diff options
author | Horia Geanta <horia.geanta@freescale.com> | 2012-08-08 18:46:45 +0300 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2012-08-28 23:56:30 +0800 |
commit | e763eb699be723fb41af818118068c6b3afdaf8d (patch) | |
tree | a15372752e0f498db491dd8b64e39ee295c22aed | |
parent | 79fd31d355f7e315025a330adc2183fb5ae8f22d (diff) | |
download | op-kernel-dev-e763eb699be723fb41af818118068c6b3afdaf8d.zip op-kernel-dev-e763eb699be723fb41af818118068c6b3afdaf8d.tar.gz |
crypto: talitos - add IPsec ESN support
Support for ESNs (extended sequence numbers).
Tested with strongswan on a P2020RDB back-to-back setup.
Extracted from /etc/ipsec.conf:
esp=aes-sha1-esn-modp4096!
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | drivers/crypto/talitos.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index bea25e2..da11127 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -38,6 +38,7 @@ #include <linux/spinlock.h> #include <linux/rtnetlink.h> #include <linux/slab.h> +#include <linux/string.h> #include <crypto/algapi.h> #include <crypto/aes.h> @@ -1974,7 +1975,11 @@ struct talitos_alg_template { }; static struct talitos_alg_template driver_algs[] = { - /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */ + /* + * AEAD algorithms. These use a single-pass ipsec_esp descriptor. + * authencesn(*,*) is also registered, although not present + * explicitly here. + */ { .type = CRYPTO_ALG_TYPE_AEAD, .alg.crypto = { .cra_name = "authenc(hmac(sha1),cbc(aes))", @@ -2816,7 +2821,9 @@ static int talitos_probe(struct platform_device *ofdev) if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { struct talitos_crypto_alg *t_alg; char *name = NULL; + bool authenc = false; +authencesn: t_alg = talitos_alg_alloc(dev, &driver_algs[i]); if (IS_ERR(t_alg)) { err = PTR_ERR(t_alg); @@ -2831,6 +2838,8 @@ static int talitos_probe(struct platform_device *ofdev) err = crypto_register_alg( &t_alg->algt.alg.crypto); name = t_alg->algt.alg.crypto.cra_driver_name; + authenc = authenc ? !authenc : + !(bool)memcmp(name, "authenc", 7); break; case CRYPTO_ALG_TYPE_AHASH: err = crypto_register_ahash( @@ -2843,8 +2852,25 @@ static int talitos_probe(struct platform_device *ofdev) dev_err(dev, "%s alg registration failed\n", name); kfree(t_alg); - } else + } else { list_add_tail(&t_alg->entry, &priv->alg_list); + if (authenc) { + struct crypto_alg *alg = + &driver_algs[i].alg.crypto; + + name = alg->cra_name; + memmove(name + 10, name + 7, + strlen(name) - 7); + memcpy(name + 7, "esn", 3); + + name = alg->cra_driver_name; + memmove(name + 10, name + 7, + strlen(name) - 7); + memcpy(name + 7, "esn", 3); + + goto authencesn; + } + } } } if (!list_empty(&priv->alg_list)) |