11 Sep, 2016
1 commit
-
The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either
built-in or as a module, use that macro instead of open coding the same.Using the macro makes the code more readable by helping abstract away some
of the Kconfig built-in and module enable details.Signed-off-by: Javier Martinez Canillas
Signed-off-by: David S. Miller
27 Jan, 2016
1 commit
-
This patch removes the last reference to hash and ablkcipher from
IPsec and replaces them with ahash and skcipher respectively. For
skcipher there is currently no difference at all, while for ahash
the current code is actually buggy and would prevent asynchronous
algorithms from being discovered.Signed-off-by: Herbert Xu
Acked-by: David S. Miller
17 Aug, 2015
1 commit
-
Now that seqniv is identical with seqiv we no longer need it.
Signed-off-by: Herbert Xu
Acked-by: Steffen Klassert
04 Jun, 2015
1 commit
-
Signed-off-by: Martin Willi
Acked-by: Steffen Klassert
Signed-off-by: Herbert Xu
28 May, 2015
1 commit
-
This patch adds IV generator information for each AEAD and block
cipher to xfrm_algo_desc. This will be used to access the new
AEAD interface.Signed-off-by: Herbert Xu
13 Jan, 2015
1 commit
-
Remove the function aead_entries() that is not used anywhere.
This was partially found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist
Signed-off-by: David S. Miller
08 Nov, 2013
1 commit
-
This function has usage beside IPsec so move it to the core skbuff code.
While doing so, give it some documentation and change its return type to
'unsigned char *' to be in line with skb_put().Signed-off-by: Mathias Krause
Cc: Steffen Klassert
Cc: "David S. Miller"
Cc: Herbert Xu
Signed-off-by: David S. Miller
25 Apr, 2013
1 commit
-
Now that CryptoAPI has support for CMAC, we can add support for AES-CMAC-96
(rfc4494).Cc: Tom St Denis
Signed-off-by: Jussi Kivilinna
Acked-by: David S. Miller
Signed-off-by: Herbert Xu
01 Feb, 2013
1 commit
-
Mark existing algorithms as pfkey supported and make pfkey only use algorithms
that have pfkey_supported set.Signed-off-by: Jussi Kivilinna
Signed-off-by: Steffen Klassert
08 Jan, 2013
1 commit
-
IPSEC uses block ciphers asynchronous, but probes only for synchronous block
ciphers and makes ealg entries only available if synchronous block cipher is
found. So with setup, where hardware crypto driver registers asynchronous
block ciphers and software crypto module is not build, ealg is not marked
as being available.Use crypto_has_ablkcipher instead and remove ASYNC mask.
Signed-off-by: Jussi Kivilinna
Signed-off-by: Steffen Klassert
16 May, 2012
2 commits
-
For several releases, this has not been needed anymore, as no helper
functions declared in net/ah.h get implemented by xfrm_algo.c anymore.Signed-off-by: Jan Beulich
Signed-off-by: David S. Miller -
By making this a standalone config option (auto-selected as needed),
selecting CRYPTO from here rather than from XFRM (which is boolean)
allows the core crypto code to become a module again even when XFRM=y.Signed-off-by: Jan Beulich
Signed-off-by: David S. Miller
29 Jul, 2011
1 commit
-
Fix the min and max bit lengths for AES-CTR (RFC3686) keys.
The number of bits in key spec is the key length (128/256)
plus 32 bits of nonce.This change takes care of the "Invalid key length" errors
reported by setkey when specifying 288 bit keys for aes-ctr.Signed-off-by: Tushar Gohad
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Feb, 2011
1 commit
-
Signed-off-by: David S. Miller
17 Jan, 2010
1 commit
-
This patch adds the RFC4543 (GMAC) wrapper for GCM similar to the
existing RFC4106 wrapper. The main differences between GCM and GMAC are
the contents of the AAD and that the plaintext is empty for the latter.Signed-off-by: Tobias Brunner
Signed-off-by: Herbert Xu
02 Dec, 2009
2 commits
-
Conflicts:
net/mac80211/ht.c -
can not add camellia cipher algorithm when using "ip xfrm state" command.
Signed-off-by: Li Yewang
Signed-off-by: David S. Miller
26 Nov, 2009
1 commit
-
These algorithms use a truncation of 192/256 bits, as specified
in RFC4868.Signed-off-by: Martin Willi
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
19 Oct, 2009
1 commit
-
The last users of skb_icv_walk are converted to ahash now,
so skb_icv_walk is unused and can be removed.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller
25 Jun, 2009
1 commit
-
Our CAST algorithm is called cast5, not cast128. Clearly nobody
has ever used it :)Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
09 Jun, 2009
1 commit
-
Signed-off-by: David S. Miller
26 Jul, 2008
1 commit
-
Removes legacy reinvent-the-wheel type thing. The generic
machinery integrates much better to automated debugging aids
such as kerneloops.org (and others), and is unambiguous due to
better naming. Non-intuively BUG_TRAP() is actually equal to
WARN_ON() rather than BUG_ON() though some might actually be
promoted to BUG_ON() but I left that to future.I could make at least one BUILD_BUG_ON conversion.
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
05 Jun, 2008
1 commit
-
This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
allows hmac(rmd160) to be used as authentication mechanism in IPsec
ESP and AH (see RFC 2857).Signed-off-by: Adrian-Ken Rueegsegger
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Apr, 2008
1 commit
-
Previously digest_null had no setkey function which meant that
we used hmac(digest_null) for IPsec since IPsec always calls
setkey. Now that digest_null has a setkey we no longer need to
do that.In fact when only confidentiality is specified for ESP we already
use digest_null directly. However, when the null algorithm is
explicitly specified by the user we still opt for hmac(digest_null).This patch removes this discrepancy. I have not added a new compat
name for it because by chance it wasn't actualy possible for the user
to specify the name hmac(digest_null) due to a key length check in
xfrm_user (which I found out when testing that compat name :)Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
08 Feb, 2008
1 commit
-
The below patch allows IPsec to use CTR mode with AES encryption
algorithm. Tested this using setkey in ipsec-tools.Signed-off-by: Joy Latten
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
This patch adds support for combined mode algorithms with GCM being
the first algorithm supported.Combined mode algorithms can be added through the xfrm_user interface
using the new algorithm payload type XFRMA_ALG_AEAD. Each algorithms
is identified by its name and the ICV length.For the purposes of matching algorithms in xfrm_tmpl structures,
combined mode algorithms occupy the same name space as encryption
algorithms. This is in line with how they are negotiated using IKE.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Now that ESP uses authenc we can turn on the support for async
algorithms in IPsec.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
29 Jan, 2008
1 commit
-
and select the crypto subsystem if neccessary
Signed-off-by: Sebastian Siewior
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
02 Nov, 2007
1 commit
-
Not architecture specific code should not #include .
This patch therefore either replaces them with
#include or simply removes them if they were
unused.Signed-off-by: Adrian Bunk
Signed-off-by: Jens Axboe
26 Oct, 2007
1 commit
-
Use sg_init_one() and sg_init_table() as needed.
Signed-off-by: David S. Miller
24 Oct, 2007
1 commit
-
Most drivers need to set length and offset as well, so may as well fold
those three lines into one.Add sg_assign_page() for those two locations that only needed to set
the page, where the offset/length is set outside of the function context.Signed-off-by: Jens Axboe
23 Oct, 2007
2 commits
-
net/xfrm/xfrm_algo.c: In function 'skb_icv_walk':
net/xfrm/xfrm_algo.c:555: error: implicit declaration of function
'sg_set_page'
make[2]: *** [net/xfrm/xfrm_algo.o] Error 1Cc: David Miller
Signed-off-by: Heiko Carstens
Signed-off-by: Jens Axboe -
Signed-off-by: Jens Axboe
23 May, 2007
1 commit
-
This patch adds some casts to shut up the warnings introduced by my
last patch that added a common interator function for xfrm algorightms.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
20 May, 2007
1 commit
-
This is a natural extension of the changeset
[XFRM]: Probe selected algorithm only.
which only removed the probe call for xfrm_user. This patch does exactly
the same thing for af_key. In other words, we load the algorithm requested
by the user rather than everything when adding xfrm states in af_key.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
28 Apr, 2007
1 commit
-
This reverts eefa3906283a2b60a6d02a2cda593a7d7d7946c5
The simplification made in that change works with the assumption that
the 'offset' parameter to these functions is always positive or zero,
which is not true. It can be and often is negative in order to access
SKB header values in front of skb->data.Signed-off-by: David S. Miller
26 Apr, 2007
2 commits
-
I noticed recently that, in skb_checksum(), "offset" and "start" are
essentially the same thing and have the same value throughout the
function, despite being computed differently. Using a single variable
allows some cleanups and makes the skb_checksum() function smaller,
more readable, and presumably marginally faster.We appear to have many other "sk_buff walker" functions built on the
exact same model, so the cleanup applies to them, too. Here is a list
of the functions I found to be affected:net/appletalk/ddp.c:atalk_sum_skb()
net/core/datagram.c:skb_copy_datagram_iovec()
net/core/datagram.c:skb_copy_and_csum_datagram()
net/core/skbuff.c:skb_copy_bits()
net/core/skbuff.c:skb_store_bits()
net/core/skbuff.c:skb_checksum()
net/core/skbuff.c:skb_copy_and_csum_bit()
net/core/user_dma.c:dma_skb_copy_datagram_iovec()
net/xfrm/xfrm_algo.c:skb_icv_walk()
net/xfrm/xfrm_algo.c:skb_to_sgvec()OTOH, I admit I'm a bit surprised, the cleanup is rather obvious so I'm
really wondering if I am missing something. Can anyone please comment
on this?Signed-off-by: Jean Delvare
Signed-off-by: David S. Miller -
Move generic skbuff stuff from XFRM code to generic code so that
AF_RXRPC can use it too.The kdoc comments I've attached to the functions needs to be checked
by whoever wrote them as I had to make some guesses about the workings
of these functions.Signed-off-By: David Howells
Signed-off-by: David S. Miller
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
07 Feb, 2007
1 commit
-
This patch adds the entry of Camellia cipher algorithm to ealg_list[].
Signed-off-by: Noriaki TAKAMIYA
Signed-off-by: Herbert Xu