summaryrefslogtreecommitdiff
path: root/include/net/esp.h
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-08-20 14:24:50 +1000
committerHerbert Xu <herbert@gondor.apana.org.au>2006-09-21 11:46:18 +1000
commit07d4ee583e21830ec5604d31f65cdc60a6eca19e (patch)
tree32962ef0dd13d0d1f66b143ca5d03a88d8b9f772 /include/net/esp.h
parente9d41164e2fdd897fe4520c2079ea0000f6e0ec3 (diff)
[IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/esp.h')
-rw-r--r--include/net/esp.h28
1 files changed, 16 insertions, 12 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index af2ff18700c7..064366d66eea 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -35,7 +35,7 @@ struct esp_data
void (*icv)(struct esp_data*,
struct sk_buff *skb,
int offset, int len, u8 *icv);
- struct crypto_tfm *tfm;
+ struct crypto_hash *tfm;
} auth;
};
@@ -43,18 +43,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset,
extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
-static inline void
-esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
- int len, u8 *auth_data)
+static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
+ int offset, int len)
{
- struct crypto_tfm *tfm = esp->auth.tfm;
- char *icv = esp->auth.work_icv;
-
- memset(auth_data, 0, esp->auth.icv_trunc_len);
- crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
- skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
- crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
- memcpy(auth_data, icv, esp->auth.icv_trunc_len);
+ struct hash_desc desc;
+ int err;
+
+ desc.tfm = esp->auth.tfm;
+ desc.flags = 0;
+
+ err = crypto_hash_init(&desc);
+ if (unlikely(err))
+ return err;
+ err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
+ if (unlikely(err))
+ return err;
+ return crypto_hash_final(&desc, esp->auth.work_icv);
}
#endif