From: David Dillow <dave@thedillows.org>
To: netdev@oss.sgi.com
Cc: linux-kernel@vger.kernel.org, dave@thedillows.org
Subject: [RFC 2.6.10 18/22] typhoon: add validation of offloaded xfrm_states
Date: Thu, 30 Dec 2004 03:48:37 -0500 [thread overview]
Message-ID: <20041230035000.27@ori.thedillows.org> (raw)
In-Reply-To: 20041230035000.26@ori.thedillows.org
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/12/30 01:00:43-05:00 dave@thedillows.org
# Add routines to validate that the xfrm_state passed to them is
# one that we can offload to the 3XP.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# drivers/net/typhoon.c
# 2004/12/30 01:00:25-05:00 dave@thedillows.org +90 -0
# Add routines to validate that the xfrm_state passed to them is
# one that we can offload to the 3XP.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
diff -Nru a/drivers/net/typhoon.c b/drivers/net/typhoon.c
--- a/drivers/net/typhoon.c 2004-12-30 01:08:32 -05:00
+++ b/drivers/net/typhoon.c 2004-12-30 01:08:32 -05:00
@@ -2330,6 +2330,96 @@
return 0;
}
+#define UNSUPPORTED goto unsupported
+#define REQUIRED(x) if(!(x)) goto unsupported
+
+static inline int
+typhoon_validate_ealgo(struct typhoon *tp, struct xfrm_state *x)
+{
+ switch(x->props.ealgo) {
+ case SADB_EALG_NULL:
+ break;
+ case SADB_EALG_DESCBC:
+ REQUIRED(x->ealg);
+ REQUIRED(tp->capabilities & TYPHOON_CRYPTO_DES);
+ REQUIRED(x->ealg->alg_key_len == 64);
+ break;
+ case SADB_EALG_3DESCBC:
+ REQUIRED(x->ealg);
+ REQUIRED(tp->capabilities & TYPHOON_CRYPTO_3DES);
+ REQUIRED(x->ealg->alg_key_len == 128 ||
+ x->ealg->alg_key_len == 192);
+ break;
+ default:
+ UNSUPPORTED;
+ }
+
+ return 1;
+
+unsupported:
+ return 0;
+}
+
+static inline int
+typhoon_validate_aalgo(struct typhoon *tp, struct xfrm_state *x)
+{
+ switch(x->props.aalgo) {
+ case SADB_X_AALG_NULL:
+ break;
+ case SADB_AALG_MD5HMAC:
+ REQUIRED(x->aalg);
+ REQUIRED(x->aalg->alg_key_len == 128);
+ break;
+ case SADB_AALG_SHA1HMAC:
+ REQUIRED(x->aalg);
+ REQUIRED(x->aalg->alg_key_len == 160);
+ break;
+ default:
+ UNSUPPORTED;
+ }
+
+ return 1;
+
+unsupported:
+ return 0;
+}
+
+static inline int
+typhoon_validate_xfrm(struct typhoon *tp, struct xfrm_state *x)
+{
+ u8 ealgo, aalgo, need_auth = 1;
+
+ REQUIRED(x->props.family == AF_INET);
+ REQUIRED(x->dir == XFRM_STATE_DIR_OUT || x->dir == XFRM_STATE_DIR_IN);
+ REQUIRED(!x->encap);
+
+ aalgo = x->props.aalgo;
+ ealgo = x->props.ealgo;
+
+ switch(x->type->proto) {
+ case IPPROTO_ESP:
+ need_auth = 0;
+ REQUIRED(aalgo != SADB_X_AALG_NULL || ealgo != SADB_EALG_NULL);
+ REQUIRED(typhoon_validate_ealgo(tp, x));
+ /* fall through to validate auth algorithm */
+ case IPPROTO_AH:
+ REQUIRED(typhoon_validate_aalgo(tp, x));
+ if(need_auth)
+ REQUIRED(aalgo != SADB_X_AALG_NULL);
+ break;
+ default:
+ UNSUPPORTED;
+ }
+
+ return 1;
+
+unsupported:
+ return 0;
+}
+
+#undef REQUIRED
+#undef UNSUPPORTED
+
static void
typhoon_tx_timeout(struct net_device *dev)
{
next prev parent reply other threads:[~2004-12-30 9:19 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-30 8:48 [RFC 2.6.10 0/22] Add hardware assist for IPSEC crypto David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 1/22] xfrm: Add direction information to xfrm_state David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 2/22] xfrm: Add xfrm offload management calls to struct netdevice David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 3/22] xfrm: Add offload management routines David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 4/22] xfrm: Try to offload inbound xfrm_states David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 5/22] xfrm: Attempt to offload bundled xfrm_states for outbound xfrms David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 6/22] xfrm: add a parameter to xfrm_prune_bundles() David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 7/22] xfrm: Allow device drivers to force recalculation of offloads David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 8/22] skbuff: Add routines to manage applied offloads per skb David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 9/22] AH: Split header initialization from zeroing of mutable fields David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 10/22] AH, ESP: Add offloading of outbound packets David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 11/22] AH, ESP: Add offloading of inbound packets David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 12/22] ethtool: Add support for crypto offload David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 13/22] typhoon: Make the ipsec descriptor match actual usage David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 14/22] typhoon: add inbound offload result processing David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 15/22] typhoon: add outbound offload processing David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 16/22] typhoon: collect crypto offload capabilities David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 17/22] typhoon: split out setting of offloaded tasks David Dillow
2004-12-30 8:48 ` David Dillow [this message]
2004-12-30 8:48 ` [RFC 2.6.10 19/22] typhoon: add loading of xfrm_states to hardware David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 20/22] typhoon: add management of outbound bundles David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 21/22] typhoon: add callbacks to support crypto offload David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 22/22] Add some documentation for the IPSEC " David Dillow
2004-12-30 23:34 ` [RFC 2.6.10 5/22] xfrm: Attempt to offload bundled xfrm_states for outbound xfrms Francois Romieu
2004-12-31 3:31 ` David Dillow
2005-01-21 23:20 ` David S. Miller
2005-01-21 22:56 ` [RFC 2.6.10 4/22] xfrm: Try to offload inbound xfrm_states David S. Miller
2005-01-21 22:47 ` [RFC 2.6.10 3/22] xfrm: Add offload management routines David S. Miller
2004-12-30 9:48 ` [RFC 2.6.10 1/22] xfrm: Add direction information to xfrm_state Jan-Benedict Glaw
2004-12-30 16:16 ` Dave Dillow
2004-12-30 16:36 ` Jan-Benedict Glaw
2004-12-30 13:36 ` Ingo Oeser
2004-12-30 16:21 ` Dave Dillow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041230035000.27@ori.thedillows.org \
--to=dave@thedillows.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).