diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-08-20 00:24:50 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2006-09-20 21:46:18 -0400 |
commit | 07d4ee583e21830ec5604d31f65cdc60a6eca19e (patch) | |
tree | 32962ef0dd13d0d1f66b143ca5d03a88d8b9f772 /include/net | |
parent | e9d41164e2fdd897fe4520c2079ea0000f6e0ec3 (diff) |
[IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template. The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.
The same structure can be used by other MACs such as AES-XCBC-MAC.
This patch also switches from the digest interface to hash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ah.h | 29 | ||||
-rw-r--r-- | include/net/esp.h | 28 | ||||
-rw-r--r-- | include/net/xfrm.h | 9 |
3 files changed, 39 insertions, 27 deletions
diff --git a/include/net/ah.h b/include/net/ah.h index 8e27c9ba8b84..8f257c159902 100644 --- a/include/net/ah.h +++ b/include/net/ah.h | |||
@@ -15,22 +15,29 @@ struct ah_data | |||
15 | int icv_full_len; | 15 | int icv_full_len; |
16 | int icv_trunc_len; | 16 | int icv_trunc_len; |
17 | 17 | ||
18 | void (*icv)(struct ah_data*, | 18 | struct crypto_hash *tfm; |
19 | struct sk_buff *skb, u8 *icv); | ||
20 | |||
21 | struct crypto_tfm *tfm; | ||
22 | }; | 19 | }; |
23 | 20 | ||
24 | static inline void | 21 | static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb, |
25 | ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data) | 22 | u8 *auth_data) |
26 | { | 23 | { |
27 | struct crypto_tfm *tfm = ahp->tfm; | 24 | struct hash_desc desc; |
25 | int err; | ||
26 | |||
27 | desc.tfm = ahp->tfm; | ||
28 | desc.flags = 0; | ||
28 | 29 | ||
29 | memset(auth_data, 0, ahp->icv_trunc_len); | 30 | memset(auth_data, 0, ahp->icv_trunc_len); |
30 | crypto_hmac_init(tfm, ahp->key, &ahp->key_len); | 31 | err = crypto_hash_init(&desc); |
31 | skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update); | 32 | if (unlikely(err)) |
32 | crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv); | 33 | goto out; |
33 | memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len); | 34 | err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update); |
35 | if (unlikely(err)) | ||
36 | goto out; | ||
37 | err = crypto_hash_final(&desc, ahp->work_icv); | ||
38 | |||
39 | out: | ||
40 | return err; | ||
34 | } | 41 | } |
35 | 42 | ||
36 | #endif | 43 | #endif |
diff --git a/include/net/esp.h b/include/net/esp.h index af2ff18700c7..064366d66eea 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
@@ -35,7 +35,7 @@ struct esp_data | |||
35 | void (*icv)(struct esp_data*, | 35 | void (*icv)(struct esp_data*, |
36 | struct sk_buff *skb, | 36 | struct sk_buff *skb, |
37 | int offset, int len, u8 *icv); | 37 | int offset, int len, u8 *icv); |
38 | struct crypto_tfm *tfm; | 38 | struct crypto_hash *tfm; |
39 | } auth; | 39 | } auth; |
40 | }; | 40 | }; |
41 | 41 | ||
@@ -43,18 +43,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, | |||
43 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); | 43 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); |
44 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); | 44 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); |
45 | 45 | ||
46 | static inline void | 46 | static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, |
47 | esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, | 47 | int offset, int len) |
48 | int len, u8 *auth_data) | ||
49 | { | 48 | { |
50 | struct crypto_tfm *tfm = esp->auth.tfm; | 49 | struct hash_desc desc; |
51 | char *icv = esp->auth.work_icv; | 50 | int err; |
52 | 51 | ||
53 | memset(auth_data, 0, esp->auth.icv_trunc_len); | 52 | desc.tfm = esp->auth.tfm; |
54 | crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); | 53 | desc.flags = 0; |
55 | skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); | 54 | |
56 | crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); | 55 | err = crypto_hash_init(&desc); |
57 | memcpy(auth_data, icv, esp->auth.icv_trunc_len); | 56 | if (unlikely(err)) |
57 | return err; | ||
58 | err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); | ||
59 | if (unlikely(err)) | ||
60 | return err; | ||
61 | return crypto_hash_final(&desc, esp->auth.work_icv); | ||
58 | } | 62 | } |
59 | 63 | ||
60 | #endif | 64 | #endif |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e9114e41affc..3ecd9fa1ed4b 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -984,12 +984,13 @@ extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); | |||
984 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); | 984 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); |
985 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); | 985 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); |
986 | 986 | ||
987 | struct crypto_tfm; | 987 | struct hash_desc; |
988 | struct scatterlist; | 988 | struct scatterlist; |
989 | typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int); | 989 | typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *, |
990 | unsigned int); | ||
990 | 991 | ||
991 | extern void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | 992 | extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm, |
992 | int offset, int len, icv_update_fn_t icv_update); | 993 | int offset, int len, icv_update_fn_t icv_update); |
993 | 994 | ||
994 | static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, | 995 | static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, |
995 | int family) | 996 | int family) |