29 Jul, 2011
1 commit
-
Fix the min and max bit lengths for AES-CTR (RFC3686) keys.
The number of bits in key spec is the key length (128/256)
plus 32 bits of nonce.This change takes care of the "Invalid key length" errors
reported by setkey when specifying 288 bit keys for aes-ctr.Signed-off-by: Tushar Gohad
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Feb, 2011
1 commit
-
Signed-off-by: David S. Miller
17 Jan, 2010
1 commit
-
This patch adds the RFC4543 (GMAC) wrapper for GCM similar to the
existing RFC4106 wrapper. The main differences between GCM and GMAC are
the contents of the AAD and that the plaintext is empty for the latter.Signed-off-by: Tobias Brunner
Signed-off-by: Herbert Xu
02 Dec, 2009
2 commits
-
Conflicts:
net/mac80211/ht.c -
can not add camellia cipher algorithm when using "ip xfrm state" command.
Signed-off-by: Li Yewang
Signed-off-by: David S. Miller
26 Nov, 2009
1 commit
-
These algorithms use a truncation of 192/256 bits, as specified
in RFC4868.Signed-off-by: Martin Willi
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
19 Oct, 2009
1 commit
-
The last users of skb_icv_walk are converted to ahash now,
so skb_icv_walk is unused and can be removed.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller
25 Jun, 2009
1 commit
-
Our CAST algorithm is called cast5, not cast128. Clearly nobody
has ever used it :)Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
09 Jun, 2009
1 commit
-
Signed-off-by: David S. Miller
26 Jul, 2008
1 commit
-
Removes legacy reinvent-the-wheel type thing. The generic
machinery integrates much better to automated debugging aids
such as kerneloops.org (and others), and is unambiguous due to
better naming. Non-intuively BUG_TRAP() is actually equal to
WARN_ON() rather than BUG_ON() though some might actually be
promoted to BUG_ON() but I left that to future.I could make at least one BUILD_BUG_ON conversion.
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
05 Jun, 2008
1 commit
-
This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
allows hmac(rmd160) to be used as authentication mechanism in IPsec
ESP and AH (see RFC 2857).Signed-off-by: Adrian-Ken Rueegsegger
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Apr, 2008
1 commit
-
Previously digest_null had no setkey function which meant that
we used hmac(digest_null) for IPsec since IPsec always calls
setkey. Now that digest_null has a setkey we no longer need to
do that.In fact when only confidentiality is specified for ESP we already
use digest_null directly. However, when the null algorithm is
explicitly specified by the user we still opt for hmac(digest_null).This patch removes this discrepancy. I have not added a new compat
name for it because by chance it wasn't actualy possible for the user
to specify the name hmac(digest_null) due to a key length check in
xfrm_user (which I found out when testing that compat name :)Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
08 Feb, 2008
1 commit
-
The below patch allows IPsec to use CTR mode with AES encryption
algorithm. Tested this using setkey in ipsec-tools.Signed-off-by: Joy Latten
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
This patch adds support for combined mode algorithms with GCM being
the first algorithm supported.Combined mode algorithms can be added through the xfrm_user interface
using the new algorithm payload type XFRMA_ALG_AEAD. Each algorithms
is identified by its name and the ICV length.For the purposes of matching algorithms in xfrm_tmpl structures,
combined mode algorithms occupy the same name space as encryption
algorithms. This is in line with how they are negotiated using IKE.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Now that ESP uses authenc we can turn on the support for async
algorithms in IPsec.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
29 Jan, 2008
1 commit
-
and select the crypto subsystem if neccessary
Signed-off-by: Sebastian Siewior
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
02 Nov, 2007
1 commit
-
Not architecture specific code should not #include .
This patch therefore either replaces them with
#include or simply removes them if they were
unused.Signed-off-by: Adrian Bunk
Signed-off-by: Jens Axboe
26 Oct, 2007
1 commit
-
Use sg_init_one() and sg_init_table() as needed.
Signed-off-by: David S. Miller
24 Oct, 2007
1 commit
-
Most drivers need to set length and offset as well, so may as well fold
those three lines into one.Add sg_assign_page() for those two locations that only needed to set
the page, where the offset/length is set outside of the function context.Signed-off-by: Jens Axboe
23 Oct, 2007
2 commits
-
net/xfrm/xfrm_algo.c: In function 'skb_icv_walk':
net/xfrm/xfrm_algo.c:555: error: implicit declaration of function
'sg_set_page'
make[2]: *** [net/xfrm/xfrm_algo.o] Error 1Cc: David Miller
Signed-off-by: Heiko Carstens
Signed-off-by: Jens Axboe -
Signed-off-by: Jens Axboe
23 May, 2007
1 commit
-
This patch adds some casts to shut up the warnings introduced by my
last patch that added a common interator function for xfrm algorightms.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
20 May, 2007
1 commit
-
This is a natural extension of the changeset
[XFRM]: Probe selected algorithm only.
which only removed the probe call for xfrm_user. This patch does exactly
the same thing for af_key. In other words, we load the algorithm requested
by the user rather than everything when adding xfrm states in af_key.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
28 Apr, 2007
1 commit
-
This reverts eefa3906283a2b60a6d02a2cda593a7d7d7946c5
The simplification made in that change works with the assumption that
the 'offset' parameter to these functions is always positive or zero,
which is not true. It can be and often is negative in order to access
SKB header values in front of skb->data.Signed-off-by: David S. Miller
26 Apr, 2007
2 commits
-
I noticed recently that, in skb_checksum(), "offset" and "start" are
essentially the same thing and have the same value throughout the
function, despite being computed differently. Using a single variable
allows some cleanups and makes the skb_checksum() function smaller,
more readable, and presumably marginally faster.We appear to have many other "sk_buff walker" functions built on the
exact same model, so the cleanup applies to them, too. Here is a list
of the functions I found to be affected:net/appletalk/ddp.c:atalk_sum_skb()
net/core/datagram.c:skb_copy_datagram_iovec()
net/core/datagram.c:skb_copy_and_csum_datagram()
net/core/skbuff.c:skb_copy_bits()
net/core/skbuff.c:skb_store_bits()
net/core/skbuff.c:skb_checksum()
net/core/skbuff.c:skb_copy_and_csum_bit()
net/core/user_dma.c:dma_skb_copy_datagram_iovec()
net/xfrm/xfrm_algo.c:skb_icv_walk()
net/xfrm/xfrm_algo.c:skb_to_sgvec()OTOH, I admit I'm a bit surprised, the cleanup is rather obvious so I'm
really wondering if I am missing something. Can anyone please comment
on this?Signed-off-by: Jean Delvare
Signed-off-by: David S. Miller -
Move generic skbuff stuff from XFRM code to generic code so that
AF_RXRPC can use it too.The kdoc comments I've attached to the functions needs to be checked
by whoever wrote them as I had to make some guesses about the workings
of these functions.Signed-off-By: David Howells
Signed-off-by: David S. Miller
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
07 Feb, 2007
1 commit
-
This patch adds the entry of Camellia cipher algorithm to ealg_list[].
Signed-off-by: Noriaki TAKAMIYA
Signed-off-by: Herbert Xu
01 Jan, 2007
1 commit
-
Installing an IPsec SA using old algorithm names (.compat) does not work
if the algorithm is not already loaded. When not using the PF_KEY
interface, algorithms are not preloaded in xfrm_probe_algs() and
installing a IPsec SA fails.Signed-off-by: Martin Willi
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
07 Dec, 2006
1 commit
-
The glue of xfrm.
Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: Herbert Xu
21 Sep, 2006
4 commits
-
This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.Signed-off-by: Herbert Xu
-
This patch converts IPsec to use the new HMAC template. The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.The same structure can be used by other MACs such as AES-XCBC-MAC.
This patch also switches from the digest interface to hash.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch converts IPSec/ESP to use the new block cipher type where
applicable. Similar to the HMAC conversion, existing algorithm names
have been kept for compatibility.Signed-off-by: Herbert Xu
-
This patch adds a compatibility name field for each IPsec algorithm. This
is needed when parameterised algorithms are used. For example, "md5" will
become "hmac(md5)", and "aes" will become "cbc(aes)".Signed-off-by: Herbert Xu
01 Jul, 2006
1 commit
-
Signed-off-by: Jörn Engel
Signed-off-by: Adrian Bunk
10 Jan, 2006
1 commit
-
This changes some simple "if (x) BUG();" statements to "BUG_ON(x);"
Signed-off-by: Kris Katterjohn
Signed-off-by: David S. Miller
19 May, 2005
1 commit
-
It looks like skb_cow_data() does not set
proper owner for newly created skb.If we have several fragments for skb and some of them
are shared(?) or cloned (like in async IPsec) there
might be a situation when we require recreating skb and
thus using skb_copy() for it.
Newly created skb has neither a destructor nor a socket
assotiated with it, which must be copied from the old skb.
As far as I can see, current code sets destructor and socket
for the first one skb only and uses truesize of the first skb
only to increment sk_wmem_alloc value.If above "analysis" is correct then attached patch fixes that.
Signed-off-by: Evgeniy Polyakov
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
