| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Aug 2022 20:26:38 +0500
From: Muhammad Usama Anjum <usama.anjum@...labora.com>
To: Gautam Menghani <gautammenghani201@...il.com>,
steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, shuah@...nel.org
Cc: usama.anjum@...labora.com, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH v2] selftests/net: Refactor xfrm_fill_key() to use array
of structs
On 8/3/22 8:23 AM, Gautam Menghani wrote:
> A TODO in net/ipsec.c asks to refactor the code in xfrm_fill_key() to
> use set/map to avoid manually comparing each algorithm with the "name"
> parameter passed to the function as an argument. This patch refactors
> the code to create an array of structs where each struct contains the
> algorithm name and its corresponding key length.
>
> Signed-off-by: Gautam Menghani <gautammenghani201@...il.com>
> ---
> changes in v2:
> 1. Fix the compilation warnings for struct and variable declaration
>
> tools/testing/selftests/net/ipsec.c | 108 +++++++++++++---------------
> 1 file changed, 49 insertions(+), 59 deletions(-)
>
> diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
> index cc10c10c5ed9..4a0eeb5b71d2 100644
> --- a/tools/testing/selftests/net/ipsec.c
> +++ b/tools/testing/selftests/net/ipsec.c
> @@ -58,6 +58,8 @@
> #define VETH_FMT "ktst-%d"
> #define VETH_LEN 12
>
> +#define XFRM_ALGO_NR_KEYS 29
> +
> static int nsfd_parent = -1;
> static int nsfd_childa = -1;
> static int nsfd_childb = -1;
> @@ -75,6 +77,46 @@ const unsigned int ping_timeout = 300;
> const unsigned int ping_count = 100;
> const unsigned int ping_success = 80;
>
> +struct xfrm_key_entry {
> + char algo_name[35];
> + int key_len;
> +};
> +
> +struct xfrm_key_entry xfrm_key_entries[XFRM_ALGO_NR_KEYS];
There seems no need to fill up xfrm_key_entries at run time. Please fill
them at compile time.
struct xfrm_key_entry xfrm_key_entries[] = {
{"digest_null", 0},
{"ecb(cipher_null)", 0},
...
};
> +
> +static void init_xfrm_algo_keys(void)
> +{
> + xfrm_key_entries[0] = (struct xfrm_key_entry) {"digest_null", 0};
> + xfrm_key_entries[1] = (struct xfrm_key_entry) {"ecb(cipher_null)", 0};
> + xfrm_key_entries[2] = (struct xfrm_key_entry) {"cbc(des)", 64};
> + xfrm_key_entries[3] = (struct xfrm_key_entry) {"hmac(md5)", 128};
> + xfrm_key_entries[4] = (struct xfrm_key_entry) {"cmac(aes)", 128};
> + xfrm_key_entries[5] = (struct xfrm_key_entry) {"xcbc(aes)", 128};
> + xfrm_key_entries[6] = (struct xfrm_key_entry) {"cbc(cast5)", 128};
> + xfrm_key_entries[7] = (struct xfrm_key_entry) {"cbc(serpent)", 128};
> + xfrm_key_entries[8] = (struct xfrm_key_entry) {"hmac(sha1)", 160};
> + xfrm_key_entries[9] = (struct xfrm_key_entry) {"hmac(rmd160)", 160};
> + xfrm_key_entries[10] = (struct xfrm_key_entry) {"cbc(des3_ede)", 192};
> + xfrm_key_entries[11] = (struct xfrm_key_entry) {"hmac(sha256)", 256};
> + xfrm_key_entries[12] = (struct xfrm_key_entry) {"cbc(aes)", 256};
> + xfrm_key_entries[13] = (struct xfrm_key_entry) {"cbc(camellia)", 256};
> + xfrm_key_entries[14] = (struct xfrm_key_entry) {"cbc(twofish)", 256};
> + xfrm_key_entries[15] = (struct xfrm_key_entry) {"rfc3686(ctr(aes))", 288};
> + xfrm_key_entries[16] = (struct xfrm_key_entry) {"hmac(sha384)", 384};
> + xfrm_key_entries[17] = (struct xfrm_key_entry) {"cbc(blowfish)", 448};
> + xfrm_key_entries[18] = (struct xfrm_key_entry) {"hmac(sha512)", 512};
> + xfrm_key_entries[19] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-128", 160};
> + xfrm_key_entries[20] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-128", 160};
> + xfrm_key_entries[21] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-128", 152};
> + xfrm_key_entries[22] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-192", 224};
> + xfrm_key_entries[23] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-192", 224};
> + xfrm_key_entries[24] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-192", 216};
> + xfrm_key_entries[25] = (struct xfrm_key_entry) {"rfc4106(gcm(aes))-256", 288};
> + xfrm_key_entries[26] = (struct xfrm_key_entry) {"rfc4543(gcm(aes))-256", 288};
> + xfrm_key_entries[27] = (struct xfrm_key_entry) {"rfc4309(ccm(aes))-256", 280};
> + xfrm_key_entries[28] = (struct xfrm_key_entry) {"rfc7539(chacha20,poly1305)-128", 0};
> +}
--
Muhammad Usama Anjum
Powered by blists - more mailing lists