mirror of
https://github.com/torvalds/linux.git
synced 2024-11-16 17:12:06 +00:00
07d4ee583e
This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
44 lines
766 B
C
44 lines
766 B
C
#ifndef _NET_AH_H
|
|
#define _NET_AH_H
|
|
|
|
#include <linux/crypto.h>
|
|
#include <net/xfrm.h>
|
|
|
|
/* This is the maximum truncated ICV length that we know of. */
|
|
#define MAX_AH_AUTH_LEN 12
|
|
|
|
struct ah_data
|
|
{
|
|
u8 *key;
|
|
int key_len;
|
|
u8 *work_icv;
|
|
int icv_full_len;
|
|
int icv_trunc_len;
|
|
|
|
struct crypto_hash *tfm;
|
|
};
|
|
|
|
static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
|
|
u8 *auth_data)
|
|
{
|
|
struct hash_desc desc;
|
|
int err;
|
|
|
|
desc.tfm = ahp->tfm;
|
|
desc.flags = 0;
|
|
|
|
memset(auth_data, 0, ahp->icv_trunc_len);
|
|
err = crypto_hash_init(&desc);
|
|
if (unlikely(err))
|
|
goto out;
|
|
err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
|
|
if (unlikely(err))
|
|
goto out;
|
|
err = crypto_hash_final(&desc, ahp->work_icv);
|
|
|
|
out:
|
|
return err;
|
|
}
|
|
|
|
#endif
|