Commit 1c8f11d0 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'TIPC-Encryption' 



Tuong Lien says:

====================
TIPC Encryption

This series provides TIPC encryption feature, kernel part. There will be
another one in the 'iproute2/tipc' for user space to set key.

v2: add select crypto 'aes(gcm)' for TIPC_CRYPTO in Kconfig
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents f1ff4e80 e1f32190

include/uapi/linux/tipc.h

+21 −0
Original line number Diff line number Diff line
@@ -233,6 +233,27 @@ struct tipc_sioc_nodeid_req { 
	char node_id[TIPC_NODEID_LEN];

};



/*

 * TIPC Crypto, AEAD

 */

#define TIPC_AEAD_ALG_NAME		(32)



struct tipc_aead_key {

	char alg_name[TIPC_AEAD_ALG_NAME];

	unsigned int keylen;	/* in bytes */

	char key[];

};



#define TIPC_AEAD_KEYLEN_MIN		(16 + 4)

#define TIPC_AEAD_KEYLEN_MAX		(32 + 4)

#define TIPC_AEAD_KEY_SIZE_MAX		(sizeof(struct tipc_aead_key) + \

							TIPC_AEAD_KEYLEN_MAX)



static inline int tipc_aead_key_size(struct tipc_aead_key *key)

{

	return sizeof(*key) + key->keylen;

}



/* The macros and functions below are deprecated:

 */

include/uapi/linux/tipc_netlink.h

+4 −0
Original line number Diff line number Diff line
@@ -63,6 +63,8 @@ enum { 
	TIPC_NL_PEER_REMOVE,

	TIPC_NL_BEARER_ADD,

	TIPC_NL_UDP_GET_REMOTEIP,

	TIPC_NL_KEY_SET,

	TIPC_NL_KEY_FLUSH,



	__TIPC_NL_CMD_MAX,

	TIPC_NL_CMD_MAX = __TIPC_NL_CMD_MAX - 1
@@ -160,6 +162,8 @@ enum { 
	TIPC_NLA_NODE_UNSPEC,

	TIPC_NLA_NODE_ADDR,		/* u32 */

	TIPC_NLA_NODE_UP,		/* flag */

	TIPC_NLA_NODE_ID,		/* data */

	TIPC_NLA_NODE_KEY,		/* data */



	__TIPC_NLA_NODE_MAX,

	TIPC_NLA_NODE_MAX = __TIPC_NLA_NODE_MAX - 1

net/tipc/Kconfig

+15 −0
Original line number Diff line number Diff line
@@ -35,6 +35,21 @@ config TIPC_MEDIA_UDP 
	  Saying Y here will enable support for running TIPC over IP/UDP

	bool

	default y

config TIPC_CRYPTO

	bool "TIPC encryption support"

	depends on TIPC

	select CRYPTO

	select CRYPTO_AES

	select CRYPTO_GCM

	help

	  Saying Y here will enable support for TIPC encryption.

	  All TIPC messages will be encrypted/decrypted by using the currently most

	  advanced algorithm: AEAD AES-GCM (like IPSec or TLS) before leaving/

	  entering the TIPC stack.

	  Key setting from user-space is performed via netlink by a user program

	  (e.g. the iproute2 'tipc' tool).

	bool

	default y



config TIPC_DIAG

	tristate "TIPC: socket monitoring interface"

net/tipc/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ CFLAGS_trace.o += -I$(src) 
tipc-$(CONFIG_TIPC_MEDIA_UDP)	+= udp_media.o

tipc-$(CONFIG_TIPC_MEDIA_IB)	+= ib_media.o

tipc-$(CONFIG_SYSCTL)		+= sysctl.o

tipc-$(CONFIG_TIPC_CRYPTO)	+= crypto.o





obj-$(CONFIG_TIPC_DIAG)	+= diag.o

net/tipc/bcast.c

+1 −1
Original line number Diff line number Diff line
@@ -84,7 +84,7 @@ static struct tipc_bc_base *tipc_bc_base(struct net *net) 
 */

int tipc_bcast_get_mtu(struct net *net)

{

	return tipc_link_mtu(tipc_bc_sndlink(net)) - INT_H_SIZE;

	return tipc_link_mss(tipc_bc_sndlink(net));

}



void tipc_bcast_disable_rcast(struct net *net)

CRA Git | Maintained and supported by SUSTech CRA and CCSE