xfrm: Add support for SM3 secure hash

This patch allows IPsec to use SM3 HMAC authentication algorithm.

Signed-off-by: Xu Jia <xujia39@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
index d65b117852604ff00ea34ef1e764fa4a63369c94..798ba9ffd48c7b95ebd3f93ccc0271036855262d 100644 (file)
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@@ -309,6 +309,7 @@ struct sadb_x_filter {
 #define SADB_X_AALG_SHA2_512HMAC       7
 #define SADB_X_AALG_RIPEMD160HMAC      8
 #define SADB_X_AALG_AES_XCBC_MAC       9
+#define SADB_X_AALG_SM3_256HMAC                10
 #define SADB_X_AALG_NULL               251     /* kame */
 #define SADB_AALG_MAX                  251
 

diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 4dae3ab8d030848395fae2db6a7c8467ae3fff4a..00b5444a4d86def5defb39760ec4a9fa6e5ef675 100644 (file)
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -341,6 +341,26 @@ static struct xfrm_algo_desc aalg_list[] = {
 
        .pfkey_supported = 0,
 },
+{
+       .name = "hmac(sm3)",
+       .compat = "sm3",
+
+       .uinfo = {
+               .auth = {
+                       .icv_truncbits = 256,
+                       .icv_fullbits = 256,
+               }
+       },
+
+       .pfkey_supported = 1,
+
+       .desc = {
+               .sadb_alg_id = SADB_X_AALG_SM3_256HMAC,
+               .sadb_alg_ivlen = 0,
+               .sadb_alg_minbits = 256,
+               .sadb_alg_maxbits = 256
+       }
+},
 };
 
 static struct xfrm_algo_desc ealg_list[] = {