xfrm: Add support for SM3 secure hash

This patch allows IPsec to use SM3 HMAC authentication algorithm. Signed-off-by: Xu Jia <xujia39@huawei.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2024-09-21 11:38:48 +00:00 · 2021-12-22 17:06:58 +08:00 · 2021-12-22 17:06:58 +08:00 · e6911affa4
parent af734a26a1
commit e6911affa4
2 changed files with 21 additions and 0 deletions
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@ -309,6 +309,7 @@ struct sadb_x_filter {
 #define SADB_X_AALG_SHA2_512HMAC	7
 #define SADB_X_AALG_RIPEMD160HMAC	8
 #define SADB_X_AALG_AES_XCBC_MAC	9
+#define SADB_X_AALG_SM3_256HMAC		10
 #define SADB_X_AALG_NULL		251	/* kame */
 #define SADB_AALG_MAX			251

--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@ -341,6 +341,26 @@ static struct xfrm_algo_desc aalg_list[] = {

 	.pfkey_supported = 0,
 },
+{
+	.name = "hmac(sm3)",
+	.compat = "sm3",
+
+	.uinfo = {
+		.auth = {
+			.icv_truncbits = 256,
+			.icv_fullbits = 256,
+		}
+	},
+
+	.pfkey_supported = 1,
+
+	.desc = {
+		.sadb_alg_id = SADB_X_AALG_SM3_256HMAC,
+		.sadb_alg_ivlen = 0,
+		.sadb_alg_minbits = 256,
+		.sadb_alg_maxbits = 256
+	}
+},
 };

 static struct xfrm_algo_desc ealg_list[] = {