linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	netdev@vger.kernel.org, devel@driverdev.osuosl.org,
	dm-devel@redhat.com, linux-wireless@vger.kernel.org,
	linux-cifs@vger.kernel.org, ecryptfs@vger.kernel.org,
	linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-nfs@vger.kernel.org, keyrings@vger.kernel.org,
	linux-bluetooth@vger.kernel.org, ceph-devel@vger.kernel.org,
	linux-wpan@vger.kernel.org, linux-afs@lists.infradead.org,
	drbd-dev@lists.linbit.com, open-iscsi@googlegroups.com
Subject: [PATCH 2/26] ppp_mppe: Use skcipher and ahash
Date: Sun, 24 Jan 2016 21:16:16 +0800	[thread overview]
Message-ID: <E1aNKWe-0008AE-HM@gondolin.me.apana.org.au> (raw)
In-Reply-To: 20160124131021.GA31153@gondor.apana.org.au

This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.  This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/net/ppp/ppp_mppe.c |   99 ++++++++++++++++++++++++++-------------------
 1 file changed, 58 insertions(+), 41 deletions(-)

diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
index 05005c6..f60f766 100644
--- a/drivers/net/ppp/ppp_mppe.c
+++ b/drivers/net/ppp/ppp_mppe.c
@@ -42,6 +42,8 @@
  *                    deprecated in 2.6
  */
 
+#include <crypto/hash.h>
+#include <crypto/skcipher.h>
 #include <linux/err.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -49,7 +51,6 @@
 #include <linux/types.h>
 #include <linux/slab.h>
 #include <linux/string.h>
-#include <linux/crypto.h>
 #include <linux/mm.h>
 #include <linux/ppp_defs.h>
 #include <linux/ppp-comp.h>
@@ -94,8 +95,8 @@ static inline void sha_pad_init(struct sha_pad *shapad)
  * State for an MPPE (de)compressor.
  */
 struct ppp_mppe_state {
-	struct crypto_blkcipher *arc4;
-	struct crypto_hash *sha1;
+	struct crypto_skcipher *arc4;
+	struct crypto_ahash *sha1;
 	unsigned char *sha1_digest;
 	unsigned char master_key[MPPE_MAX_KEY_LEN];
 	unsigned char session_key[MPPE_MAX_KEY_LEN];
@@ -135,7 +136,7 @@ struct ppp_mppe_state {
  */
 static void get_new_key_from_sha(struct ppp_mppe_state * state)
 {
-	struct hash_desc desc;
+	AHASH_REQUEST_ON_STACK(req, state->sha1);
 	struct scatterlist sg[4];
 	unsigned int nbytes;
 
@@ -148,10 +149,12 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state)
 	nbytes += setup_sg(&sg[3], sha_pad->sha_pad2,
 			   sizeof(sha_pad->sha_pad2));
 
-	desc.tfm = state->sha1;
-	desc.flags = 0;
+	ahash_request_set_tfm(req, state->sha1);
+	ahash_request_set_callback(req, 0, NULL, NULL);
+	ahash_request_set_crypt(req, sg, state->sha1_digest, nbytes);
 
-	crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
+	crypto_ahash_digest(req);
+	ahash_request_zero(req);
 }
 
 /*
@@ -161,20 +164,23 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state)
 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
 {
 	struct scatterlist sg_in[1], sg_out[1];
-	struct blkcipher_desc desc = { .tfm = state->arc4 };
+	SKCIPHER_REQUEST_ON_STACK(req, state->arc4);
+
+	skcipher_request_set_tfm(req, state->arc4);
+	skcipher_request_set_callback(req, 0, NULL, NULL);
 
 	get_new_key_from_sha(state);
 	if (!initial_key) {
-		crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
-					state->keylen);
+		crypto_skcipher_setkey(state->arc4, state->sha1_digest,
+				       state->keylen);
 		sg_init_table(sg_in, 1);
 		sg_init_table(sg_out, 1);
 		setup_sg(sg_in, state->sha1_digest, state->keylen);
 		setup_sg(sg_out, state->session_key, state->keylen);
-		if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
-					     state->keylen) != 0) {
+		skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen,
+					   NULL);
+		if (crypto_skcipher_encrypt(req))
     		    printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
-		}
 	} else {
 		memcpy(state->session_key, state->sha1_digest, state->keylen);
 	}
@@ -184,7 +190,8 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
 		state->session_key[1] = 0x26;
 		state->session_key[2] = 0x9e;
 	}
-	crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen);
+	crypto_skcipher_setkey(state->arc4, state->session_key, state->keylen);
+	skcipher_request_zero(req);
 }
 
 /*
@@ -204,19 +211,19 @@ static void *mppe_alloc(unsigned char *options, int optlen)
 		goto out;
 
 
-	state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+	state->arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
 	if (IS_ERR(state->arc4)) {
 		state->arc4 = NULL;
 		goto out_free;
 	}
 
-	state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
+	state->sha1 = crypto_alloc_ahash("sha1", 0, CRYPTO_ALG_ASYNC);
 	if (IS_ERR(state->sha1)) {
 		state->sha1 = NULL;
 		goto out_free;
 	}
 
-	digestsize = crypto_hash_digestsize(state->sha1);
+	digestsize = crypto_ahash_digestsize(state->sha1);
 	if (digestsize < MPPE_MAX_KEY_LEN)
 		goto out_free;
 
@@ -237,15 +244,12 @@ static void *mppe_alloc(unsigned char *options, int optlen)
 
 	return (void *)state;
 
-	out_free:
-	    if (state->sha1_digest)
-		kfree(state->sha1_digest);
-	    if (state->sha1)
-		crypto_free_hash(state->sha1);
-	    if (state->arc4)
-		crypto_free_blkcipher(state->arc4);
-	    kfree(state);
-	out:
+out_free:
+	kfree(state->sha1_digest);
+	crypto_free_ahash(state->sha1);
+	crypto_free_skcipher(state->arc4);
+	kfree(state);
+out:
 	return NULL;
 }
 
@@ -256,13 +260,10 @@ static void mppe_free(void *arg)
 {
 	struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 	if (state) {
-	    if (state->sha1_digest)
 		kfree(state->sha1_digest);
-	    if (state->sha1)
-		crypto_free_hash(state->sha1);
-	    if (state->arc4)
-		crypto_free_blkcipher(state->arc4);
-	    kfree(state);
+		crypto_free_ahash(state->sha1);
+		crypto_free_skcipher(state->arc4);
+		kfree(state);
 	}
 }
 
@@ -368,8 +369,9 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
 	      int isize, int osize)
 {
 	struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
-	struct blkcipher_desc desc = { .tfm = state->arc4 };
+	SKCIPHER_REQUEST_ON_STACK(req, state->arc4);
 	int proto;
+	int err;
 	struct scatterlist sg_in[1], sg_out[1];
 
 	/*
@@ -426,7 +428,13 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
 	sg_init_table(sg_out, 1);
 	setup_sg(sg_in, ibuf, isize);
 	setup_sg(sg_out, obuf, osize);
-	if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in, isize) != 0) {
+
+	skcipher_request_set_tfm(req, state->arc4);
+	skcipher_request_set_callback(req, 0, NULL, NULL);
+	skcipher_request_set_crypt(req, sg_in, sg_out, isize, NULL);
+	err = crypto_skcipher_encrypt(req);
+	skcipher_request_zero(req);
+	if (err) {
 		printk(KERN_DEBUG "crypto_cypher_encrypt failed\n");
 		return -1;
 	}
@@ -475,7 +483,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
 		int osize)
 {
 	struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
-	struct blkcipher_desc desc = { .tfm = state->arc4 };
+	SKCIPHER_REQUEST_ON_STACK(req, state->arc4);
 	unsigned ccount;
 	int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
 	struct scatterlist sg_in[1], sg_out[1];
@@ -609,9 +617,14 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
 	sg_init_table(sg_out, 1);
 	setup_sg(sg_in, ibuf, 1);
 	setup_sg(sg_out, obuf, 1);
-	if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, 1) != 0) {
+
+	skcipher_request_set_tfm(req, state->arc4);
+	skcipher_request_set_callback(req, 0, NULL, NULL);
+	skcipher_request_set_crypt(req, sg_in, sg_out, 1, NULL);
+	if (crypto_skcipher_decrypt(req)) {
 		printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
-		return DECOMP_ERROR;
+		osize = DECOMP_ERROR;
+		goto out_zap_req;
 	}
 
 	/*
@@ -629,9 +642,11 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
 	/* And finally, decrypt the rest of the packet. */
 	setup_sg(sg_in, ibuf + 1, isize - 1);
 	setup_sg(sg_out, obuf + 1, osize - 1);
-	if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, isize - 1)) {
+	skcipher_request_set_crypt(req, sg_in, sg_out, isize - 1, NULL);
+	if (crypto_skcipher_decrypt(req)) {
 		printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
-		return DECOMP_ERROR;
+		osize = DECOMP_ERROR;
+		goto out_zap_req;
 	}
 
 	state->stats.unc_bytes += osize;
@@ -642,6 +657,8 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
 	/* good packet credit */
 	state->sanity_errors >>= 1;
 
+out_zap_req:
+	skcipher_request_zero(req);
 	return osize;
 
 sanity_error:
@@ -714,8 +731,8 @@ static struct compressor ppp_mppe = {
 static int __init ppp_mppe_init(void)
 {
 	int answer;
-	if (!(crypto_has_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) &&
-	      crypto_has_hash("sha1", 0, CRYPTO_ALG_ASYNC)))
+	if (!(crypto_has_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) &&
+	      crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC)))
 		return -ENODEV;
 
 	sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);

  parent reply	other threads:[~2016-01-24 13:17 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-24 13:10 [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible Herbert Xu
2016-01-24 13:16 ` [PATCH 1/26] block: cryptoloop - Use new skcipher interface Herbert Xu
2016-01-24 13:37   ` kbuild test robot
2016-01-24 13:39     ` Herbert Xu
2016-01-24 13:16 ` Herbert Xu [this message]
2016-01-24 13:16 ` [PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash Herbert Xu
2016-01-24 20:00   ` Greg KH
2016-01-24 13:16 ` [PATCH 4/26] dm crypt: Use skcipher and ahash Herbert Xu
2016-01-24 13:43   ` kbuild test robot
2016-01-24 13:16 ` [PATCH 5/26] orinoco: Use ahash Herbert Xu
2016-01-24 13:16 ` [PATCH 6/26] staging: rtl8192u: Use skcipher and ahash Herbert Xu
2016-01-24 20:00   ` Greg KH
2016-01-24 13:17 ` [PATCH 7/26] wusb: Use skcipher Herbert Xu
2016-01-24 13:38   ` kbuild test robot
2016-01-24 13:17 ` [PATCH 8/26] cifs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu
2016-01-24 13:38   ` kbuild test robot
2016-01-24 13:17 ` [PATCH 10/26] ext4: Use skcipher Herbert Xu
2016-01-24 13:17 ` [PATCH 11/26] f2fs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 12/26] sunrpc: Use skcipher and ahash/shash Herbert Xu
2016-01-24 13:18 ` [PATCH 13/26] lib80211: Use skcipher and ahash Herbert Xu
2016-01-24 13:18 ` [PATCH 14/26] KEYS: Use skcipher Herbert Xu
2016-01-24 13:18 ` [PATCH 15/26] Bluetooth: Use skcipher and hash Herbert Xu
2016-01-24 13:35   ` kbuild test robot
2016-01-25  6:48   ` Marcel Holtmann
2016-01-24 13:18 ` [PATCH 16/26] libceph: Use skcipher Herbert Xu
2016-01-25 16:18   ` Ilya Dryomov
2016-01-26 10:54     ` Herbert Xu
2016-01-26 11:29       ` Ilya Dryomov
2016-01-26 11:33         ` Herbert Xu
2016-01-24 13:18 ` [PATCH 17/26] mac802154: " Herbert Xu
2016-01-26 16:55   ` Stefan Schmidt
2016-01-24 13:19 ` [PATCH 18/26] rxrpc: " Herbert Xu
2016-01-24 13:19 ` [PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms Herbert Xu
2016-01-24 13:42   ` kbuild test robot
2016-01-25  6:02   ` David Miller
2016-01-24 13:19 ` [PATCH 20/26] drbd: Use shash and ahash Herbert Xu
2016-01-24 13:19 ` [PATCH 21/26] nfc: s3fwrn5: Use shash Herbert Xu
2016-01-24 13:48   ` kbuild test robot
2016-01-24 13:19 ` [PATCH 22/26] iscsi_tcp: Use ahash Herbert Xu
2016-01-25 19:50   ` [dm-devel] " Mike Christie
2016-01-24 13:19 ` [PATCH 23/26] iscsi-target: Use shash and ahash Herbert Xu
2016-01-24 13:20 ` [PATCH 24/26] nfsd: Use shash Herbert Xu
2016-01-24 13:51   ` kbuild test robot
2016-01-24 13:20 ` [PATCH 25/26] sctp: " Herbert Xu
2016-01-25  6:02   ` David Miller
2016-01-24 13:20 ` [PATCH 26/26] tcp: Use ahash Herbert Xu
2016-01-25  6:01   ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E1aNKWe-0008AE-HM@gondolin.me.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=ceph-devel@vger.kernel.org \
    --cc=devel@driverdev.osuosl.org \
    --cc=dm-devel@redhat.com \
    --cc=drbd-dev@lists.linbit.com \
    --cc=ecryptfs@vger.kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linux-wpan@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=open-iscsi@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).