Commit d093d17c authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 



Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2022-01-06

1) Fix some clang_analyzer warnings about never read variables.
   From luo penghao.

2) Check for pols[0] only once in xfrm_expand_policies().
   From Jean Sacren.

3) The SA curlft.use_time was updated only on SA cration time.
   Update whenever the SA is used. From Antony Antony

4) Add support for SM3 secure hash.
   From Xu Jia.

5) Add support for SM4 symmetric cipher algorithm.
   From Xu Jia.

6) Add a rate limit for SA mapping change messages.
   From Antony Antony.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 4e023b44 4e484b3e

include/net/xfrm.h

+5 −0
Original line number Diff line number Diff line
@@ -201,6 +201,11 @@ struct xfrm_state { 
	struct xfrm_algo_aead	*aead;

	const char		*geniv;



	/* mapping change rate limiting */

	__be16 new_mapping_sport;

	u32 new_mapping;	/* seconds */

	u32 mapping_maxage;	/* seconds for input SA */



	/* Data for encapsulator */

	struct xfrm_encap_tmpl	*encap;

	struct sock __rcu	*encap_sk;

include/uapi/linux/pfkeyv2.h

+2 −0
Original line number Diff line number Diff line
@@ -309,6 +309,7 @@ struct sadb_x_filter { 
#define SADB_X_AALG_SHA2_512HMAC	7

#define SADB_X_AALG_RIPEMD160HMAC	8

#define SADB_X_AALG_AES_XCBC_MAC	9

#define SADB_X_AALG_SM3_256HMAC		10

#define SADB_X_AALG_NULL		251	/* kame */

#define SADB_AALG_MAX			251
@@ -329,6 +330,7 @@ struct sadb_x_filter { 
#define SADB_X_EALG_AES_GCM_ICV16	20

#define SADB_X_EALG_CAMELLIACBC		22

#define SADB_X_EALG_NULL_AES_GMAC	23

#define SADB_X_EALG_SM4CBC		24

#define SADB_EALG_MAX                   253 /* last EALG */

/* private allocations should use 249-255 (RFC2407) */

#define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */

include/uapi/linux/xfrm.h

+1 −0
Original line number Diff line number Diff line
@@ -313,6 +313,7 @@ enum xfrm_attr_type_t { 
	XFRMA_SET_MARK,		/* __u32 */

	XFRMA_SET_MARK_MASK,	/* __u32 */

	XFRMA_IF_ID,		/* __u32 */

	XFRMA_MTIMER_THRESH,	/* __u32 in seconds for input SA */

	__XFRMA_MAX



#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK	/* Compatibility */

net/ipv6/esp6.c

+1 −2
Original line number Diff line number Diff line
@@ -114,7 +114,6 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, 


static void esp_ssg_unref(struct xfrm_state *x, void *tmp)

{

	struct esp_output_extra *extra = esp_tmp_extra(tmp);

	struct crypto_aead *aead = x->data;

	int extralen = 0;

	u8 *iv;
@@ -122,7 +121,7 @@ static void esp_ssg_unref(struct xfrm_state *x, void *tmp) 
	struct scatterlist *sg;



	if (x->props.flags & XFRM_STATE_ESN)

		extralen += sizeof(*extra);

		extralen += sizeof(struct esp_output_extra);



	iv = esp_tmp_iv(aead, tmp, extralen);

	req = esp_tmp_req(aead, iv);

net/xfrm/xfrm_algo.c

+41 −0
Original line number Diff line number Diff line
@@ -341,6 +341,26 @@ static struct xfrm_algo_desc aalg_list[] = { 


	.pfkey_supported = 0,

},

{

	.name = "hmac(sm3)",

	.compat = "sm3",



	.uinfo = {

		.auth = {

			.icv_truncbits = 256,

			.icv_fullbits = 256,

		}

	},



	.pfkey_supported = 1,



	.desc = {

		.sadb_alg_id = SADB_X_AALG_SM3_256HMAC,

		.sadb_alg_ivlen = 0,

		.sadb_alg_minbits = 256,

		.sadb_alg_maxbits = 256

	}

},

};



static struct xfrm_algo_desc ealg_list[] = {
@@ -552,6 +572,27 @@ static struct xfrm_algo_desc ealg_list[] = { 
		.sadb_alg_maxbits = 288

	}

},

{

	.name = "cbc(sm4)",

	.compat = "sm4",



	.uinfo = {

		.encr = {

			.geniv = "echainiv",

			.blockbits = 128,

			.defkeybits = 128,

		}

	},



	.pfkey_supported = 1,



	.desc = {

		.sadb_alg_id = SADB_X_EALG_SM4CBC,

		.sadb_alg_ivlen	= 16,

		.sadb_alg_minbits = 128,

		.sadb_alg_maxbits = 256

	}

},

};



static struct xfrm_algo_desc calg_list[] = {