-/*
+/*
* xfrm algorithm interface
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
+ * Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*/
{
.name = "hmac(digest_null)",
.compat = "digest_null",
-
+
.uinfo = {
.auth = {
.icv_truncbits = 0,
.icv_fullbits = 0,
}
},
-
+
.desc = {
.sadb_alg_id = SADB_X_AALG_NULL,
.sadb_alg_ivlen = 0,
.icv_fullbits = 128,
}
},
-
+
.desc = {
.sadb_alg_id = SADB_AALG_MD5HMAC,
.sadb_alg_ivlen = 0,
{
.name = "ecb(cipher_null)",
.compat = "cipher_null",
-
+
.uinfo = {
.encr = {
.blockbits = 8,
.defkeybits = 0,
}
},
-
+
.desc = {
.sadb_alg_id = SADB_EALG_NULL,
.sadb_alg_ivlen = 0,
}
},
{
- .name = "cbc(serpent)",
- .compat = "serpent",
-
- .uinfo = {
- .encr = {
- .blockbits = 128,
- .defkeybits = 128,
- }
- },
-
- .desc = {
- .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
- .sadb_alg_ivlen = 8,
- .sadb_alg_minbits = 128,
- .sadb_alg_maxbits = 256,
- }
+ .name = "cbc(serpent)",
+ .compat = "serpent",
+
+ .uinfo = {
+ .encr = {
+ .blockbits = 128,
+ .defkeybits = 128,
+ }
+ },
+
+ .desc = {
+ .sadb_alg_id = SADB_X_EALG_SERPENTCBC,
+ .sadb_alg_ivlen = 8,
+ .sadb_alg_minbits = 128,
+ .sadb_alg_maxbits = 256,
+ }
},
{
.name = "cbc(camellia)",
}
},
{
- .name = "cbc(twofish)",
- .compat = "twofish",
-
- .uinfo = {
- .encr = {
- .blockbits = 128,
- .defkeybits = 128,
- }
- },
-
- .desc = {
- .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
- .sadb_alg_ivlen = 8,
- .sadb_alg_minbits = 128,
- .sadb_alg_maxbits = 256
- }
+ .name = "cbc(twofish)",
+ .compat = "twofish",
+
+ .uinfo = {
+ .encr = {
+ .blockbits = 128,
+ .defkeybits = 128,
+ }
+ },
+
+ .desc = {
+ .sadb_alg_id = SADB_X_EALG_TWOFISHCBC,
+ .sadb_alg_ivlen = 8,
+ .sadb_alg_minbits = 128,
+ .sadb_alg_maxbits = 256
+ }
},
};
{
#ifdef CONFIG_CRYPTO
int i, status;
-
+
BUG_ON(in_softirq());
for (i = 0; i < aalg_entries(); i++) {
if (aalg_list[i].available != status)
aalg_list[i].available = status;
}
-
+
for (i = 0; i < ealg_entries(); i++) {
status = crypto_has_blkcipher(ealg_list[i].name, 0,
CRYPTO_ALG_ASYNC);
if (ealg_list[i].available != status)
ealg_list[i].available = status;
}
-
+
for (i = 0; i < calg_entries(); i++) {
status = crypto_has_comp(calg_list[i].name, 0,
CRYPTO_ALG_ASYNC);
if (copy > 0) {
if (copy > len)
copy = len;
-
+
sg.page = virt_to_page(skb->data + offset);
sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
sg.length = copy;
-
+
err = icv_update(desc, &sg, copy);
if (unlikely(err))
return err;
-
+
if ((len -= copy) == 0)
return 0;
offset += copy;
if (copy > len)
copy = len;
-
+
sg.page = frag->page;
sg.offset = frag->page_offset + offset-start;
sg.length = copy;
-
+
err = icv_update(desc, &sg, copy);
if (unlikely(err))
return err;
* Changes:
* YOSHIFUJI Hideaki @USAGI
* Split up af-specific portion
- *
+ *
*/
#include <linux/slab.h>
-/*
+/*
* xfrm_policy.c
*
* Changes:
return type;
}
-int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl,
+int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl,
unsigned short family)
{
struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
return MAX_SCHEDULE_TIMEOUT-1;
else
- return secs*HZ;
+ return secs*HZ;
}
static void xfrm_policy_timer(unsigned long data)
static inline int policy_to_flow_dir(int dir)
{
if (XFRM_POLICY_IN == FLOW_DIR_IN &&
- XFRM_POLICY_OUT == FLOW_DIR_OUT &&
- XFRM_POLICY_FWD == FLOW_DIR_FWD)
- return dir;
- switch (dir) {
- default:
- case XFRM_POLICY_IN:
- return FLOW_DIR_IN;
- case XFRM_POLICY_OUT:
- return FLOW_DIR_OUT;
- case XFRM_POLICY_FWD:
- return FLOW_DIR_FWD;
+ XFRM_POLICY_OUT == FLOW_DIR_OUT &&
+ XFRM_POLICY_FWD == FLOW_DIR_FWD)
+ return dir;
+ switch (dir) {
+ default:
+ case XFRM_POLICY_IN:
+ return FLOW_DIR_IN;
+ case XFRM_POLICY_OUT:
+ return FLOW_DIR_OUT;
+ case XFRM_POLICY_FWD:
+ return FLOW_DIR_FWD;
};
}
read_lock_bh(&xfrm_policy_lock);
if ((pol = sk->sk_policy[dir]) != NULL) {
- int match = xfrm_selector_match(&pol->selector, fl,
+ int match = xfrm_selector_match(&pol->selector, fl,
sk->sk_family);
- int err = 0;
+ int err = 0;
if (match) {
err = security_xfrm_policy_lookup(pol, fl->secid,
}
*dst_p = dst;
dst_release(dst_orig);
- xfrm_pols_put(pols, npols);
+ xfrm_pols_put(pols, npols);
return 0;
error:
*/
static inline int
-xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
+xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
unsigned short family)
{
if (xfrm_state_kern(x))
return 0;
}
-int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
+int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
unsigned short family)
{
struct xfrm_policy *pol;
if (sel_cmp->proto == IPSEC_ULPROTO_ANY) {
if (sel_tgt->family == sel_cmp->family &&
xfrm_addr_cmp(&sel_tgt->daddr, &sel_cmp->daddr,
- sel_cmp->family) == 0 &&
+ sel_cmp->family) == 0 &&
xfrm_addr_cmp(&sel_tgt->saddr, &sel_cmp->saddr,
sel_cmp->family) == 0 &&
sel_tgt->prefixlen_d == sel_cmp->prefixlen_d &&
if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
return MAX_SCHEDULE_TIMEOUT-1;
else
- return secs*HZ;
+ return secs*HZ;
}
static void xfrm_timer_handler(unsigned long data)
}
struct xfrm_state *
-xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
+xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
struct flowi *fl, struct xfrm_tmpl *tmpl,
struct xfrm_policy *pol, int *err,
unsigned short family)
int acquire_in_progress = 0;
int error = 0;
struct xfrm_state *best = NULL;
-
+
spin_lock_bh(&xfrm_state_lock);
hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
if (x->props.family == family &&
acquire_in_progress = 1;
} else if (x->km.state == XFRM_STATE_ERROR ||
x->km.state == XFRM_STATE_EXPIRED) {
- if (xfrm_selector_match(&x->sel, fl, family) &&
+ if (xfrm_selector_match(&x->sel, fl, family) &&
security_xfrm_state_pol_flow_match(x, pol, fl))
error = -ESRCH;
}
}
x->props.calgo = orig->props.calgo;
- if (orig->encap) {
+ if (orig->encap) {
x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
if (!x->encap)
goto error;
}
}
- return NULL;
+ return NULL;
}
EXPORT_SYMBOL(xfrm_migrate_state_find);
EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
struct xfrm_state *
-xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
- xfrm_address_t *daddr, xfrm_address_t *saddr,
+xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
+ xfrm_address_t *daddr, xfrm_address_t *saddr,
int create, unsigned short family)
{
struct xfrm_state *x;
}
EXPORT_SYMBOL(xfrm_init_state);
-
+
void __init xfrm_state_init(void)
{
unsigned int sz;
algp = RTA_DATA(rt);
- len -= (algp->alg_key_len + 7U) / 8;
+ len -= (algp->alg_key_len + 7U) / 8;
if (len < 0)
return -EINVAL;
uctx->ctx_alg = s->ctx_alg;
uctx->ctx_len = s->ctx_len;
memcpy(uctx + 1, s->ctx_str, s->ctx_len);
- return 0;
+ return 0;
rtattr_failure:
return -1;
printk(KERN_INFO "Initializing XFRM netlink socket\n");
nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX,
- xfrm_netlink_rcv, THIS_MODULE);
+ xfrm_netlink_rcv, THIS_MODULE);
if (nlsk == NULL)
return -ENOMEM;
rcu_assign_pointer(xfrm_nl, nlsk);