Commit 4b7137ff authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPSEC] esp: Remove keys from esp_data structure

The keys are only used during initialisation so we don't need to carry them
in esp_data.  Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.

This patch also kills the unused auth.icv member.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f0703c80
...@@ -13,8 +13,6 @@ struct esp_data ...@@ -13,8 +13,6 @@ struct esp_data
/* Confidentiality */ /* Confidentiality */
struct { struct {
u8 *key; /* Key */
int key_len; /* Key length */
int padlen; /* 0..255 */ int padlen; /* 0..255 */
/* ivlen is offset from enc_data, where encrypted data start. /* ivlen is offset from enc_data, where encrypted data start.
* It is logically different of crypto_tfm_alg_ivsize(tfm). * It is logically different of crypto_tfm_alg_ivsize(tfm).
...@@ -28,14 +26,9 @@ struct esp_data ...@@ -28,14 +26,9 @@ struct esp_data
/* Integrity. It is active when icv_full_len != 0 */ /* Integrity. It is active when icv_full_len != 0 */
struct { struct {
u8 *key; /* Key */
int key_len; /* Length of the key */
u8 *work_icv; u8 *work_icv;
int icv_full_len; int icv_full_len;
int icv_trunc_len; int icv_trunc_len;
void (*icv)(struct esp_data*,
struct sk_buff *skb,
int offset, int len, u8 *icv);
struct crypto_hash *tfm; struct crypto_hash *tfm;
} auth; } auth;
}; };
......
...@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x) ...@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
struct crypto_blkcipher *tfm; struct crypto_blkcipher *tfm;
u32 align; u32 align;
/* null auth and encryption can have zero length keys */
if (x->aalg) {
if (x->aalg->alg_key_len > 512)
goto error;
}
if (x->ealg == NULL) if (x->ealg == NULL)
goto error; goto error;
...@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x) ...@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
struct xfrm_algo_desc *aalg_desc; struct xfrm_algo_desc *aalg_desc;
struct crypto_hash *hash; struct crypto_hash *hash;
esp->auth.key = x->aalg->alg_key;
esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
hash = crypto_alloc_hash(x->aalg->alg_name, 0, hash = crypto_alloc_hash(x->aalg->alg_name, 0,
CRYPTO_ALG_ASYNC); CRYPTO_ALG_ASYNC);
if (IS_ERR(hash)) if (IS_ERR(hash))
goto error; goto error;
esp->auth.tfm = hash; esp->auth.tfm = hash;
if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) if (crypto_hash_setkey(hash, x->aalg->alg_key,
(x->aalg->alg_key_len + 7) / 8))
goto error; goto error;
aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
...@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x) ...@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
if (!esp->auth.work_icv) if (!esp->auth.work_icv)
goto error; goto error;
} }
esp->conf.key = x->ealg->alg_key;
esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) if (IS_ERR(tfm))
goto error; goto error;
...@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x) ...@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
goto error; goto error;
esp->conf.ivinitted = 0; esp->conf.ivinitted = 0;
} }
if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
(x->ealg->alg_key_len + 7) / 8))
goto error; goto error;
x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
if (x->props.mode == XFRM_MODE_TUNNEL) if (x->props.mode == XFRM_MODE_TUNNEL)
......
...@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x) ...@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
struct esp_data *esp = NULL; struct esp_data *esp = NULL;
struct crypto_blkcipher *tfm; struct crypto_blkcipher *tfm;
/* null auth and encryption can have zero length keys */
if (x->aalg) {
if (x->aalg->alg_key_len > 512)
goto error;
}
if (x->ealg == NULL) if (x->ealg == NULL)
goto error; goto error;
...@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x) ...@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
struct xfrm_algo_desc *aalg_desc; struct xfrm_algo_desc *aalg_desc;
struct crypto_hash *hash; struct crypto_hash *hash;
esp->auth.key = x->aalg->alg_key;
esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
hash = crypto_alloc_hash(x->aalg->alg_name, 0, hash = crypto_alloc_hash(x->aalg->alg_name, 0,
CRYPTO_ALG_ASYNC); CRYPTO_ALG_ASYNC);
if (IS_ERR(hash)) if (IS_ERR(hash))
goto error; goto error;
esp->auth.tfm = hash; esp->auth.tfm = hash;
if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) if (crypto_hash_setkey(hash, x->aalg->alg_key,
(x->aalg->alg_key_len + 7) / 8))
goto error; goto error;
aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
...@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x) ...@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
if (!esp->auth.work_icv) if (!esp->auth.work_icv)
goto error; goto error;
} }
esp->conf.key = x->ealg->alg_key;
esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) if (IS_ERR(tfm))
goto error; goto error;
...@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x) ...@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
goto error; goto error;
esp->conf.ivinitted = 0; esp->conf.ivinitted = 0;
} }
if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
(x->ealg->alg_key_len + 7) / 8))
goto error; goto error;
x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
if (x->props.mode == XFRM_MODE_TUNNEL) if (x->props.mode == XFRM_MODE_TUNNEL)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment