Commit 991155ba authored by Horia Geanta's avatar Horia Geanta Committed by Herbert Xu

Revert "crypto: talitos - add IPsec ESN support"

This reverts commit e763eb69.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: default avatarChaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
Reviewed-by: default avatarKim Phillips <kim.phillips@freescale.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 32dc43e4
...@@ -38,7 +38,6 @@ ...@@ -38,7 +38,6 @@
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/rtnetlink.h> #include <linux/rtnetlink.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/string.h>
#include <crypto/algapi.h> #include <crypto/algapi.h>
#include <crypto/aes.h> #include <crypto/aes.h>
...@@ -1974,11 +1973,7 @@ struct talitos_alg_template { ...@@ -1974,11 +1973,7 @@ struct talitos_alg_template {
}; };
static struct talitos_alg_template driver_algs[] = { static struct talitos_alg_template driver_algs[] = {
/* /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
* AEAD algorithms. These use a single-pass ipsec_esp descriptor.
* authencesn(*,*) is also registered, although not present
* explicitly here.
*/
{ .type = CRYPTO_ALG_TYPE_AEAD, { .type = CRYPTO_ALG_TYPE_AEAD,
.alg.crypto = { .alg.crypto = {
.cra_name = "authenc(hmac(sha1),cbc(aes))", .cra_name = "authenc(hmac(sha1),cbc(aes))",
...@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev) ...@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev)
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
struct talitos_crypto_alg *t_alg; struct talitos_crypto_alg *t_alg;
char *name = NULL; char *name = NULL;
bool authenc = false;
authencesn:
t_alg = talitos_alg_alloc(dev, &driver_algs[i]); t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
if (IS_ERR(t_alg)) { if (IS_ERR(t_alg)) {
err = PTR_ERR(t_alg); err = PTR_ERR(t_alg);
...@@ -2837,8 +2830,6 @@ static int talitos_probe(struct platform_device *ofdev) ...@@ -2837,8 +2830,6 @@ static int talitos_probe(struct platform_device *ofdev)
err = crypto_register_alg( err = crypto_register_alg(
&t_alg->algt.alg.crypto); &t_alg->algt.alg.crypto);
name = t_alg->algt.alg.crypto.cra_driver_name; name = t_alg->algt.alg.crypto.cra_driver_name;
authenc = authenc ? !authenc :
!(bool)memcmp(name, "authenc", 7);
break; break;
case CRYPTO_ALG_TYPE_AHASH: case CRYPTO_ALG_TYPE_AHASH:
err = crypto_register_ahash( err = crypto_register_ahash(
...@@ -2851,25 +2842,8 @@ static int talitos_probe(struct platform_device *ofdev) ...@@ -2851,25 +2842,8 @@ static int talitos_probe(struct platform_device *ofdev)
dev_err(dev, "%s alg registration failed\n", dev_err(dev, "%s alg registration failed\n",
name); name);
kfree(t_alg); kfree(t_alg);
} else { } else
list_add_tail(&t_alg->entry, &priv->alg_list); list_add_tail(&t_alg->entry, &priv->alg_list);
if (authenc) {
struct crypto_alg *alg =
&driver_algs[i].alg.crypto;
name = alg->cra_name;
memmove(name + 10, name + 7,
strlen(name) - 7);
memcpy(name + 7, "esn", 3);
name = alg->cra_driver_name;
memmove(name + 10, name + 7,
strlen(name) - 7);
memcpy(name + 7, "esn", 3);
goto authencesn;
}
}
} }
} }
if (!list_empty(&priv->alg_list)) if (!list_empty(&priv->alg_list))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment