We need to allow the user to set the authentication type. This adds a new operation that sets IPSec or TLS authentication mode. Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx> --- crypto/af_alg.c | 6 ++++++ include/crypto/if_alg.h | 1 + include/uapi/linux/if_alg.h | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index f5e18c2..cc5f2b0 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -464,6 +464,12 @@ int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) con->op = *(u32 *)CMSG_DATA(cmsg); break; + case ALG_SET_AEAD_TYPE: + if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) + return -EINVAL; + con->op_type = *(u32 *)CMSG_DATA(cmsg); + break; + case ALG_SET_AEAD_ASSOCLEN: if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) return -EINVAL; diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index a2bfd78..d76ea0c 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -45,6 +45,7 @@ struct af_alg_completion { struct af_alg_control { struct af_alg_iv *iv; int op; + int op_type; unsigned int aead_assoclen; }; diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h index f2acd2f..cef00de 100644 --- a/include/uapi/linux/if_alg.h +++ b/include/uapi/linux/if_alg.h @@ -34,9 +34,13 @@ struct af_alg_iv { #define ALG_SET_OP 3 #define ALG_SET_AEAD_ASSOCLEN 4 #define ALG_SET_AEAD_AUTHSIZE 5 +#define ALG_SET_AEAD_TYPE 6 /* Operations */ #define ALG_OP_DECRYPT 0 #define ALG_OP_ENCRYPT 1 +/* AEAD operation type */ +#define ALG_AEAD_IPSEC 0 /* First encrypt then authenticate */ +#define ALG_AEAD_TLS 1 /* First authenticate then encrypt */ #endif /* _LINUX_IF_ALG_H */ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html