summaryrefslogtreecommitdiff
path: root/include/net/ah.h
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-08-20 14:24:50 +1000
committerHerbert Xu <herbert@gondor.apana.org.au>2006-09-21 11:46:18 +1000
commit07d4ee583e21830ec5604d31f65cdc60a6eca19e (patch)
tree32962ef0dd13d0d1f66b143ca5d03a88d8b9f772 /include/net/ah.h
parente9d41164e2fdd897fe4520c2079ea0000f6e0ec3 (diff)
downloadlwn-07d4ee583e21830ec5604d31f65cdc60a6eca19e.tar.gz
lwn-07d4ee583e21830ec5604d31f65cdc60a6eca19e.zip
[IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/ah.h')
-rw-r--r--include/net/ah.h29
1 files changed, 18 insertions, 11 deletions
diff --git a/include/net/ah.h b/include/net/ah.h
index 8e27c9ba8b84..8f257c159902 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -15,22 +15,29 @@ struct ah_data
int icv_full_len;
int icv_trunc_len;
- void (*icv)(struct ah_data*,
- struct sk_buff *skb, u8 *icv);
-
- struct crypto_tfm *tfm;
+ struct crypto_hash *tfm;
};
-static inline void
-ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)
+static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
+ u8 *auth_data)
{
- struct crypto_tfm *tfm = ahp->tfm;
+ struct hash_desc desc;
+ int err;
+
+ desc.tfm = ahp->tfm;
+ desc.flags = 0;
memset(auth_data, 0, ahp->icv_trunc_len);
- crypto_hmac_init(tfm, ahp->key, &ahp->key_len);
- skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update);
- crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv);
- memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len);
+ err = crypto_hash_init(&desc);
+ if (unlikely(err))
+ goto out;
+ err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
+ if (unlikely(err))
+ goto out;
+ err = crypto_hash_final(&desc, ahp->work_icv);
+
+out:
+ return err;
}
#endif