[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
f0703c80e5
commit
4b7137ff8f
3 changed files with 9 additions and 29 deletions
|
@ -13,8 +13,6 @@ struct esp_data
|
|||
|
||||
/* Confidentiality */
|
||||
struct {
|
||||
u8 *key; /* Key */
|
||||
int key_len; /* Key length */
|
||||
int padlen; /* 0..255 */
|
||||
/* ivlen is offset from enc_data, where encrypted data start.
|
||||
* It is logically different of crypto_tfm_alg_ivsize(tfm).
|
||||
|
@ -28,14 +26,9 @@ struct esp_data
|
|||
|
||||
/* Integrity. It is active when icv_full_len != 0 */
|
||||
struct {
|
||||
u8 *key; /* Key */
|
||||
int key_len; /* Length of the key */
|
||||
u8 *work_icv;
|
||||
int icv_full_len;
|
||||
int icv_trunc_len;
|
||||
void (*icv)(struct esp_data*,
|
||||
struct sk_buff *skb,
|
||||
int offset, int len, u8 *icv);
|
||||
struct crypto_hash *tfm;
|
||||
} auth;
|
||||
};
|
||||
|
|
|
@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
|
|||
struct crypto_blkcipher *tfm;
|
||||
u32 align;
|
||||
|
||||
/* null auth and encryption can have zero length keys */
|
||||
if (x->aalg) {
|
||||
if (x->aalg->alg_key_len > 512)
|
||||
goto error;
|
||||
}
|
||||
if (x->ealg == NULL)
|
||||
goto error;
|
||||
|
||||
|
@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
|
|||
struct xfrm_algo_desc *aalg_desc;
|
||||
struct crypto_hash *hash;
|
||||
|
||||
esp->auth.key = x->aalg->alg_key;
|
||||
esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
|
||||
hash = crypto_alloc_hash(x->aalg->alg_name, 0,
|
||||
CRYPTO_ALG_ASYNC);
|
||||
if (IS_ERR(hash))
|
||||
goto error;
|
||||
|
||||
esp->auth.tfm = hash;
|
||||
if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
|
||||
if (crypto_hash_setkey(hash, x->aalg->alg_key,
|
||||
(x->aalg->alg_key_len + 7) / 8))
|
||||
goto error;
|
||||
|
||||
aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
|
||||
|
@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
|
|||
if (!esp->auth.work_icv)
|
||||
goto error;
|
||||
}
|
||||
esp->conf.key = x->ealg->alg_key;
|
||||
esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
|
||||
|
||||
tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
||||
if (IS_ERR(tfm))
|
||||
goto error;
|
||||
|
@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
|
|||
goto error;
|
||||
esp->conf.ivinitted = 0;
|
||||
}
|
||||
if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
|
||||
if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
|
||||
(x->ealg->alg_key_len + 7) / 8))
|
||||
goto error;
|
||||
x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
|
||||
if (x->props.mode == XFRM_MODE_TUNNEL)
|
||||
|
|
|
@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
|
|||
struct esp_data *esp = NULL;
|
||||
struct crypto_blkcipher *tfm;
|
||||
|
||||
/* null auth and encryption can have zero length keys */
|
||||
if (x->aalg) {
|
||||
if (x->aalg->alg_key_len > 512)
|
||||
goto error;
|
||||
}
|
||||
if (x->ealg == NULL)
|
||||
goto error;
|
||||
|
||||
|
@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
|
|||
struct xfrm_algo_desc *aalg_desc;
|
||||
struct crypto_hash *hash;
|
||||
|
||||
esp->auth.key = x->aalg->alg_key;
|
||||
esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
|
||||
hash = crypto_alloc_hash(x->aalg->alg_name, 0,
|
||||
CRYPTO_ALG_ASYNC);
|
||||
if (IS_ERR(hash))
|
||||
goto error;
|
||||
|
||||
esp->auth.tfm = hash;
|
||||
if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
|
||||
if (crypto_hash_setkey(hash, x->aalg->alg_key,
|
||||
(x->aalg->alg_key_len + 7) / 8))
|
||||
goto error;
|
||||
|
||||
aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
|
||||
|
@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
|
|||
if (!esp->auth.work_icv)
|
||||
goto error;
|
||||
}
|
||||
esp->conf.key = x->ealg->alg_key;
|
||||
esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
|
||||
tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
||||
if (IS_ERR(tfm))
|
||||
goto error;
|
||||
|
@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
|
|||
goto error;
|
||||
esp->conf.ivinitted = 0;
|
||||
}
|
||||
if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
|
||||
if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
|
||||
(x->ealg->alg_key_len + 7) / 8))
|
||||
goto error;
|
||||
x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
|
||||
if (x->props.mode == XFRM_MODE_TUNNEL)
|
||||
|
|
Loading…
Reference in a new issue