diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-08-20 00:24:50 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2006-09-20 21:46:18 -0400 |
commit | 07d4ee583e21830ec5604d31f65cdc60a6eca19e (patch) | |
tree | 32962ef0dd13d0d1f66b143ca5d03a88d8b9f772 /net/xfrm | |
parent | e9d41164e2fdd897fe4520c2079ea0000f6e0ec3 (diff) |
[IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template. The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.
The same structure can be used by other MACs such as AES-XCBC-MAC.
This patch also switches from the digest interface to hash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_algo.c | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index 9b03d8497fba..87918f281bb4 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c | |||
@@ -30,7 +30,8 @@ | |||
30 | */ | 30 | */ |
31 | static struct xfrm_algo_desc aalg_list[] = { | 31 | static struct xfrm_algo_desc aalg_list[] = { |
32 | { | 32 | { |
33 | .name = "digest_null", | 33 | .name = "hmac(digest_null)", |
34 | .compat = "digest_null", | ||
34 | 35 | ||
35 | .uinfo = { | 36 | .uinfo = { |
36 | .auth = { | 37 | .auth = { |
@@ -47,7 +48,8 @@ static struct xfrm_algo_desc aalg_list[] = { | |||
47 | } | 48 | } |
48 | }, | 49 | }, |
49 | { | 50 | { |
50 | .name = "md5", | 51 | .name = "hmac(md5)", |
52 | .compat = "md5", | ||
51 | 53 | ||
52 | .uinfo = { | 54 | .uinfo = { |
53 | .auth = { | 55 | .auth = { |
@@ -64,7 +66,8 @@ static struct xfrm_algo_desc aalg_list[] = { | |||
64 | } | 66 | } |
65 | }, | 67 | }, |
66 | { | 68 | { |
67 | .name = "sha1", | 69 | .name = "hmac(sha1)", |
70 | .compat = "sha1", | ||
68 | 71 | ||
69 | .uinfo = { | 72 | .uinfo = { |
70 | .auth = { | 73 | .auth = { |
@@ -81,7 +84,8 @@ static struct xfrm_algo_desc aalg_list[] = { | |||
81 | } | 84 | } |
82 | }, | 85 | }, |
83 | { | 86 | { |
84 | .name = "sha256", | 87 | .name = "hmac(sha256)", |
88 | .compat = "sha256", | ||
85 | 89 | ||
86 | .uinfo = { | 90 | .uinfo = { |
87 | .auth = { | 91 | .auth = { |
@@ -98,7 +102,8 @@ static struct xfrm_algo_desc aalg_list[] = { | |||
98 | } | 102 | } |
99 | }, | 103 | }, |
100 | { | 104 | { |
101 | .name = "ripemd160", | 105 | .name = "hmac(ripemd160)", |
106 | .compat = "ripemd160", | ||
102 | 107 | ||
103 | .uinfo = { | 108 | .uinfo = { |
104 | .auth = { | 109 | .auth = { |
@@ -480,11 +485,12 @@ EXPORT_SYMBOL_GPL(xfrm_count_enc_supported); | |||
480 | 485 | ||
481 | /* Move to common area: it is shared with AH. */ | 486 | /* Move to common area: it is shared with AH. */ |
482 | 487 | ||
483 | void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | 488 | int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc, |
484 | int offset, int len, icv_update_fn_t icv_update) | 489 | int offset, int len, icv_update_fn_t icv_update) |
485 | { | 490 | { |
486 | int start = skb_headlen(skb); | 491 | int start = skb_headlen(skb); |
487 | int i, copy = start - offset; | 492 | int i, copy = start - offset; |
493 | int err; | ||
488 | struct scatterlist sg; | 494 | struct scatterlist sg; |
489 | 495 | ||
490 | /* Checksum header. */ | 496 | /* Checksum header. */ |
@@ -496,10 +502,12 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | |||
496 | sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE; | 502 | sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE; |
497 | sg.length = copy; | 503 | sg.length = copy; |
498 | 504 | ||
499 | icv_update(tfm, &sg, 1); | 505 | err = icv_update(desc, &sg, copy); |
506 | if (unlikely(err)) | ||
507 | return err; | ||
500 | 508 | ||
501 | if ((len -= copy) == 0) | 509 | if ((len -= copy) == 0) |
502 | return; | 510 | return 0; |
503 | offset += copy; | 511 | offset += copy; |
504 | } | 512 | } |
505 | 513 | ||
@@ -519,10 +527,12 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | |||
519 | sg.offset = frag->page_offset + offset-start; | 527 | sg.offset = frag->page_offset + offset-start; |
520 | sg.length = copy; | 528 | sg.length = copy; |
521 | 529 | ||
522 | icv_update(tfm, &sg, 1); | 530 | err = icv_update(desc, &sg, copy); |
531 | if (unlikely(err)) | ||
532 | return err; | ||
523 | 533 | ||
524 | if (!(len -= copy)) | 534 | if (!(len -= copy)) |
525 | return; | 535 | return 0; |
526 | offset += copy; | 536 | offset += copy; |
527 | } | 537 | } |
528 | start = end; | 538 | start = end; |
@@ -540,15 +550,19 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | |||
540 | if ((copy = end - offset) > 0) { | 550 | if ((copy = end - offset) > 0) { |
541 | if (copy > len) | 551 | if (copy > len) |
542 | copy = len; | 552 | copy = len; |
543 | skb_icv_walk(list, tfm, offset-start, copy, icv_update); | 553 | err = skb_icv_walk(list, desc, offset-start, |
554 | copy, icv_update); | ||
555 | if (unlikely(err)) | ||
556 | return err; | ||
544 | if ((len -= copy) == 0) | 557 | if ((len -= copy) == 0) |
545 | return; | 558 | return 0; |
546 | offset += copy; | 559 | offset += copy; |
547 | } | 560 | } |
548 | start = end; | 561 | start = end; |
549 | } | 562 | } |
550 | } | 563 | } |
551 | BUG_ON(len); | 564 | BUG_ON(len); |
565 | return 0; | ||
552 | } | 566 | } |
553 | EXPORT_SYMBOL_GPL(skb_icv_walk); | 567 | EXPORT_SYMBOL_GPL(skb_icv_walk); |
554 | 568 | ||