From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org, devel@driverdev.osuosl.org,
dm-devel@redhat.com, linux-wireless@vger.kernel.org,
linux-cifs@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-nfs@vger.kernel.org, keyrings@vger.kernel.org,
linux-bluetooth@vger.kernel.org, ceph-devel@vger.kernel.org,
linux-wpan@vger.kernel.org, linux-afs@lists.infradead.org,
drbd-dev@lists.linbit.com, open-iscsi@googlegroups.com
Subject: [PATCH 25/26] sctp: Use shash
Date: Sun, 24 Jan 2016 21:20:12 +0800 [thread overview]
Message-ID: <E1aNKaS-0008Gn-Rz@gondolin.me.apana.org.au> (raw)
In-Reply-To: 20160124131021.GA31153@gondor.apana.org.au
This patch replaces uses of the long obsolete hash interface with
shash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
include/net/sctp/auth.h | 4 +--
include/net/sctp/structs.h | 6 ++---
net/sctp/auth.c | 36 ++++++++++++++++---------------
net/sctp/endpointola.c | 1
net/sctp/sm_make_chunk.c | 51 +++++++++++++++++++++++++--------------------
net/sctp/socket.c | 8 +++----
6 files changed, 57 insertions(+), 49 deletions(-)
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index f2d58aa..9b9fb12 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -31,12 +31,12 @@
#define __sctp_auth_h__
#include <linux/list.h>
-#include <linux/crypto.h>
struct sctp_endpoint;
struct sctp_association;
struct sctp_authkey;
struct sctp_hmacalgo;
+struct crypto_shash;
/*
* Define a generic struct that will hold all the info
@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
struct sctp_association *asoc,
gfp_t gfp);
int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 20e7212..6b1e383 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -82,7 +82,7 @@ struct sctp_bind_addr;
struct sctp_ulpq;
struct sctp_ep_common;
struct sctp_ssnmap;
-struct crypto_hash;
+struct crypto_shash;
#include <net/sctp/tsnmap.h>
@@ -166,7 +166,7 @@ struct sctp_sock {
struct sctp_pf *pf;
/* Access to HMAC transform. */
- struct crypto_hash *hmac;
+ struct crypto_shash *hmac;
char *sctp_hmac_alg;
/* What is our base endpointer? */
@@ -1235,7 +1235,7 @@ struct sctp_endpoint {
/* SCTP AUTH: array of the HMACs that will be allocated
* we need this per association so that we don't serialize
*/
- struct crypto_hash **auth_hmacs;
+ struct crypto_shash **auth_hmacs;
/* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
struct sctp_hmac_algo_param *auth_hmacs_list;
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 1543e39..912eb16 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -27,9 +27,9 @@
* Vlad Yasevich <vladislav.yasevich@hp.com>
*/
+#include <crypto/hash.h>
#include <linux/slab.h>
#include <linux/types.h>
-#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <net/sctp/sctp.h>
#include <net/sctp/auth.h>
@@ -448,7 +448,7 @@ struct sctp_shared_key *sctp_auth_get_shkey(
*/
int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
{
- struct crypto_hash *tfm = NULL;
+ struct crypto_shash *tfm = NULL;
__u16 id;
/* If AUTH extension is disabled, we are done */
@@ -462,9 +462,8 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
return 0;
/* Allocated the array of pointers to transorms */
- ep->auth_hmacs = kzalloc(
- sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS,
- gfp);
+ ep->auth_hmacs = kzalloc(sizeof(struct crypto_shash *) *
+ SCTP_AUTH_NUM_HMACS, gfp);
if (!ep->auth_hmacs)
return -ENOMEM;
@@ -483,8 +482,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
continue;
/* Allocate the ID */
- tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
- CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
if (IS_ERR(tfm))
goto out_err;
@@ -500,7 +498,7 @@ out_err:
}
/* Destroy the hmac tfm array */
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
{
int i;
@@ -508,8 +506,7 @@ void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
return;
for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
- if (auth_hmacs[i])
- crypto_free_hash(auth_hmacs[i]);
+ crypto_free_shash(auth_hmacs[i]);
}
kfree(auth_hmacs);
}
@@ -709,8 +706,7 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
struct sctp_auth_chunk *auth,
gfp_t gfp)
{
- struct scatterlist sg;
- struct hash_desc desc;
+ struct crypto_shash *tfm;
struct sctp_auth_bytes *asoc_key;
__u16 key_id, hmac_id;
__u8 *digest;
@@ -742,16 +738,22 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
/* set up scatter list */
end = skb_tail_pointer(skb);
- sg_init_one(&sg, auth, end - (unsigned char *)auth);
- desc.tfm = asoc->ep->auth_hmacs[hmac_id];
- desc.flags = 0;
+ tfm = asoc->ep->auth_hmacs[hmac_id];
digest = auth->auth_hdr.hmac;
- if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len))
+ if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len))
goto free;
- crypto_hash_digest(&desc, &sg, sg.length, digest);
+ {
+ SHASH_DESC_ON_STACK(desc, tfm);
+
+ desc->tfm = tfm;
+ desc->flags = 0;
+ crypto_shash_digest(desc, (u8 *)auth,
+ end - (unsigned char *)auth, digest);
+ shash_desc_zero(desc);
+ }
free:
if (free_key)
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index 2522a61..9d494e3 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -42,7 +42,6 @@
#include <linux/slab.h>
#include <linux/in.h>
#include <linux/random.h> /* get_random_bytes() */
-#include <linux/crypto.h>
#include <net/sock.h>
#include <net/ipv6.h>
#include <net/sctp/sctp.h>
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 5d6a03f..1296e55 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -45,6 +45,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <crypto/hash.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/ip.h>
@@ -52,7 +53,6 @@
#include <linux/net.h>
#include <linux/inet.h>
#include <linux/scatterlist.h>
-#include <linux/crypto.h>
#include <linux/slab.h>
#include <net/sock.h>
@@ -1606,7 +1606,6 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
{
sctp_cookie_param_t *retval;
struct sctp_signed_cookie *cookie;
- struct scatterlist sg;
int headersize, bodysize;
/* Header size is static data prior to the actual cookie, including
@@ -1663,16 +1662,19 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
if (sctp_sk(ep->base.sk)->hmac) {
- struct hash_desc desc;
+ SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
+ int err;
/* Sign the message. */
- sg_init_one(&sg, &cookie->c, bodysize);
- desc.tfm = sctp_sk(ep->base.sk)->hmac;
- desc.flags = 0;
-
- if (crypto_hash_setkey(desc.tfm, ep->secret_key,
- sizeof(ep->secret_key)) ||
- crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
+ desc->tfm = sctp_sk(ep->base.sk)->hmac;
+ desc->flags = 0;
+
+ err = crypto_shash_setkey(desc->tfm, ep->secret_key,
+ sizeof(ep->secret_key)) ?:
+ crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
+ cookie->signature);
+ shash_desc_zero(desc);
+ if (err)
goto free_cookie;
}
@@ -1697,12 +1699,10 @@ struct sctp_association *sctp_unpack_cookie(
struct sctp_cookie *bear_cookie;
int headersize, bodysize, fixed_size;
__u8 *digest = ep->digest;
- struct scatterlist sg;
unsigned int len;
sctp_scope_t scope;
struct sk_buff *skb = chunk->skb;
ktime_t kt;
- struct hash_desc desc;
/* Header size is static data prior to the actual cookie, including
* any padding.
@@ -1733,16 +1733,23 @@ struct sctp_association *sctp_unpack_cookie(
goto no_hmac;
/* Check the signature. */
- sg_init_one(&sg, bear_cookie, bodysize);
- desc.tfm = sctp_sk(ep->base.sk)->hmac;
- desc.flags = 0;
-
- memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
- if (crypto_hash_setkey(desc.tfm, ep->secret_key,
- sizeof(ep->secret_key)) ||
- crypto_hash_digest(&desc, &sg, bodysize, digest)) {
- *error = -SCTP_IERROR_NOMEM;
- goto fail;
+ {
+ SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
+ int err;
+
+ desc->tfm = sctp_sk(ep->base.sk)->hmac;
+ desc->flags = 0;
+
+ err = crypto_shash_setkey(desc->tfm, ep->secret_key,
+ sizeof(ep->secret_key)) ?:
+ crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
+ digest);
+ shash_desc_zero(desc);
+
+ if (err) {
+ *error = -SCTP_IERROR_NOMEM;
+ goto fail;
+ }
}
if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9bb80ec..4101c5b 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -52,6 +52,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <crypto/hash.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/wait.h>
@@ -61,7 +62,6 @@
#include <linux/fcntl.h>
#include <linux/poll.h>
#include <linux/init.h>
-#include <linux/crypto.h>
#include <linux/slab.h>
#include <linux/file.h>
#include <linux/compat.h>
@@ -4160,7 +4160,7 @@ static void sctp_destruct_sock(struct sock *sk)
struct sctp_sock *sp = sctp_sk(sk);
/* Free up the HMAC transform. */
- crypto_free_hash(sp->hmac);
+ crypto_free_shash(sp->hmac);
inet_sock_destruct(sk);
}
@@ -6299,13 +6299,13 @@ static int sctp_listen_start(struct sock *sk, int backlog)
{
struct sctp_sock *sp = sctp_sk(sk);
struct sctp_endpoint *ep = sp->ep;
- struct crypto_hash *tfm = NULL;
+ struct crypto_shash *tfm = NULL;
char alg[32];
/* Allocate HMAC for generating cookie. */
if (!sp->hmac && sp->sctp_hmac_alg) {
sprintf(alg, "hmac(%s)", sp->sctp_hmac_alg);
- tfm = crypto_alloc_hash(alg, 0, CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_shash(alg, 0, 0);
if (IS_ERR(tfm)) {
net_info_ratelimited("failed to load transform for %s: %ld\n",
sp->sctp_hmac_alg, PTR_ERR(tfm));
next prev parent reply other threads:[~2016-01-24 13:21 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-24 13:10 [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible Herbert Xu
2016-01-24 13:16 ` [PATCH 1/26] block: cryptoloop - Use new skcipher interface Herbert Xu
2016-01-24 13:37 ` kbuild test robot
2016-01-24 13:39 ` Herbert Xu
2016-01-24 13:16 ` [PATCH 2/26] ppp_mppe: Use skcipher and ahash Herbert Xu
2016-01-24 13:16 ` [PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash Herbert Xu
2016-01-24 20:00 ` Greg KH
2016-01-24 13:16 ` [PATCH 4/26] dm crypt: Use skcipher and ahash Herbert Xu
2016-01-24 13:43 ` kbuild test robot
2016-01-24 13:16 ` [PATCH 5/26] orinoco: Use ahash Herbert Xu
2016-01-24 13:16 ` [PATCH 6/26] staging: rtl8192u: Use skcipher and ahash Herbert Xu
2016-01-24 20:00 ` Greg KH
2016-01-24 13:17 ` [PATCH 7/26] wusb: Use skcipher Herbert Xu
2016-01-24 13:38 ` kbuild test robot
2016-01-24 13:17 ` [PATCH 8/26] cifs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu
2016-01-24 13:38 ` kbuild test robot
2016-01-24 13:17 ` [PATCH 10/26] ext4: Use skcipher Herbert Xu
2016-01-24 13:17 ` [PATCH 11/26] f2fs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 12/26] sunrpc: Use skcipher and ahash/shash Herbert Xu
2016-01-24 13:18 ` [PATCH 13/26] lib80211: Use skcipher and ahash Herbert Xu
2016-01-24 13:18 ` [PATCH 14/26] KEYS: Use skcipher Herbert Xu
2016-01-24 13:18 ` [PATCH 15/26] Bluetooth: Use skcipher and hash Herbert Xu
2016-01-24 13:35 ` kbuild test robot
2016-01-25 6:48 ` Marcel Holtmann
2016-01-24 13:18 ` [PATCH 16/26] libceph: Use skcipher Herbert Xu
2016-01-25 16:18 ` Ilya Dryomov
2016-01-26 10:54 ` Herbert Xu
2016-01-26 11:29 ` Ilya Dryomov
2016-01-26 11:33 ` Herbert Xu
2016-01-24 13:18 ` [PATCH 17/26] mac802154: " Herbert Xu
2016-01-26 16:55 ` Stefan Schmidt
2016-01-24 13:19 ` [PATCH 18/26] rxrpc: " Herbert Xu
2016-01-24 13:19 ` [PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms Herbert Xu
2016-01-24 13:42 ` kbuild test robot
2016-01-25 6:02 ` David Miller
2016-01-24 13:19 ` [PATCH 20/26] drbd: Use shash and ahash Herbert Xu
2016-01-24 13:19 ` [PATCH 21/26] nfc: s3fwrn5: Use shash Herbert Xu
2016-01-24 13:48 ` kbuild test robot
2016-01-24 13:19 ` [PATCH 22/26] iscsi_tcp: Use ahash Herbert Xu
2016-01-25 19:50 ` [dm-devel] " Mike Christie
2016-01-24 13:19 ` [PATCH 23/26] iscsi-target: Use shash and ahash Herbert Xu
2016-01-24 13:20 ` [PATCH 24/26] nfsd: Use shash Herbert Xu
2016-01-24 13:51 ` kbuild test robot
2016-01-24 13:20 ` Herbert Xu [this message]
2016-01-25 6:02 ` [PATCH 25/26] sctp: " David Miller
2016-01-24 13:20 ` [PATCH 26/26] tcp: Use ahash Herbert Xu
2016-01-25 6:01 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1aNKaS-0008Gn-Rz@gondolin.me.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=ceph-devel@vger.kernel.org \
--cc=devel@driverdev.osuosl.org \
--cc=dm-devel@redhat.com \
--cc=drbd-dev@lists.linbit.com \
--cc=ecryptfs@vger.kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=open-iscsi@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).