto_hash_cast(tfm); 715 return __crypto_hash_cast(tfm);
730} 716}
731 717
732static int crypto_digest_setkey(struct crypto_tfm *tfm, const u8 *key,
733 unsigned int keylen) __deprecated;
734static inline int crypto_digest_setkey(struct crypto_tfm *tfm,
735 const u8 *key, unsigned int keylen)
736{
737 return tfm->crt_hash.setkey(crypto_hash_cast(tfm), key, keylen);
738}
739
740static inline struct crypto_hash *crypto_alloc_hash(const char *alg_name, 718static inline struct crypto_hash *crypto_alloc_hash(const char *alg_name,
741 u32 type, u32 mask) 719 u32 type, u32 mask)
742{ 720{
diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h
index 9049dc65ae51..f7a93770e1be 100644
--- a/include/linux/genetlink.h
+++ b/include/linux/genetlink.h
@@ -17,6 +17,9 @@ struct genlmsghdr {
17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr)) 17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
18 18
19#define GENL_ADMIN_PERM 0x01 19#define GENL_ADMIN_PERM 0x01
20#define GENL_CMD_CAP_DO 0x02
21#define GENL_CMD_CAP_DUMP 0x04
22#define GENL_CMD_CAP_HASPOL 0x08
20 23
21/* 24/*
22 * List of reserved static generic netlink identifiers: 25 * List of reserved static generic netlink identifiers:
@@ -58,9 +61,6 @@ enum {
58 CTRL_ATTR_OP_UNSPEC, 61 CTRL_ATTR_OP_UNSPEC,
59 CTRL_ATTR_OP_ID, 62 CTRL_ATTR_OP_ID,
60 CTRL_ATTR_OP_FLAGS, 63 CTRL_ATTR_OP_FLAGS,
61 CTRL_ATTR_OP_POLICY,
62 CTRL_ATTR_OP_DOIT,
63 CTRL_ATTR_OP_DUMPIT,
64 __CTRL_ATTR_OP_MAX, 64 __CTRL_ATTR_OP_MAX,
65}; 65};
66 66
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h
index fb049ec11ff2..9d8144a488cd 100644
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -2,6 +2,8 @@
2#ifndef _NF_CONNTRACK_PPTP_H 2#ifndef _NF_CONNTRACK_PPTP_H
3#define _NF_CONNTRACK_PPTP_H 3#define _NF_CONNTRACK_PPTP_H
4 4
5#include <linux/netfilter/nf_conntrack_common.h>
6
5/* state of the control session */ 7/* state of the control session */
6enum pptp_ctrlsess_state { 8enum pptp_ctrlsess_state {
7 PPTP_SESSION_NONE, /* no session present */ 9 PPTP_SESSION_NONE, /* no session present */
@@ -295,7 +297,6 @@ union pptp_ctrl_union {
295/* crap needed for nf_conntrack_compat.h */ 297/* crap needed for nf_conntrack_compat.h */
296struct nf_conn; 298struct nf_conn;
297struct nf_conntrack_expect; 299struct nf_conntrack_expect;
298enum ip_conntrack_info;
299 300
300extern int 301extern int
301(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, 302(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb,
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index ff2dcb436cd0..4d972bbef316 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1931,6 +1931,7 @@
1931#define PCI_DEVICE_ID_TIGON3_5750M 0x167c 1931#define PCI_DEVICE_ID_TIGON3_5750M 0x167c
1932#define PCI_DEVICE_ID_TIGON3_5751M 0x167d 1932#define PCI_DEVICE_ID_TIGON3_5751M 0x167d
1933#define PCI_DEVICE_ID_TIGON3_5751F 0x167e 1933#define PCI_DEVICE_ID_TIGON3_5751F 0x167e
1934#define PCI_DEVICE_ID_TIGON3_5787F 0x167f
1934#define PCI_DEVICE_ID_TIGON3_5787M 0x1693 1935#define PCI_DEVICE_ID_TIGON3_5787M 0x1693
1935#define PCI_DEVICE_ID_TIGON3_5782 0x1696 1936#define PCI_DEVICE_ID_TIGON3_5782 0x1696
1936#define PCI_DEVICE_ID_TIGON3_5786 0x169a 1937#define PCI_DEVICE_ID_TIGON3_5786 0x169a
@@ -2002,6 +2003,8 @@
2002#define PCI_DEVICE_ID_FARSITE_TE1 0x1610 2003#define PCI_DEVICE_ID_FARSITE_TE1 0x1610
2003#define PCI_DEVICE_ID_FARSITE_TE1C 0x1612 2004#define PCI_DEVICE_ID_FARSITE_TE1C 0x1612
2004 2005
2006#define PCI_VENDOR_ID_ARIMA 0x161f
2007
2005#define PCI_VENDOR_ID_SIBYTE 0x166d 2008#define PCI_VENDOR_ID_SIBYTE 0x166d
2006#define PCI_DEVICE_ID_BCM1250_PCI 0x0001 2009#define PCI_DEVICE_ID_BCM1250_PCI 0x0001
2007#define PCI_DEVICE_ID_BCM1250_HT 0x0002 2010#define PCI_DEVICE_ID_BCM1250_HT 0x0002
diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index 0f0b880c4280..265bafab6494 100644
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -285,6 +285,7 @@ struct sadb_x_sec_ctx {
285#define SADB_X_AALG_SHA2_384HMAC 6 285#define SADB_X_AALG_SHA2_384HMAC 6
286#define SADB_X_AALG_SHA2_512HMAC 7 286#define SADB_X_AALG_SHA2_512HMAC 7
287#define SADB_X_AALG_RIPEMD160HMAC 8 287#define SADB_X_AALG_RIPEMD160HMAC 8
288#define SADB_X_AALG_AES_XCBC_MAC 9
288#define SADB_X_AALG_NULL 251 /* kame */ 289#define SADB_X_AALG_NULL 251 /* kame */
289#define SADB_AALG_MAX 251 290#define SADB_AALG_MAX 251
290 291
diff --git a/include/net/irda/irlan_filter.h b/include/net/irda/irlan_filter.h
index 492dedaa8ac1..1720539ac2c1 100644
--- a/include/net/irda/irlan_filter.h
+++ b/include/net/irda/irlan_filter.h
@@ -28,6 +28,8 @@
28void irlan_check_command_param(struct irlan_cb *self, char *param, 28void irlan_check_command_param(struct irlan_cb *self, char *param,
29 char *value); 29 char *value);
30void irlan_filter_request(struct irlan_cb *self, struct sk_buff *skb); 30void irlan_filter_request(struct irlan_cb *self, struct sk_buff *skb);
31#ifdef CONFIG_PROC_FS
31void irlan_print_filter(struct seq_file *seq, int filter_type); 32void irlan_print_filter(struct seq_file *seq, int filter_type);
33#endif
32 34
33#endif /* IRLAN_FILTER_H */ 35#endif /* IRLAN_FILTER_H */
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 15ec19dcf9c8..e4765413cf80 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -392,6 +392,20 @@ extern int xfrm_unregister_km(struct xfrm_mgr *km);
392 392
393extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2]; 393extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
394 394
395/* Audit Information */
396struct xfrm_audit
397{
398 uid_t loginuid;
399 u32 secid;
400};
401
402#ifdef CONFIG_AUDITSYSCALL
403extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
404 struct xfrm_policy *xp, struct xfrm_state *x);
405#else
406#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
407#endif /* CONFIG_AUDITSYSCALL */
408
395static inline void xfrm_pol_hold(struct xfrm_policy *policy) 409static inline void xfrm_pol_hold(struct xfrm_policy *policy)
396{ 410{
397 if (likely(policy != NULL)) 411 if (likely(policy != NULL))
@@ -906,7 +920,7 @@ static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **s
906#endif 920#endif
907extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); 921extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
908extern int xfrm_state_delete(struct xfrm_state *x); 922extern int xfrm_state_delete(struct xfrm_state *x);
909extern void xfrm_state_flush(u8 proto); 923extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info);
910extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); 924extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq);
911extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); 925extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
912extern void xfrm_replay_notify(struct xfrm_state *x, int event); 926extern void xfrm_replay_notify(struct xfrm_state *x, int event);
@@ -959,13 +973,13 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
959 struct xfrm_selector *sel, 973 struct xfrm_selector *sel,
960 struct xfrm_sec_ctx *ctx, int delete); 974 struct xfrm_sec_ctx *ctx, int delete);
961struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete); 975struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete);
962void xfrm_policy_flush(u8 type); 976void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info);
963u32 xfrm_get_acqseq(void); 977u32 xfrm_get_acqseq(void);
964void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi); 978void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi);
965struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 979struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
966 xfrm_address_t *daddr, xfrm_address_t *saddr, 980 xfrm_address_t *daddr, xfrm_address_t *saddr,
967 int create, unsigned short family); 981 int create, unsigned short family);
968extern void xfrm_policy_flush(u8 type); 982extern void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info);
969extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 983extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
970extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, 984extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
971 struct flowi *fl, int family, int strict); 985 struct flowi *fl, int family, int strict);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ab97e5101232..40722e26de98 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -731,7 +731,7 @@ static inline void audit_free_context(struct audit_context *context)
731 printk(KERN_ERR "audit: freed %d contexts\n", count); 731 printk(KERN_ERR "audit: freed %d contexts\n", count);
732} 732}
733 733
734static void audit_log_task_context(struct audit_buffer *ab) 734void audit_log_task_context(struct audit_buffer *ab)
735{ 735{
736 char *ctx = NULL; 736 char *ctx = NULL;
737 ssize_t len = 0; 737 ssize_t len = 0;
@@ -760,6 +760,8 @@ error_path:
760 return; 760 return;
761} 761}
762 762
763EXPORT_SYMBOL(audit_log_task_context);
764
763static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 765static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
764{ 766{
765 char name[sizeof(tsk->comm)]; 767 char name[sizeof(tsk->comm)];
@@ -1488,6 +1490,8 @@ uid_t audit_get_loginuid(struct audit_context *ctx)
1488 return ctx ? ctx->loginuid : -1; 1490 return ctx ? ctx->loginuid : -1;
1489} 1491}
1490 1492
1493EXPORT_SYMBOL(audit_get_loginuid);
1494
1491/** 1495/**
1492 * __audit_mq_open - record audit data for a POSIX MQ open 1496 * __audit_mq_open - record audit data for a POSIX MQ open
1493 * @oflag: open flag 1497 * @oflag: open flag
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index ac47ba2ba028..bd221ad52eaf 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -34,6 +34,7 @@
34#include <linux/netfilter_ipv6.h> 34#include <linux/netfilter_ipv6.h>
35#include <linux/netfilter_arp.h> 35#include <linux/netfilter_arp.h>
36#include <linux/in_route.h> 36#include <linux/in_route.h>
37#include <linux/inetdevice.h>
37 38
38#include <net/ip.h> 39#include <net/ip.h>
39#include <net/ipv6.h> 40#include <net/ipv6.h>
@@ -221,10 +222,14 @@ static void __br_dnat_complain(void)
221 * 222 *
222 * Otherwise, the packet is considered to be routed and we just 223 * Otherwise, the packet is considered to be routed and we just
223 * change the destination MAC address so that the packet will 224 * change the destination MAC address so that the packet will
224 * later be passed up to the IP stack to be routed. 225 * later be passed up to the IP stack to be routed. For a redirected
226 * packet, ip_route_input() will give back the localhost as output device,
227 * which differs from the bridge device.
225 * 228 *
226 * Let us now consider the case that ip_route_input() fails: 229 * Let us now consider the case that ip_route_input() fails:
227 * 230 *
231 * This can be because the destination address is martian, in which case
232 * the packet will be dropped.
228 * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input() 233 * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input()
229 * will fail, while __ip_route_output_key() will return success. The source 234 * will fail, while __ip_route_output_key() will return success. The source
230 * address for __ip_route_output_key() is set to zero, so __ip_route_output_key 235 * address for __ip_route_output_key() is set to zero, so __ip_route_output_key
@@ -237,7 +242,8 @@ static void __br_dnat_complain(void)
237 * 242 *
238 * --Lennert, 20020411 243 * --Lennert, 20020411
239 * --Bart, 20020416 (updated) 244 * --Bart, 20020416 (updated)
240 * --Bart, 20021007 (updated) */ 245 * --Bart, 20021007 (updated)
246 * --Bart, 20062711 (updated) */
241static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) 247static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
242{ 248{
243 if (skb->pkt_type == PACKET_OTHERHOST) { 249 if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -264,15 +270,15 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
264 struct net_device *dev = skb->dev; 270 struct net_device *dev = skb->dev;
265 struct iphdr *iph = skb->nh.iph; 271 struct iphdr *iph = skb->nh.iph;
266 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 272 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
273 int err;
267 274
268 if (nf_bridge->mask & BRNF_PKT_TYPE) { 275 if (nf_bridge->mask & BRNF_PKT_TYPE) {
269 skb->pkt_type = PACKET_OTHERHOST; 276 skb->pkt_type = PACKET_OTHERHOST;
270 nf_bridge->mask ^= BRNF_PKT_TYPE; 277 nf_bridge->mask ^= BRNF_PKT_TYPE;
271 } 278 }
272 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; 279 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
273
274 if (dnat_took_place(skb)) { 280 if (dnat_took_place(skb)) {
275 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev)) { 281 if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) {
276 struct rtable *rt; 282 struct rtable *rt;
277 struct flowi fl = { 283 struct flowi fl = {
278 .nl_u = { 284 .nl_u = {
@@ -283,19 +289,33 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
283 }, 289 },
284 .proto = 0, 290 .proto = 0,
285 }; 291 };
292 struct in_device *in_dev = in_dev_get(dev);
293
294 /* If err equals -EHOSTUNREACH the error is due to a
295 * martian destination or due to the fact that
296 * forwarding is disabled. For most martian packets,
297 * ip_route_output_key() will fail. It won't fail for 2 types of
298 * martian destinations: loopback destinations and destination
299 * 0.0.0.0. In both cases the packet will be dropped because the
300 * destination is the loopback device and not the bridge. */
301 if (err != -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev))
302 goto free_skb;
286 303
287 if (!ip_route_output_key(&rt, &fl)) { 304 if (!ip_route_output_key(&rt, &fl)) {
288 /* - Bridged-and-DNAT'ed traffic doesn't 305 /* - Bridged-and-DNAT'ed traffic doesn't
289 * require ip_forwarding. 306 * require ip_forwarding. */
290 * - Deal with redirected traffic. */ 307 if (((struct dst_entry *)rt)->dev == dev) {
291 if (((struct dst_entry *)rt)->dev == dev ||
292 rt->rt_type == RTN_LOCAL) {
293 skb->dst = (struct dst_entry *)rt; 308 skb->dst = (struct dst_entry *)rt;
294 goto bridged_dnat; 309 goto bridged_dnat;
295 } 310 }
311 /* we are sure that forwarding is disabled, so printing
312 * this message is no problem. Note that the packet could
313 * still have a martian destination address, in which case
314 * the packet could be dropped even if forwarding were enabled */
296 __br_dnat_complain(); 315 __br_dnat_complain();
297 dst_release((struct dst_entry *)rt); 316 dst_release((struct dst_entry *)rt);
298 } 317 }
318free_skb:
299 kfree_skb(skb); 319 kfree_skb(skb);
300 return 0; 320 return 0;
301 } else { 321 } else {
diff --git a/net/core/wireless.c b/net/core/wireless.c
index cb1b8728d7ee..f69ab7b4408e 100644
--- a/net/core/wireless.c
+++ b/net/core/wireless.c
@@ -2130,7 +2130,7 @@ int iw_handler_set_spy(struct net_device * dev,
2130 * The rtnl_lock() make sure we don't race with the other iw_handlers. 2130 * The rtnl_lock() make sure we don't race with the other iw_handlers.
2131 * This make sure wireless_spy_update() "see" that the spy list 2131 * This make sure wireless_spy_update() "see" that the spy list
2132 * is temporarily disabled. */ 2132 * is temporarily disabled. */
2133 wmb(); 2133 smp_wmb();
2134 2134
2135 /* Are there are addresses to copy? */ 2135 /* Are there are addresses to copy? */
2136 if(wrqu->data.length > 0) { 2136 if(wrqu->data.length > 0) {
@@ -2159,7 +2159,7 @@ int iw_handler_set_spy(struct net_device * dev,
2159 } 2159 }
2160 2160
2161 /* Make sure above is updated before re-enabling */ 2161 /* Make sure above is updated before re-enabling */
2162 wmb(); 2162 smp_wmb();
2163 2163
2164 /* Enable addresses */ 2164 /* Enable addresses */
2165 spydata->spy_number = wrqu->data.length; 2165 spydata->spy_number = wrqu->data.length;
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index e28330aa4139..9f414e35c488 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -178,7 +178,6 @@ void inet_twdr_hangman(unsigned long data)
178 need_timer = 0; 178 need_timer = 0;
179 if (inet_twdr_do_twkill_work(twdr, twdr->slot)) { 179 if (inet_twdr_do_twkill_work(twdr, twdr->slot)) {
180 twdr->thread_slots |= (1 << twdr->slot); 180 twdr->thread_slots |= (1 << twdr->slot);
181 mb();
182 schedule_work(&twdr->twkill_work); 181 schedule_work(&twdr->twkill_work);
183 need_timer = 1; 182 need_timer = 1;
184 } else { 183 } else {
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 413c2d0a1f3d..71b76ade00e1 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -375,6 +375,13 @@ static int mark_source_chains(struct xt_table_info *newinfo,
375 && unconditional(&e->arp)) { 375 && unconditional(&e->arp)) {
376 unsigned int oldpos, size; 376 unsigned int oldpos, size;
377 377
378 if (t->verdict < -NF_MAX_VERDICT - 1) {
379 duprintf("mark_source_chains: bad "
380 "negative verdict (%i)\n",
381 t->verdict);
382 return 0;
383 }
384
378 /* Return: backtrack through the last 385 /* Return: backtrack through the last
379 * big jump. 386 * big jump.
380 */ 387 */
@@ -404,6 +411,14 @@ static int mark_source_chains(struct xt_table_info *newinfo,
404 if (strcmp(t->target.u.user.name, 411 if (strcmp(t->target.u.user.name,
405 ARPT_STANDARD_TARGET) == 0 412 ARPT_STANDARD_TARGET) == 0
406 && newpos >= 0) { 413 && newpos >= 0) {
414 if (newpos > newinfo->size -
415 sizeof(struct arpt_entry)) {
416 duprintf("mark_source_chains: "
417 "bad verdict (%i)\n",
418 newpos);
419 return 0;
420 }
421
407 /* This a jump; chase it. */ 422 /* This a jump; chase it. */
408 duprintf("Jump rule %u -> %u\n", 423 duprintf("Jump rule %u -> %u\n",
409 pos, newpos); 424 pos, newpos);
@@ -426,8 +441,6 @@ static int mark_source_chains(struct xt_table_info *newinfo,
426static inline int standard_check(const struct arpt_entry_target *t, 441static inline int standard_check(const struct arpt_entry_target *t,
427 unsigned int max_offset) 442 unsigned int max_offset)
428{ 443{
429 struct arpt_standard_target *targ = (void *)t;
430
431 /* Check standard info. */ 444 /* Check standard info. */
432 if (t->u.target_size 445 if (t->u.target_size
433 != ARPT_ALIGN(sizeof(struct arpt_standard_target))) { 446 != ARPT_ALIGN(sizeof(struct arpt_standard_target))) {
@@ -437,18 +450,6 @@ static inline int standard_check(const struct arpt_entry_target *t,
437 return 0; 450 return 0;
438 } 451 }
439 452
440 if (targ->verdict >= 0
441 && targ->verdict > max_offset - sizeof(struct arpt_entry)) {
442 duprintf("arpt_standard_check: bad verdict (%i)\n",
443 targ->verdict);
444 return 0;
445 }
446
447 if (targ->verdict < -NF_MAX_VERDICT - 1) {
448 duprintf("arpt_standard_check: bad negative verdict (%i)\n",
449 targ->verdict);
450 return 0;
451 }
452 return 1; 453 return 1;
453} 454}
454 455
@@ -627,18 +628,20 @@ static int translate_table(const char *name,
627 } 628 }
628 } 629 }
629 630
631 if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
632 duprintf("Looping hook\n");
633 return -ELOOP;
634 }
635
630 /* Finally, each sanity check must pass */ 636 /* Finally, each sanity check must pass */
631 i = 0; 637 i = 0;
632 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size, 638 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
633 check_entry, name, size, &i); 639 check_entry, name, size, &i);
634 640
635 if (ret != 0) 641 if (ret != 0) {
636 goto cleanup; 642 ARPT_ENTRY_ITERATE(entry0, newinfo->size,
637 643 cleanup_entry, &i);
638 ret = -ELOOP; 644 return ret;
639 if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
640 duprintf("Looping hook\n");
641 goto cleanup;
642 } 645 }
643 646
644 /* And one copy for every other CPU */ 647 /* And one copy for every other CPU */
@@ -647,9 +650,6 @@ static int translate_table(const char *name,
647 memcpy(newinfo->entries[i], entry0, newinfo->size); 650 memcpy(newinfo->entries[i], entry0, newinfo->size);
648 } 651 }
649 652
650 return 0;
651cleanup:
652 ARPT_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
653 return ret; 653 return ret;
654} 654}
655 655
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 8a455439b128..0ff2956d35e5 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -401,6 +401,13 @@ mark_source_chains(struct xt_table_info *newinfo,
401 && unconditional(&e->ip)) { 401 && unconditional(&e->ip)) {
402 unsigned int oldpos, size; 402 unsigned int oldpos, size;
403 403
404 if (t->verdict < -NF_MAX_VERDICT - 1) {
405 duprintf("mark_source_chains: bad "
406 "negative verdict (%i)\n",
407 t->verdict);
408 return 0;
409 }
410
404 /* Return: backtrack through the last 411 /* Return: backtrack through the last
405 big jump. */ 412 big jump. */
406 do { 413 do {
@@ -438,6 +445,13 @@ mark_source_chains(struct xt_table_info *newinfo,
438 if (strcmp(t->target.u.user.name, 445 if (strcmp(t->target.u.user.name,
439 IPT_STANDARD_TARGET) == 0 446 IPT_STANDARD_TARGET) == 0
440 && newpos >= 0) { 447 && newpos >= 0) {
448 if (newpos > newinfo->size -
449 sizeof(struct ipt_entry)) {
450 duprintf("mark_source_chains: "
451 "bad verdict (%i)\n",
452 newpos);
453 return 0;
454 }
441 /* This a jump; chase it. */ 455 /* This a jump; chase it. */
442 duprintf("Jump rule %u -> %u\n", 456 duprintf("Jump rule %u -> %u\n",
443 pos, newpos); 457 pos, newpos);
@@ -470,27 +484,6 @@ cleanup_match(struct ipt_entry_match *m, unsigned int *i)
470} 484}
471 485
472static inline int 486static inline int
473standard_check(const struct ipt_entry_target *t,
474 unsigned int max_offset)
475{
476 struct ipt_standard_target *targ = (void *)t;
477
478 /* Check standard info. */
479 if (targ->verdict >= 0
480 && targ->verdict > max_offset - sizeof(struct ipt_entry)) {
481 duprintf("ipt_standard_check: bad verdict (%i)\n",
482 targ->verdict);
483 return 0;
484 }
485 if (targ->verdict < -NF_MAX_VERDICT - 1) {
486 duprintf("ipt_standard_check: bad negative verdict (%i)\n",
487 targ->verdict);
488 return 0;
489 }
490 return 1;
491}
492
493static inline int
494check_match(struct ipt_entry_match *m, 487check_match(struct ipt_entry_match *m,
495 const char *name, 488 const char *name,
496 const struct ipt_ip *ip, 489 const struct ipt_ip *ip,
@@ -576,12 +569,7 @@ check_entry(struct ipt_entry *e, const char *name, unsigned int size,
576 if (ret) 569 if (ret)
577 goto err; 570 goto err;
578 571
579 if (t->u.kernel.target == &ipt_standard_target) { 572 if (t->u.kernel.target->checkentry
580 if (!standard_check(t, size)) {
581 ret = -EINVAL;
582 goto err;
583 }
584 } else if (t->u.kernel.target->checkentry
585 && !t->u.kernel.target->checkentry(name, e, target, t->data, 573 && !t->u.kernel.target->checkentry(name, e, target, t->data,
586 e->comefrom)) { 574 e->comefrom)) {
587 duprintf("ip_tables: check failed for `%s'.\n", 575 duprintf("ip_tables: check failed for `%s'.\n",
@@ -718,17 +706,19 @@ translate_table(const char *name,
718 } 706 }
719 } 707 }
720 708
709 if (!mark_source_chains(newinfo, valid_hooks, entry0))
710 return -ELOOP;
711
721 /* Finally, each sanity check must pass */ 712 /* Finally, each sanity check must pass */
722 i = 0; 713 i = 0;
723 ret = IPT_ENTRY_ITERATE(entry0, newinfo->size, 714 ret = IPT_ENTRY_ITERATE(entry0, newinfo->size,
724 check_entry, name, size, &i); 715 check_entry, name, size, &i);
725 716
726 if (ret != 0) 717 if (ret != 0) {
727 goto cleanup; 718 IPT_ENTRY_ITERATE(entry0, newinfo->size,
728 719 cleanup_entry, &i);
729 ret = -ELOOP; 720 return ret;
730 if (!mark_source_chains(newinfo, valid_hooks, entry0)) 721 }
731 goto cleanup;
732 722
733 /* And one copy for every other CPU */ 723 /* And one copy for every other CPU */
734 for_each_possible_cpu(i) { 724 for_each_possible_cpu(i) {
@@ -736,9 +726,6 @@ translate_table(const char *name,
736 memcpy(newinfo->entries[i], entry0, newinfo->size); 726 memcpy(newinfo->entries[i], entry0, newinfo->size);
737 } 727 }
738 728
739 return 0;
740cleanup:
741 IPT_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
742 return ret; 729 return ret;
743} 730}
744 731
@@ -1529,25 +1516,8 @@ static inline int compat_copy_match_from_user(struct ipt_entry_match *m,
1529 void **dstptr, compat_uint_t *size, const char *name, 1516 void **dstptr, compat_uint_t *size, const char *name,
1530 const struct ipt_ip *ip, unsigned int hookmask) 1517 const struct ipt_ip *ip, unsigned int hookmask)
1531{ 1518{
1532 struct ipt_entry_match *dm;
1533 struct ipt_match *match;
1534 int ret;
1535
1536 dm = (struct ipt_entry_match *)*dstptr;
1537 match = m->u.kernel.match;
1538 xt_compat_match_from_user(m, dstptr, size); 1519 xt_compat_match_from_user(m, dstptr, size);
1539 1520 return 0;
1540 ret = xt_check_match(match, AF_INET, dm->u.match_size - sizeof(*dm),
1541 name, hookmask, ip->proto,
1542 ip->invflags & IPT_INV_PROTO);
1543 if (!ret && m->u.kernel.match->checkentry
1544 && !m->u.kernel.match->checkentry(name, ip, match, dm->data,
1545 hookmask)) {
1546 duprintf("ip_tables: check failed for `%s'.\n",
1547 m->u.kernel.match->name);
1548 ret = -EINVAL;
1549 }
1550 return ret;
1551} 1521}
1552 1522
1553static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, 1523static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
@@ -1569,7 +1539,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1569 ret = IPT_MATCH_ITERATE(e, compat_copy_match_from_user, dstptr, size, 1539 ret = IPT_MATCH_ITERATE(e, compat_copy_match_from_user, dstptr, size,
1570 name, &de->ip, de->comefrom); 1540 name, &de->ip, de->comefrom);
1571 if (ret) 1541 if (ret)
1572 goto err; 1542 return ret;
1573 de->target_offset = e->target_offset - (origsize - *size); 1543 de->target_offset = e->target_offset - (origsize - *size);
1574 t = ipt_get_target(e); 1544 t = ipt_get_target(e);
1575 target = t->u.kernel.target; 1545 target = t->u.kernel.target;
@@ -1582,31 +1552,62 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1582 if ((unsigned char *)de - base < newinfo->underflow[h]) 1552 if ((unsigned char *)de - base < newinfo->underflow[h])
1583 newinfo->underflow[h] -= origsize - *size; 1553 newinfo->underflow[h] -= origsize - *size;
1584 } 1554 }
1555 return ret;
1556}
1557
1558static inline int compat_check_match(struct ipt_entry_match *m, const char *name,
1559 const struct ipt_ip *ip, unsigned int hookmask)
1560{
1561 struct ipt_match *match;
1562 int ret;
1563
1564 match = m->u.kernel.match;
1565 ret = xt_check_match(match, AF_INET, m->u.match_size - sizeof(*m),
1566 name, hookmask, ip->proto,
1567 ip->invflags & IPT_INV_PROTO);
1568 if (!ret && m->u.kernel.match->checkentry
1569 && !m->u.kernel.match->checkentry(name, ip, match, m->data,
1570 hookmask)) {
1571 duprintf("ip_tables: compat: check failed for `%s'.\n",
1572 m->u.kernel.match->name);
1573 ret = -EINVAL;
1574 }
1575 return ret;
1576}
1577
1578static inline int compat_check_target(struct ipt_entry *e, const char *name)
1579{
1580 struct ipt_entry_target *t;
1581 struct ipt_target *target;
1582 int ret;
1585 1583
1586 t = ipt_get_target(de); 1584 t = ipt_get_target(e);
1587 target = t->u.kernel.target; 1585 target = t->u.kernel.target;
1588 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t), 1586 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
1589 name, e->comefrom, e->ip.proto, 1587 name, e->comefrom, e->ip.proto,
1590 e->ip.invflags & IPT_INV_PROTO); 1588 e->ip.invflags & IPT_INV_PROTO);
1591 if (ret) 1589 if (!ret && t->u.kernel.target->checkentry
1592 goto err; 1590 && !t->u.kernel.target->checkentry(name, e, target,
1593 1591 t->data, e->comefrom)) {
1594 ret = -EINVAL;
1595 if (t->u.kernel.target == &ipt_standard_target) {
1596 if (!standard_check(t, *size))
1597 goto err;
1598 } else if (t->u.kernel.target->checkentry
1599 && !t->u.kernel.target->checkentry(name, de, target,
1600 t->data, de->comefrom)) {
1601 duprintf("ip_tables: compat: check failed for `%s'.\n", 1592 duprintf("ip_tables: compat: check failed for `%s'.\n",
1602 t->u.kernel.target->name); 1593 t->u.kernel.target->name);
1603 goto err; 1594 ret = -EINVAL;
1604 } 1595 }
1605 ret = 0;
1606err:
1607 return ret; 1596 return ret;
1608} 1597}
1609 1598
1599static inline int compat_check_entry(struct ipt_entry *e, const char *name)
1600{
1601 int ret;
1602
1603 ret = IPT_MATCH_ITERATE(e, compat_check_match, name, &e->ip,
1604 e->comefrom);
1605 if (ret)
1606 return ret;
1607
1608 return compat_check_target(e, name);
1609}
1610
1610static int 1611static int
1611translate_compat_table(const char *name, 1612translate_compat_table(const char *name,
1612 unsigned int valid_hooks, 1613 unsigned int valid_hooks,
@@ -1695,6 +1696,11 @@ translate_compat_table(const char *name,
1695 if (!mark_source_chains(newinfo, valid_hooks, entry1)) 1696 if (!mark_source_chains(newinfo, valid_hooks, entry1))
1696 goto free_newinfo; 1697 goto free_newinfo;
1697 1698
1699 ret = IPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,
1700 name);
1701 if (ret)
1702 goto free_newinfo;
1703
1698 /* And one copy for every other CPU */ 1704 /* And one copy for every other CPU */
1699 for_each_possible_cpu(i) 1705 for_each_possible_cpu(i)
1700 if (newinfo->entries[i] && newinfo->entries[i] != entry1) 1706 if (newinfo->entries[i] && newinfo->entries[i] != entry1)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 9f3924c4905e..11c167118e87 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1780,7 +1780,7 @@ static inline int __mkroute_input(struct sk_buff *skb,
1780#endif 1780#endif
1781 if (in_dev->cnf.no_policy) 1781 if (in_dev->cnf.no_policy)
1782 rth->u.dst.flags |= DST_NOPOLICY; 1782 rth->u.dst.flags |= DST_NOPOLICY;
1783 if (in_dev->cnf.no_xfrm) 1783 if (out_dev->cnf.no_xfrm)
1784 rth->u.dst.flags |= DST_NOXFRM; 1784 rth->u.dst.flags |= DST_NOXFRM;
1785 rth->fl.fl4_dst = daddr; 1785 rth->fl.fl4_dst = daddr;
1786 rth->rt_dst = daddr; 1786 rth->rt_dst = daddr;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 9304034c0c47..c701f6abbfc1 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4235,7 +4235,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
4235 * Change state from SYN-SENT only after copied_seq 4235 * Change state from SYN-SENT only after copied_seq
4236 * is initialized. */ 4236 * is initialized. */
4237 tp->copied_seq = tp->rcv_nxt; 4237 tp->copied_seq = tp->rcv_nxt;
4238 mb(); 4238 smp_mb();
4239 tcp_set_state(sk, TCP_ESTABLISHED); 4239 tcp_set_state(sk, TCP_ESTABLISHED);
4240 4240
4241 security_inet_conn_established(sk, skb); 4241 security_inet_conn_established(sk, skb);
@@ -4483,7 +4483,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
4483 case TCP_SYN_RECV: 4483 case TCP_SYN_RECV:
4484 if (acceptable) { 4484 if (acceptable) {
4485 tp->copied_seq = tp->rcv_nxt; 4485 tp->copied_seq = tp->rcv_nxt;
4486 mb(); 4486 smp_mb();
4487 tcp_set_state(sk, TCP_ESTABLISHED); 4487 tcp_set_state(sk, TCP_ESTABLISHED);
4488 sk->sk_state_change(sk); 4488 sk->sk_state_change(sk);
4489 4489
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index d4107bb701b5..fb9f69c616f5 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -274,6 +274,8 @@ static void xfrm4_dst_destroy(struct dst_entry *dst)
274 274
275 if (likely(xdst->u.rt.idev)) 275 if (likely(xdst->u.rt.idev))
276 in_dev_put(xdst->u.rt.idev); 276 in_dev_put(xdst->u.rt.idev);
277 if (likely(xdst->u.rt.peer))
278 inet_putpeer(xdst->u.rt.peer);
277 xfrm_dst_destroy(xdst); 279 xfrm_dst_destroy(xdst);
278} 280}
279 281
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index e05ecbb1412d..e9212c7ff5cf 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -624,13 +624,13 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
624 skb_shinfo(skb)->frag_list = NULL; 624 skb_shinfo(skb)->frag_list = NULL;
625 /* BUILD HEADER */ 625 /* BUILD HEADER */
626 626
627 *prevhdr = NEXTHDR_FRAGMENT;
627 tmp_hdr = kmemdup(skb->nh.raw, hlen, GFP_ATOMIC); 628 tmp_hdr = kmemdup(skb->nh.raw, hlen, GFP_ATOMIC);
628 if (!tmp_hdr) { 629 if (!tmp_hdr) {
629 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 630 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
630 return -ENOMEM; 631 return -ENOMEM;
631 } 632 }
632 633
633 *prevhdr = NEXTHDR_FRAGMENT;
634 __skb_pull(skb, hlen); 634 __skb_pull(skb, hlen);
635 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 635 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
636 skb->nh.raw = __skb_push(skb, hlen); 636 skb->nh.raw = __skb_push(skb, hlen);
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f63fb86d7c7b..4eec4b3988b8 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -440,6 +440,13 @@ mark_source_chains(struct xt_table_info *newinfo,
440 && unconditional(&e->ipv6)) { 440 && unconditional(&e->ipv6)) {
441 unsigned int oldpos, size; 441 unsigned int oldpos, size;
442 442
443 if (t->verdict < -NF_MAX_VERDICT - 1) {
444 duprintf("mark_source_chains: bad "
445 "negative verdict (%i)\n",
446 t->verdict);
447 return 0;
448 }
449
443 /* Return: backtrack through the last 450 /* Return: backtrack through the last
444 big jump. */ 451 big jump. */
445 do { 452 do {
@@ -477,6 +484,13 @@ mark_source_chains(struct xt_table_info *newinfo,
477 if (strcmp(t->target.u.user.name, 484 if (strcmp(t->target.u.user.name,
478 IP6T_STANDARD_TARGET) == 0 485 IP6T_STANDARD_TARGET) == 0
479 && newpos >= 0) { 486 && newpos >= 0) {
487 if (newpos > newinfo->size -
488 sizeof(struct ip6t_entry)) {
489 duprintf("mark_source_chains: "
490 "bad verdict (%i)\n",
491 newpos);
492 return 0;
493 }
480 /* This a jump; chase it. */ 494 /* This a jump; chase it. */
481 duprintf("Jump rule %u -> %u\n", 495 duprintf("Jump rule %u -> %u\n",
482 pos, newpos); 496 pos, newpos);
@@ -509,27 +523,6 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i)
509} 523}
510 524
511static inline int 525static inline int
512standard_check(const struct ip6t_entry_target *t,
513 unsigned int max_offset)
514{
515 struct ip6t_standard_target *targ = (void *)t;
516
517 /* Check standard info. */
518 if (targ->verdict >= 0
519 && targ->verdict > max_offset - sizeof(struct ip6t_entry)) {
520 duprintf("ip6t_standard_check: bad verdict (%i)\n",
521 targ->verdict);
522 return 0;
523 }
524 if (targ->verdict < -NF_MAX_VERDICT - 1) {
525 duprintf("ip6t_standard_check: bad negative verdict (%i)\n",
526 targ->verdict);
527 return 0;
528 }
529 return 1;
530}
531
532static inline int
533check_match(struct ip6t_entry_match *m, 526check_match(struct ip6t_entry_match *m,
534 const char *name, 527 const char *name,
535 const struct ip6t_ip6 *ipv6, 528 const struct ip6t_ip6 *ipv6,
@@ -616,12 +609,7 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
616 if (ret) 609 if (ret)
617 goto err; 610 goto err;
618 611
619 if (t->u.kernel.target == &ip6t_standard_target) { 612 if (t->u.kernel.target->checkentry
620 if (!standard_check(t, size)) {
621 ret = -EINVAL;
622 goto err;
623 }
624 } else if (t->u.kernel.target->checkentry
625 && !t->u.kernel.target->checkentry(name, e, target, t->data, 613 && !t->u.kernel.target->checkentry(name, e, target, t->data,
626 e->comefrom)) { 614 e->comefrom)) {
627 duprintf("ip_tables: check failed for `%s'.\n", 615 duprintf("ip_tables: check failed for `%s'.\n",
@@ -758,17 +746,19 @@ translate_table(const char *name,
758 } 746 }
759 } 747 }
760 748
749 if (!mark_source_chains(newinfo, valid_hooks, entry0))
750 return -ELOOP;
751
761 /* Finally, each sanity check must pass */ 752 /* Finally, each sanity check must pass */
762 i = 0; 753 i = 0;
763 ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size, 754 ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size,
764 check_entry, name, size, &i); 755 check_entry, name, size, &i);
765 756
766 if (ret != 0) 757 if (ret != 0) {
767 goto cleanup; 758 IP6T_ENTRY_ITERATE(entry0, newinfo->size,
768 759 cleanup_entry, &i);
769 ret = -ELOOP; 760 return ret;
770 if (!mark_source_chains(newinfo, valid_hooks, entry0)) 761 }
771 goto cleanup;
772 762
773 /* And one copy for every other CPU */ 763 /* And one copy for every other CPU */
774 for_each_possible_cpu(i) { 764 for_each_possible_cpu(i) {
@@ -777,9 +767,6 @@ translate_table(const char *name,
777 } 767 }
778 768
779 return 0; 769 return 0;
780cleanup:
781 IP6T_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
782 return ret;
783} 770}
784 771
785/* Gets counters. */ 772/* Gets counters. */
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c2e629d6aea4..4ae1b19ada5d 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -854,7 +854,8 @@ back_from_confirm:
854 } 854 }
855done: 855done:
856 dst_release(dst); 856 dst_release(dst);
857 release_sock(sk); 857 if (!inet->hdrincl)
858 release_sock(sk);
858out: 859out:
859 fl6_sock_release(flowlabel); 860 fl6_sock_release(flowlabel);
860 return err<0?err:len; 861 return err<0?err:len;
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index 252f11012566..03504f3e4990 100644
--- a/net/irda/irttp.c
+++ b/net/irda/irttp.c
@@ -1100,7 +1100,7 @@ int irttp_connect_request(struct tsap_cb *self, __u8 dtsap_sel,
1100 return -ENOMEM; 1100 return -ENOMEM;
1101 1101
1102 /* Reserve space for MUX_CONTROL and LAP header */ 1102 /* Reserve space for MUX_CONTROL and LAP header */
1103 skb_reserve(tx_skb, TTP_MAX_HEADER); 1103 skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1104 } else { 1104 } else {
1105 tx_skb = userdata; 1105 tx_skb = userdata;
1106 /* 1106 /*
@@ -1349,7 +1349,7 @@ int irttp_connect_response(struct tsap_cb *self, __u32 max_sdu_size,
1349 return -ENOMEM; 1349 return -ENOMEM;
1350 1350
1351 /* Reserve space for MUX_CONTROL and LAP header */ 1351 /* Reserve space for MUX_CONTROL and LAP header */
1352 skb_reserve(tx_skb, TTP_MAX_HEADER); 1352 skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1353 } else { 1353 } else {
1354 tx_skb = userdata; 1354 tx_skb = userdata;
1355 /* 1355 /*
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 0e1dbfbb9b10..5dd5094659a1 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -27,6 +27,7 @@
27#include <linux/proc_fs.h> 27#include <linux/proc_fs.h>
28#include <linux/init.h> 28#include <linux/init.h>
29#include <net/xfrm.h> 29#include <net/xfrm.h>
30#include <linux/audit.h>
30 31
31#include <net/sock.h> 32#include <net/sock.h>
32 33
@@ -1420,6 +1421,9 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1420 else 1421 else
1421 err = xfrm_state_update(x); 1422 err = xfrm_state_update(x);
1422 1423
1424 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1425 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x);
1426
1423 if (err < 0) { 1427 if (err < 0) {
1424 x->km.state = XFRM_STATE_DEAD; 1428 x->km.state = XFRM_STATE_DEAD;
1425 __xfrm_state_put(x); 1429 __xfrm_state_put(x);
@@ -1460,8 +1464,12 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1460 err = -EPERM; 1464 err = -EPERM;
1461 goto out; 1465 goto out;
1462 } 1466 }
1463 1467
1464 err = xfrm_state_delete(x); 1468 err = xfrm_state_delete(x);
1469
1470 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1471 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
1472
1465 if (err < 0) 1473 if (err < 0)
1466 goto out; 1474 goto out;
1467 1475
@@ -1637,12 +1645,15 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1637{ 1645{
1638 unsigned proto; 1646 unsigned proto;
1639 struct km_event c; 1647 struct km_event c;
1648 struct xfrm_audit audit_info;
1640 1649
1641 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1650 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1642 if (proto == 0) 1651 if (proto == 0)
1643 return -EINVAL; 1652 return -EINVAL;
1644 1653
1645 xfrm_state_flush(proto); 1654 audit_info.loginuid = audit_get_loginuid(current->audit_context);
1655 audit_info.secid = 0;
1656 xfrm_state_flush(proto, &audit_info);
1646 c.data.proto = proto; 1657 c.data.proto = proto;
1647 c.seq = hdr->sadb_msg_seq; 1658 c.seq = hdr->sadb_msg_seq;
1648 c.pid = hdr->sadb_msg_pid; 1659 c.pid = hdr->sadb_msg_pid;
@@ -2205,6 +2216,9 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2205 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, 2216 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2206 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2217 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2207 2218
2219 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2220 AUDIT_MAC_IPSEC_ADDSPD, err ? 0 : 1, xp, NULL);
2221
2208 if (err) 2222 if (err)
2209 goto out; 2223 goto out;
2210 2224
@@ -2282,6 +2296,10 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2282 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2283 &sel, tmp.security, 1); 2297 &sel, tmp.security, 1);
2284 security_xfrm_policy_free(&tmp); 2298 security_xfrm_policy_free(&tmp);
2299
2300 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2301 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
2302
2285 if (xp == NULL) 2303 if (xp == NULL)
2286 return -ENOENT; 2304 return -ENOENT;
2287 2305
@@ -2416,8 +2434,11 @@ static int key_notify_policy_flush(struct km_event *c)
2416static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2434static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2417{ 2435{
2418 struct km_event c; 2436 struct km_event c;
2437 struct xfrm_audit audit_info;
2419 2438
2420 xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN); 2439 audit_info.loginuid = audit_get_loginuid(current->audit_context);
2440 audit_info.secid = 0;
2441 xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2421 c.data.type = XFRM_POLICY_TYPE_MAIN; 2442 c.data.type = XFRM_POLICY_TYPE_MAIN;
2422 c.event = XFRM_MSG_FLUSHPOLICY; 2443 c.event = XFRM_MSG_FLUSHPOLICY;
2423 c.pid = hdr->sadb_msg_pid; 2444 c.pid = hdr->sadb_msg_pid;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index a9638ff52a72..9b02ec4012fb 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1093,7 +1093,7 @@ static void free_conntrack_hash(struct list_head *hash, int vmalloced, int size)
1093 get_order(sizeof(struct list_head) * size)); 1093 get_order(sizeof(struct list_head) * size));
1094} 1094}
1095 1095
1096void nf_conntrack_flush() 1096void nf_conntrack_flush(void)
1097{ 1097{
1098 nf_ct_iterate_cleanup(kill_all, NULL); 1098 nf_ct_iterate_cleanup(kill_all, NULL);
1099} 1099}
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index c20f901fa177..9cbf926cdd14 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -91,25 +91,28 @@ EXPORT_SYMBOL_GPL(nf_conntrack_expect_find_get);
91struct nf_conntrack_expect * 91struct nf_conntrack_expect *
92find_expectation(const struct nf_conntrack_tuple *tuple) 92find_expectation(const struct nf_conntrack_tuple *tuple)
93{ 93{
94 struct nf_conntrack_expect *i; 94 struct nf_conntrack_expect *exp;
95
96 exp = __nf_conntrack_expect_find(tuple);
97 if (!exp)
98 return NULL;
95 99
96 list_for_each_entry(i, &nf_conntrack_expect_list, list) {
97 /* If master is not in hash table yet (ie. packet hasn't left 100 /* If master is not in hash table yet (ie. packet hasn't left
98 this machine yet), how can other end know about expected? 101 this machine yet), how can other end know about expected?
99 Hence these are not the droids you are looking for (if 102 Hence these are not the droids you are looking for (if
100 master ct never got confirmed, we'd hold a reference to it 103 master ct never got confirmed, we'd hold a reference to it
101 and weird things would happen to future packets). */ 104 and weird things would happen to future packets). */
102 if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask) 105 if (!nf_ct_is_confirmed(exp->master))
103 && nf_ct_is_confirmed(i->master)) { 106 return NULL;
104 if (i->flags & NF_CT_EXPECT_PERMANENT) { 107
105 atomic_inc(&i->use); 108 if (exp->flags & NF_CT_EXPECT_PERMANENT) {
106 return i; 109 atomic_inc(&exp->use);
107 } else if (del_timer(&i->timeout)) { 110 return exp;
108 nf_ct_unlink_expect(i); 111 } else if (del_timer(&exp->timeout)) {
109 return i; 112 nf_ct_unlink_expect(exp);
110 } 113 return exp;
111 }
112 } 114 }
115
113 return NULL; 116 return NULL;
114} 117}
115 118
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index b9b03747c1f3..548e4e6e698f 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -143,6 +143,13 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops)
143 goto errout; 143 goto errout;
144 } 144 }
145 145
146 if (ops->dumpit)
147 ops->flags |= GENL_CMD_CAP_DUMP;
148 if (ops->doit)
149 ops->flags |= GENL_CMD_CAP_DO;
150 if (ops->policy)
151 ops->flags |= GENL_CMD_CAP_HASPOL;
152
146 genl_lock(); 153 genl_lock();
147 list_add_tail(&ops->ops_list, &family->ops_list); 154 list_add_tail(&ops->ops_list, &family->ops_list);
148 genl_unlock(); 155 genl_unlock();
@@ -387,7 +394,7 @@ static void genl_rcv(struct sock *sk, int len)
387static struct genl_family genl_ctrl = { 394static struct genl_family genl_ctrl = {
388 .id = GENL_ID_CTRL, 395 .id = GENL_ID_CTRL,
389 .name = "nlctrl", 396 .name = "nlctrl",
390 .version = 0x1, 397 .version = 0x2,
391 .maxattr = CTRL_ATTR_MAX, 398 .maxattr = CTRL_ATTR_MAX,
392}; 399};
393 400
@@ -425,15 +432,6 @@ static int ctrl_fill_info(struct genl_family *family, u32 pid, u32 seq,
425 NLA_PUT_U32(skb, CTRL_ATTR_OP_ID, ops->cmd); 432 NLA_PUT_U32(skb, CTRL_ATTR_OP_ID, ops->cmd);
426 NLA_PUT_U32(skb, CTRL_ATTR_OP_FLAGS, ops->flags); 433 NLA_PUT_U32(skb, CTRL_ATTR_OP_FLAGS, ops->flags);
427 434
428 if (ops->policy)
429 NLA_PUT_FLAG(skb, CTRL_ATTR_OP_POLICY);
430
431 if (ops->doit)
432 NLA_PUT_FLAG(skb, CTRL_ATTR_OP_DOIT);
433
434 if (ops->dumpit)
435 NLA_PUT_FLAG(skb, CTRL_ATTR_OP_DUMPIT);
436
437 nla_nest_end(skb, nest); 435 nla_nest_end(skb, nest);
438 } 436 }
439 437
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 08e68b67bbf6..da73e8a8c18d 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -660,7 +660,7 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
660 sll->sll_ifindex = dev->ifindex; 660 sll->sll_ifindex = dev->ifindex;
661 661
662 h->tp_status = status; 662 h->tp_status = status;
663 mb(); 663 smp_mb();
664 664
665 { 665 {
666 struct page *p_start, *p_end; 666 struct page *p_start, *p_end;
diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c
index f59a2c4aa039..c797d6ada7de 100644
--- a/net/sched/cls_fw.c
+++ b/net/sched/cls_fw.c
@@ -101,9 +101,10 @@ static int fw_classify(struct sk_buff *skb, struct tcf_proto *tp,
101 struct fw_head *head = (struct fw_head*)tp->root; 101 struct fw_head *head = (struct fw_head*)tp->root;
102 struct fw_filter *f; 102 struct fw_filter *f;
103 int r; 103 int r;
104 u32 id = skb->mark & head->mask; 104 u32 id = skb->mark;
105 105
106 if (head != NULL) { 106 if (head != NULL) {
107 id &= head->mask;
107 for (f=head->ht[fw_hash(id)]; f; f=f->next) { 108 for (f=head->ht[fw_hash(id)]; f; f=f->next) {
108 if (f->id == id) { 109 if (f->id == id) {
109 *res = f->res; 110 *res = f->res;
diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c
index 316211d9f17d..769cdd62c1bb 100644
--- a/net/wanrouter/wanmain.c
+++ b/net/wanrouter/wanmain.c
@@ -62,63 +62,6 @@
62 62
63#define KMEM_SAFETYZONE 8 63#define KMEM_SAFETYZONE 8
64 64
65/***********FOR DEBUGGING PURPOSES*********************************************
66static void * dbg_kmalloc(unsigned int size, int prio, int line) {
67 int i = 0;
68 void * v = kmalloc(size+sizeof(unsigned int)+2*KMEM_SAFETYZONE*8,prio);
69 char * c1 = v;
70 c1 += sizeof(unsigned int);
71 *((unsigned int *)v) = size;
72
73 for (i = 0; i < KMEM_SAFETYZONE; i++) {
74 c1[0] = 'D'; c1[1] = 'E'; c1[2] = 'A'; c1[3] = 'D';
75 c1[4] = 'B'; c1[5] = 'E'; c1[6] = 'E'; c1[7] = 'F';
76 c1 += 8;
77 }
78 c1 += size;
79 for (i = 0; i < KMEM_SAFETYZONE; i++) {
80 c1[0] = 'M'; c1[1] = 'U'; c1[2] = 'N'; c1[3] = 'G';
81 c1[4] = 'W'; c1[5] = 'A'; c1[6] = 'L'; c1[7] = 'L';
82 c1 += 8;
83 }
84 v = ((char *)v) + sizeof(unsigned int) + KMEM_SAFETYZONE*8;
85 printk(KERN_INFO "line %d kmalloc(%d,%d) = %p\n",line,size,prio,v);
86 return v;
87}
88static void dbg_kfree(void * v, int line) {
89 unsigned int * sp = (unsigned int *)(((char *)v) - (sizeof(unsigned int) + KMEM_SAFETYZONE*8));
90 unsigned int size = *sp;
91 char * c1 = ((char *)v) - KMEM_SAFETYZONE*8;
92 int i = 0;
93 for (i = 0; i < KMEM_SAFETYZONE; i++) {
94 if ( c1[0] != 'D' || c1[1] != 'E' || c1[2] != 'A' || c1[3] != 'D'
95 || c1[4] != 'B' || c1[5] != 'E' || c1[6] != 'E' || c1[7] != 'F') {
96 printk(KERN_INFO "kmalloced block at %p has been corrupted (underrun)!\n",v);
97 printk(KERN_INFO " %4x: %2x %2x %2x %2x %2x %2x %2x %2x\n", i*8,
98 c1[0],c1[1],c1[2],c1[3],c1[4],c1[5],c1[6],c1[7] );
99 }
100 c1 += 8;
101 }
102 c1 += size;
103 for (i = 0; i < KMEM_SAFETYZONE; i++) {
104 if ( c1[0] != 'M' || c1[1] != 'U' || c1[2] != 'N' || c1[3] != 'G'
105 || c1[4] != 'W' || c1[5] != 'A' || c1[6] != 'L' || c1[7] != 'L'
106 ) {
107 printk(KERN_INFO "kmalloced block at %p has been corrupted (overrun):\n",v);
108 printk(KERN_INFO " %4x: %2x %2x %2x %2x %2x %2x %2x %2x\n", i*8,
109 c1[0],c1[1],c1[2],c1[3],c1[4],c1[5],c1[6],c1[7] );
110 }
111 c1 += 8;
112 }
113 printk(KERN_INFO "line %d kfree(%p)\n",line,v);
114 v = ((char *)v) - (sizeof(unsigned int) + KMEM_SAFETYZONE*8);
115 kfree(v);
116}
117
118#define kmalloc(x,y) dbg_kmalloc(x,y,__LINE__)
119#define kfree(x) dbg_kfree(x,__LINE__)
120*****************************************************************************/
121
122/* 65/*
123 * Function Prototypes 66 * Function Prototypes
124 */ 67 */
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 5a0dbeb6bbe8..6b381fc0383d 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -119,6 +119,23 @@ static struct xfrm_algo_desc aalg_list[] = {
119 .sadb_alg_maxbits = 160 119 .sadb_alg_maxbits = 160
120 } 120 }
121}, 121},
122{
123 .name = "xcbc(aes)",
124
125 .uinfo = {
126 .auth = {
127 .icv_truncbits = 96,
128 .icv_fullbits = 128,
129 }
130 },
131
132 .desc = {
133 .sadb_alg_id = SADB_X_AALG_AES_XCBC_MAC,
134 .sadb_alg_ivlen = 0,
135 .sadb_alg_minbits = 128,
136 .sadb_alg_maxbits = 128
137 }
138},
122}; 139};
123 140
124static struct xfrm_algo_desc ealg_list[] = { 141static struct xfrm_algo_desc ealg_list[] = {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 3f3f563eb4ab..bebd40e5a62e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -25,6 +25,7 @@
25#include <linux/cache.h> 25#include <linux/cache.h>
26#include <net/xfrm.h> 26#include <net/xfrm.h>
27#include <net/ip.h> 27#include <net/ip.h>
28#include <linux/audit.h>
28 29
29#include "xfrm_hash.h" 30#include "xfrm_hash.h"
30 31
@@ -804,7 +805,7 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
804} 805}
805EXPORT_SYMBOL(xfrm_policy_byid); 806EXPORT_SYMBOL(xfrm_policy_byid);
806 807
807void xfrm_policy_flush(u8 type) 808void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
808{ 809{
809 int dir; 810 int dir;
810 811
@@ -824,6 +825,9 @@ void xfrm_policy_flush(u8 type)
824 hlist_del(&pol->byidx); 825 hlist_del(&pol->byidx);
825 write_unlock_bh(&xfrm_policy_lock); 826 write_unlock_bh(&xfrm_policy_lock);
826 827
828 xfrm_audit_log(audit_info->loginuid, audit_info->secid,
829 AUDIT_MAC_IPSEC_DELSPD, 1, pol, NULL);
830
827 xfrm_policy_kill(pol); 831 xfrm_policy_kill(pol);
828 killed++; 832 killed++;
829 833
@@ -842,6 +846,11 @@ void xfrm_policy_flush(u8 type)
842 hlist_del(&pol->byidx); 846 hlist_del(&pol->byidx);
843 write_unlock_bh(&xfrm_policy_lock); 847 write_unlock_bh(&xfrm_policy_lock);
844 848
849 xfrm_audit_log(audit_info->loginuid,
850 audit_info->secid,
851 AUDIT_MAC_IPSEC_DELSPD, 1,
852 pol, NULL);
853
845 xfrm_policy_kill(pol); 854 xfrm_policy_kill(pol);
846 killed++; 855 killed++;
847 856
@@ -860,33 +869,12 @@ EXPORT_SYMBOL(xfrm_policy_flush);
860int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), 869int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*),
861 void *data) 870 void *data)
862{ 871{
863 struct xfrm_policy *pol; 872 struct xfrm_policy *pol, *last = NULL;
864 struct hlist_node *entry; 873 struct hlist_node *entry;
865 int dir, count, error; 874 int dir, last_dir = 0, count, error;
866 875
867 read_lock_bh(&xfrm_policy_lock); 876 read_lock_bh(&xfrm_policy_lock);
868 count = 0; 877 count = 0;
869 for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
870 struct hlist_head *table = xfrm_policy_bydst[dir].table;
871 int i;
872
873 hlist_for_each_entry(pol, entry,
874 &xfrm_policy_inexact[dir], bydst) {
875 if (pol->type == type)
876 count++;
877 }
878 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
879 hlist_for_each_entry(pol, entry, table + i, bydst) {
880 if (pol->type == type)
881 count++;
882 }
883 }
884 }
885
886 if (count == 0) {
887 error = -ENOENT;
888 goto out;
889 }
890 878
891 for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) { 879 for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
892 struct hlist_head *table = xfrm_policy_bydst[dir].table; 880 struct hlist_head *table = xfrm_policy_bydst[dir].table;
@@ -896,21 +884,37 @@ int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*)
896 &xfrm_policy_inexact[dir], bydst) { 884 &xfrm_policy_inexact[dir], bydst) {
897 if (pol->type != type) 885 if (pol->type != type)
898 continue; 886 continue;
899 error = func(pol, dir % XFRM_POLICY_MAX, --count, data); 887 if (last) {
900 if (error) 888 error = func(last, last_dir % XFRM_POLICY_MAX,
901 goto out; 889 count, data);
890 if (error)
891 goto out;
892 }
893 last = pol;
894 last_dir = dir;
895 count++;
902 } 896 }
903 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { 897 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
904 hlist_for_each_entry(pol, entry, table + i, bydst) { 898 hlist_for_each_entry(pol, entry, table + i, bydst) {
905 if (pol->type != type) 899 if (pol->type != type)
906 continue; 900 continue;
907 error = func(pol, dir % XFRM_POLICY_MAX, --count, data); 901 if (last) {
908 if (error) 902 error = func(last, last_dir % XFRM_POLICY_MAX,
909 goto out; 903 count, data);
904 if (error)
905 goto out;
906 }
907 last = pol;
908 last_dir = dir;
909 count++;
910 } 910 }
911 } 911 }
912 } 912 }
913 error = 0; 913 if (count == 0) {
914 error = -ENOENT;
915 goto out;
916 }
917 error = func(last, last_dir % XFRM_POLICY_MAX, 0, data);
914out: 918out:
915 read_unlock_bh(&xfrm_policy_lock); 919 read_unlock_bh(&xfrm_policy_lock);
916 return error; 920 return error;
@@ -1982,6 +1986,117 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1982 1986
1983EXPORT_SYMBOL(xfrm_bundle_ok); 1987EXPORT_SYMBOL(xfrm_bundle_ok);
1984 1988
1989#ifdef CONFIG_AUDITSYSCALL
1990/* Audit addition and deletion of SAs and ipsec policy */
1991
1992void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
1993 struct xfrm_policy *xp, struct xfrm_state *x)
1994{
1995
1996 char *secctx;
1997 u32 secctx_len;
1998 struct xfrm_sec_ctx *sctx = NULL;
1999 struct audit_buffer *audit_buf;
2000 int family;
2001 extern int audit_enabled;
2002
2003 if (audit_enabled == 0)
2004 return;
2005
2006 audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
2007 if (audit_buf == NULL)
2008 return;
2009
2010 switch(type) {
2011 case AUDIT_MAC_IPSEC_ADDSA:
2012 audit_log_format(audit_buf, "SAD add: auid=%u", auid);
2013 break;
2014 case AUDIT_MAC_IPSEC_DELSA:
2015 audit_log_format(audit_buf, "SAD delete: auid=%u", auid);
2016 break;
2017 case AUDIT_MAC_IPSEC_ADDSPD:
2018 audit_log_format(audit_buf, "SPD add: auid=%u", auid);
2019 break;
2020 case AUDIT_MAC_IPSEC_DELSPD:
2021 audit_log_format(audit_buf, "SPD delete: auid=%u", auid);
2022 break;
2023 default:
2024 return;
2025 }
2026
2027 if (sid != 0 &&
2028 security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
2029 audit_log_format(audit_buf, " subj=%s", secctx);
2030 else
2031 audit_log_task_context(audit_buf);
2032
2033 if (xp) {
2034 family = xp->selector.family;
2035 if (xp->security)
2036 sctx = xp->security;
2037 } else {
2038 family = x->props.family;
2039 if (x->security)
2040 sctx = x->security;
2041 }
2042
2043 if (sctx)
2044 audit_log_format(audit_buf,
2045 " sec_alg=%u sec_doi=%u sec_obj=%s",
2046 sctx->ctx_alg, sctx->ctx_doi, sctx->ctx_str);
2047
2048 switch(family) {
2049 case AF_INET:
2050 {
2051 struct in_addr saddr, daddr;
2052 if (xp) {
2053 saddr.s_addr = xp->selector.saddr.a4;
2054 daddr.s_addr = xp->selector.daddr.a4;
2055 } else {
2056 saddr.s_addr = x->props.saddr.a4;
2057 daddr.s_addr = x->id.daddr.a4;
2058 }
2059 audit_log_format(audit_buf,
2060 " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
2061 NIPQUAD(saddr), NIPQUAD(daddr));
2062 }
2063 break;
2064 case AF_INET6:
2065 {
2066 struct in6_addr saddr6, daddr6;
2067 if (xp) {
2068 memcpy(&saddr6, xp->selector.saddr.a6,
2069 sizeof(struct in6_addr));
2070 memcpy(&daddr6, xp->selector.daddr.a6,
2071 sizeof(struct in6_addr));
2072 } else {
2073 memcpy(&saddr6, x->props.saddr.a6,
2074 sizeof(struct in6_addr));
2075 memcpy(&daddr6, x->id.daddr.a6,
2076 sizeof(struct in6_addr));
2077 }
2078 audit_log_format(audit_buf,
2079 " src=" NIP6_FMT "dst=" NIP6_FMT,
2080 NIP6(saddr6), NIP6(daddr6));
2081 }
2082 break;
2083 }
2084
2085 if (x)
2086 audit_log_format(audit_buf, " spi=%lu(0x%lx) protocol=%s",
2087 (unsigned long)ntohl(x->id.spi),
2088 (unsigned long)ntohl(x->id.spi),
2089 x->id.proto == IPPROTO_AH ? "AH" :
2090 (x->id.proto == IPPROTO_ESP ?
2091 "ESP" : "IPCOMP"));
2092
2093 audit_log_format(audit_buf, " res=%u", result);
2094 audit_log_end(audit_buf);
2095}
2096
2097EXPORT_SYMBOL(xfrm_audit_log);
2098#endif /* CONFIG_AUDITSYSCALL */
2099
1985int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) 2100int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
1986{ 2101{
1987 int err = 0; 2102 int err = 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index da54a64ccfa3..fdb08d9f34aa 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -20,6 +20,7 @@
20#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/cache.h> 21#include <linux/cache.h>
22#include <asm/uaccess.h> 22#include <asm/uaccess.h>
23#include <linux/audit.h>
23 24
24#include "xfrm_hash.h" 25#include "xfrm_hash.h"
25 26
@@ -238,6 +239,7 @@ static void xfrm_timer_handler(unsigned long data)
238 unsigned long now = (unsigned long)xtime.tv_sec; 239 unsigned long now = (unsigned long)xtime.tv_sec;
239 long next = LONG_MAX; 240 long next = LONG_MAX;
240 int warn = 0; 241 int warn = 0;
242 int err = 0;
241 243
242 spin_lock(&x->lock); 244 spin_lock(&x->lock);
243 if (x->km.state == XFRM_STATE_DEAD) 245 if (x->km.state == XFRM_STATE_DEAD)
@@ -295,9 +297,14 @@ expired:
295 next = 2; 297 next = 2;
296 goto resched; 298 goto resched;
297 } 299 }
298 if (!__xfrm_state_delete(x) && x->id.spi) 300
301 err = __xfrm_state_delete(x);
302 if (!err && x->id.spi)
299 km_state_expired(x, 1, 0); 303 km_state_expired(x, 1, 0);
300 304
305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
306 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
307
301out: 308out:
302 spin_unlock(&x->lock); 309 spin_unlock(&x->lock);
303} 310}
@@ -384,9 +391,10 @@ int xfrm_state_delete(struct xfrm_state *x)
384} 391}
385EXPORT_SYMBOL(xfrm_state_delete); 392EXPORT_SYMBOL(xfrm_state_delete);
386 393
387void xfrm_state_flush(u8 proto) 394void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
388{ 395{
389 int i; 396 int i;
397 int err = 0;
390 398
391 spin_lock_bh(&xfrm_state_lock); 399 spin_lock_bh(&xfrm_state_lock);
392 for (i = 0; i <= xfrm_state_hmask; i++) { 400 for (i = 0; i <= xfrm_state_hmask; i++) {
@@ -399,7 +407,11 @@ restart:
399 xfrm_state_hold(x); 407 xfrm_state_hold(x);
400 spin_unlock_bh(&xfrm_state_lock); 408 spin_unlock_bh(&xfrm_state_lock);
401 409
402 xfrm_state_delete(x); 410 err = xfrm_state_delete(x);
411 xfrm_audit_log(audit_info->loginuid,
412 audit_info->secid,
413 AUDIT_MAC_IPSEC_DELSA,
414 err ? 0 : 1, NULL, x);
403 xfrm_state_put(x); 415 xfrm_state_put(x);
404 416
405 spin_lock_bh(&xfrm_state_lock); 417 spin_lock_bh(&xfrm_state_lock);
@@ -1099,7 +1111,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1099 void *data) 1111 void *data)
1100{ 1112{
1101 int i; 1113 int i;
1102 struct xfrm_state *x; 1114 struct xfrm_state *x, *last = NULL;
1103 struct hlist_node *entry; 1115 struct hlist_node *entry;
1104 int count = 0; 1116 int count = 0;
1105 int err = 0; 1117 int err = 0;
@@ -1107,24 +1119,22 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1107 spin_lock_bh(&xfrm_state_lock); 1119 spin_lock_bh(&xfrm_state_lock);
1108 for (i = 0; i <= xfrm_state_hmask; i++) { 1120 for (i = 0; i <= xfrm_state_hmask; i++) {
1109 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { 1121 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1110 if (xfrm_id_proto_match(x->id.proto, proto)) 1122 if (!xfrm_id_proto_match(x->id.proto, proto))
1111 count++; 1123 continue;
1124 if (last) {
1125 err = func(last, count, data);
1126 if (err)
1127 goto out;
1128 }
1129 last = x;
1130 count++;
1112 } 1131 }
1113 } 1132 }
1114 if (count == 0) { 1133 if (count == 0) {
1115 err = -ENOENT; 1134 err = -ENOENT;
1116 goto out; 1135 goto out;
1117 } 1136 }
1118 1137 err = func(last, 0, data);
1119 for (i = 0; i <= xfrm_state_hmask; i++) {
1120 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1121 if (!xfrm_id_proto_match(x->id.proto, proto))
1122 continue;
1123 err = func(x, --count, data);
1124 if (err)
1125 goto out;
1126 }
1127 }
1128out: 1138out:
1129 spin_unlock_bh(&xfrm_state_lock); 1139 spin_unlock_bh(&xfrm_state_lock);
1130 return err; 1140 return err;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 311205ffa775..e5372b11fc8f 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -31,6 +31,7 @@
31#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
32#include <linux/in6.h> 32#include <linux/in6.h>
33#endif 33#endif
34#include <linux/audit.h>
34 35
35static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 36static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type)
36{ 37{
@@ -454,6 +455,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
454 else 455 else
455 err = xfrm_state_update(x); 456 err = xfrm_state_update(x);
456 457
458 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
459 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x);
460
457 if (err < 0) { 461 if (err < 0) {
458 x->km.state = XFRM_STATE_DEAD; 462 x->km.state = XFRM_STATE_DEAD;
459 __xfrm_state_put(x); 463 __xfrm_state_put(x);
@@ -523,6 +527,10 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
523 } 527 }
524 528
525 err = xfrm_state_delete(x); 529 err = xfrm_state_delete(x);
530
531 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
532 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
533
526 if (err < 0) 534 if (err < 0)
527 goto out; 535 goto out;
528 536
@@ -1030,6 +1038,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1030 * a type XFRM_MSG_UPDPOLICY - JHS */ 1038 * a type XFRM_MSG_UPDPOLICY - JHS */
1031 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1039 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1032 err = xfrm_policy_insert(p->dir, xp, excl); 1040 err = xfrm_policy_insert(p->dir, xp, excl);
1041 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1042 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
1043
1033 if (err) { 1044 if (err) {
1034 security_xfrm_policy_free(xp); 1045 security_xfrm_policy_free(xp);
1035 kfree(xp); 1046 kfree(xp);
@@ -1257,6 +1268,10 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1257 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1268 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
1258 security_xfrm_policy_free(&tmp); 1269 security_xfrm_policy_free(&tmp);
1259 } 1270 }
1271 if (delete)
1272 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1273 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
1274
1260 if (xp == NULL) 1275 if (xp == NULL)
1261 return -ENOENT; 1276 return -ENOENT;
1262 1277
@@ -1291,8 +1306,11 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma
1291{ 1306{
1292 struct km_event c; 1307 struct km_event c;
1293 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 1308 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh);
1309 struct xfrm_audit audit_info;
1294 1310
1295 xfrm_state_flush(p->proto); 1311 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1312 audit_info.secid = NETLINK_CB(skb).sid;
1313 xfrm_state_flush(p->proto, &audit_info);
1296 c.data.proto = p->proto; 1314 c.data.proto = p->proto;
1297 c.event = nlh->nlmsg_type; 1315 c.event = nlh->nlmsg_type;
1298 c.seq = nlh->nlmsg_seq; 1316 c.seq = nlh->nlmsg_seq;
@@ -1442,12 +1460,15 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
1442 struct km_event c; 1460 struct km_event c;
1443 u8 type = XFRM_POLICY_TYPE_MAIN; 1461 u8 type = XFRM_POLICY_TYPE_MAIN;
1444 int err; 1462 int err;
1463 struct xfrm_audit audit_info;
1445 1464
1446 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1465 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
1447 if (err) 1466 if (err)
1448 return err; 1467 return err;
1449 1468
1450 xfrm_policy_flush(type); 1469 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1470 audit_info.secid = NETLINK_CB(skb).sid;
1471 xfrm_policy_flush(type, &audit_info);
1451 c.data.type = type; 1472 c.data.type = type;
1452 c.event = nlh->nlmsg_type; 1473 c.event = nlh->nlmsg_type;
1453 c.seq = nlh->nlmsg_seq; 1474 c.seq = nlh->nlmsg_seq;
@@ -1502,6 +1523,9 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void *
1502 err = 0; 1523 err = 0;
1503 if (up->hard) { 1524 if (up->hard) {
1504 xfrm_policy_delete(xp, p->dir); 1525 xfrm_policy_delete(xp, p->dir);
1526 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1527 AUDIT_MAC_IPSEC_DELSPD, 1, xp, NULL);
1528
1505 } else { 1529 } else {
1506 // reset the timers here? 1530 // reset the timers here?
1507 printk("Dont know what to do with soft policy expire\n"); 1531 printk("Dont know what to do with soft policy expire\n");
@@ -1533,8 +1557,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **
1533 goto out; 1557 goto out;
1534 km_state_expired(x, ue->hard, current->pid); 1558 km_state_expired(x, ue->hard, current->pid);
1535 1559
1536 if (ue->hard) 1560 if (ue->hard) {
1537 __xfrm_state_delete(x); 1561 __xfrm_state_delete(x);
1562 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1563 AUDIT_MAC_IPSEC_DELSA, 1, NULL, x);
1564 }
1538out: 1565out:
1539 spin_unlock_bh(&x->lock); 1566 spin_unlock_bh(&x->lock);
1540 xfrm_state_put(x); 1567 xfrm_state_put(x);
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-26 17:27:04 -0500