* [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
@ 2010-01-18 8:42 Li Yewang
2010-01-18 8:48 ` Li Yewang
2010-01-19 2:20 ` Herbert Xu
0 siblings, 2 replies; 7+ messages in thread
From: Li Yewang @ 2010-01-18 8:42 UTC (permalink / raw)
To: netdev
The encryption name such as "rfc3686(ctr(aes))" is too complex.
I think simple name is better for user when using "ip xfrm state ..." command.
Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
---
net/xfrm/xfrm_algo.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 743c013..6de2780 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -31,6 +31,7 @@
static struct xfrm_algo_desc aead_list[] = {
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -47,6 +48,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -63,6 +65,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -79,6 +82,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -95,6 +99,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "ccm",
.uinfo = {
.aead = {
@@ -111,6 +116,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "ccm",
.uinfo = {
.aead = {
@@ -201,6 +207,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "hmac(sha384)",
+ .compat = "sha384",
.uinfo = {
.auth = {
@@ -218,6 +225,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "hmac(sha512)",
+ .compat = "sha512",
.uinfo = {
.auth = {
@@ -253,6 +261,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "xcbc(aes)",
+ .compat = "aes-xcbc",
.uinfo = {
.auth = {
@@ -435,6 +444,7 @@ static struct xfrm_algo_desc ealg_list[] = {
},
{
.name = "rfc3686(ctr(aes))",
+ .compat = "aes-ctr",
.uinfo = {
.encr = {
--
1.6.4.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-18 8:42 [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state Li Yewang
@ 2010-01-18 8:48 ` Li Yewang
2010-01-19 2:20 ` Herbert Xu
1 sibling, 0 replies; 7+ messages in thread
From: Li Yewang @ 2010-01-18 8:48 UTC (permalink / raw)
To: netdev
Li Yewang wrote:
> The encryption name such as "rfc3686(ctr(aes))" is too complex.
> I think simple name is better for user when using "ip xfrm state ..." command.
>
sorry for bad patch about previous mail.
Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
---
net/xfrm/xfrm_algo.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 743c013..6de2780 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -31,6 +31,7 @@
static struct xfrm_algo_desc aead_list[] = {
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -47,6 +48,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -63,6 +65,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4106(gcm(aes))",
+ .compat = "gcm",
.uinfo = {
.aead = {
@@ -79,6 +82,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "ccm",
.uinfo = {
.aead = {
@@ -95,6 +99,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "ccm",
.uinfo = {
.aead = {
@@ -111,6 +116,7 @@ static struct xfrm_algo_desc aead_list[] = {
},
{
.name = "rfc4309(ccm(aes))",
+ .compat = "ccm",
.uinfo = {
.aead = {
@@ -201,6 +207,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "hmac(sha384)",
+ .compat = "sha384",
.uinfo = {
.auth = {
@@ -218,6 +225,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "hmac(sha512)",
+ .compat = "sha512",
.uinfo = {
.auth = {
@@ -253,6 +261,7 @@ static struct xfrm_algo_desc aalg_list[] = {
},
{
.name = "xcbc(aes)",
+ .compat = "aes-xcbc",
.uinfo = {
.auth = {
@@ -435,6 +444,7 @@ static struct xfrm_algo_desc ealg_list[] = {
},
{
.name = "rfc3686(ctr(aes))",
+ .compat = "aes-ctr",
.uinfo = {
.encr = {
--
1.6.4.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-18 8:42 [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state Li Yewang
2010-01-18 8:48 ` Li Yewang
@ 2010-01-19 2:20 ` Herbert Xu
2010-01-19 8:25 ` Li Yewang
1 sibling, 1 reply; 7+ messages in thread
From: Herbert Xu @ 2010-01-19 2:20 UTC (permalink / raw)
To: Li Yewang; +Cc: netdev
Li Yewang <lyw@cn.fujitsu.com> wrote:
> The encryption name such as "rfc3686(ctr(aes))" is too complex.
> I think simple name is better for user when using "ip xfrm state ..." command.
>
>
> Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
Nack. If we want to support simple names such as these, they
should be done in the crypto layer. Otherwise every crypto user
that wants this would have to reinvent it.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-19 2:20 ` Herbert Xu
@ 2010-01-19 8:25 ` Li Yewang
2010-01-19 8:30 ` David Miller
0 siblings, 1 reply; 7+ messages in thread
From: Li Yewang @ 2010-01-19 8:25 UTC (permalink / raw)
To: Herbert Xu; +Cc: netdev
Herbert Xu wrote:
> Li Yewang <lyw@cn.fujitsu.com> wrote:
>> The encryption name such as "rfc3686(ctr(aes))" is too complex.
>> I think simple name is better for user when using "ip xfrm state ..." command.
>>
>>
>> Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
>
> Nack. If we want to support simple names such as these, they
> should be done in the crypto layer. Otherwise every crypto user
> that wants this would have to reinvent it.
But user sets SAD for ipsec with "ip xfrm state ..." must use the name such as "rfc3686(ctr(aes))".
Is that reasonable? Maybe user can not remember this complex name.
There are some simple names for other encryptions,
such as "cbc(blowfish)", you can use "ip xfrm state ... enc blowfish ...".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-19 8:25 ` Li Yewang
@ 2010-01-19 8:30 ` David Miller
2010-01-21 5:22 ` Li Yewang
0 siblings, 1 reply; 7+ messages in thread
From: David Miller @ 2010-01-19 8:30 UTC (permalink / raw)
To: lyw; +Cc: herbert, netdev
From: Li Yewang <lyw@cn.fujitsu.com>
Date: Tue, 19 Jan 2010 16:25:22 +0800
>
>
> Herbert Xu wrote:
>> Li Yewang <lyw@cn.fujitsu.com> wrote:
>>> The encryption name such as "rfc3686(ctr(aes))" is too complex.
>>> I think simple name is better for user when using "ip xfrm state ..." command.
>>>
>>>
>>> Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
>>
>> Nack. If we want to support simple names such as these, they
>> should be done in the crypto layer. Otherwise every crypto user
>> that wants this would have to reinvent it.
>
> But user sets SAD for ipsec with "ip xfrm state ..." must use the name such as "rfc3686(ctr(aes))".
> Is that reasonable? Maybe user can not remember this complex name.
>
> There are some simple names for other encryptions,
> such as "cbc(blowfish)", you can use "ip xfrm state ... enc blowfish ...".
You're not reading what Herbert is saying.
He's fine with the shorter name, he just wants you to implement
is in the crypto layer core instead of the XFRM specific code.
That way all crypto users will benefit from the shorter naming.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-19 8:30 ` David Miller
@ 2010-01-21 5:22 ` Li Yewang
2010-01-21 9:10 ` Herbert Xu
0 siblings, 1 reply; 7+ messages in thread
From: Li Yewang @ 2010-01-21 5:22 UTC (permalink / raw)
To: David Miller; +Cc: herbert, netdev
Sorry, I am new to crypto.
I searched the soucre code in the directory of /crypto,
and found that, all cryptos use shortname, for example:
crypto/xcbc.c
static struct crypto_template crypto_xcbc_tmpl = {
.name = "xcbc",
.create = xcbc_create,
.free = shash_free_instance,
.module = THIS_MODULE,
};
The name such as rfc3686(ctr(aes)) only used by "ip xfrm state" command to set SAD.
David Miller wrote:
> From: Li Yewang <lyw@cn.fujitsu.com>
> Date: Tue, 19 Jan 2010 16:25:22 +0800
>
>>
>> Herbert Xu wrote:
>>> Li Yewang <lyw@cn.fujitsu.com> wrote:
>>>> The encryption name such as "rfc3686(ctr(aes))" is too complex.
>>>> I think simple name is better for user when using "ip xfrm state ..." command.
>>>>
>>>>
>>>> Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
>>> Nack. If we want to support simple names such as these, they
>>> should be done in the crypto layer. Otherwise every crypto user
>>> that wants this would have to reinvent it.
>> But user sets SAD for ipsec with "ip xfrm state ..." must use the name such as "rfc3686(ctr(aes))".
>> Is that reasonable? Maybe user can not remember this complex name.
>>
>> There are some simple names for other encryptions,
>> such as "cbc(blowfish)", you can use "ip xfrm state ... enc blowfish ...".
>
> You're not reading what Herbert is saying.
>
> He's fine with the shorter name, he just wants you to implement
> is in the crypto layer core instead of the XFRM specific code.
>
> That way all crypto users will benefit from the shorter naming.
>
>
>
--
Regards
Li Yewang
--------------------------------------------------
Li Yewang
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-888
COINS: 79955-888
FAX: +86+25-83317685
MAIL: lyw@cn.fujitsu.com
--------------------------------------------------
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state
2010-01-21 5:22 ` Li Yewang
@ 2010-01-21 9:10 ` Herbert Xu
0 siblings, 0 replies; 7+ messages in thread
From: Herbert Xu @ 2010-01-21 9:10 UTC (permalink / raw)
To: Li Yewang; +Cc: David Miller, netdev
On Thu, Jan 21, 2010 at 01:22:17PM +0800, Li Yewang wrote:
> Sorry, I am new to crypto.
>
> I searched the soucre code in the directory of /crypto,
> and found that, all cryptos use shortname, for example:
>
> crypto/xcbc.c
> static struct crypto_template crypto_xcbc_tmpl = {
> .name = "xcbc",
> .create = xcbc_create,
> .free = shash_free_instance,
> .module = THIS_MODULE,
> };
No this is a template name, not an algorithm name. IOW if you
try to allocate it won't exist. You need to use it together
with parameters, e.g., xcbc(aes).
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-01-21 9:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-18 8:42 [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm state Li Yewang
2010-01-18 8:48 ` Li Yewang
2010-01-19 2:20 ` Herbert Xu
2010-01-19 8:25 ` Li Yewang
2010-01-19 8:30 ` David Miller
2010-01-21 5:22 ` Li Yewang
2010-01-21 9:10 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).