aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-08-20 00:24:50 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2006-09-20 21:46:18 -0400
commit07d4ee583e21830ec5604d31f65cdc60a6eca19e (patch)
tree32962ef0dd13d0d1f66b143ca5d03a88d8b9f772 /net/xfrm
parente9d41164e2fdd897fe4520c2079ea0000f6e0ec3 (diff)
[IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_algo.c40
1 files changed, 27 insertions, 13 deletions
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 9b03d8497fba..87918f281bb4 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -30,7 +30,8 @@
30 */ 30 */
31static struct xfrm_algo_desc aalg_list[] = { 31static struct xfrm_algo_desc aalg_list[] = {
32{ 32{
33 .name = "digest_null", 33 .name = "hmac(digest_null)",
34 .compat = "digest_null",
34 35
35 .uinfo = { 36 .uinfo = {
36 .auth = { 37 .auth = {
@@ -47,7 +48,8 @@ static struct xfrm_algo_desc aalg_list[] = {
47 } 48 }
48}, 49},
49{ 50{
50 .name = "md5", 51 .name = "hmac(md5)",
52 .compat = "md5",
51 53
52 .uinfo = { 54 .uinfo = {
53 .auth = { 55 .auth = {
@@ -64,7 +66,8 @@ static struct xfrm_algo_desc aalg_list[] = {
64 } 66 }
65}, 67},
66{ 68{
67 .name = "sha1", 69 .name = "hmac(sha1)",
70 .compat = "sha1",
68 71
69 .uinfo = { 72 .uinfo = {
70 .auth = { 73 .auth = {
@@ -81,7 +84,8 @@ static struct xfrm_algo_desc aalg_list[] = {
81 } 84 }
82}, 85},
83{ 86{
84 .name = "sha256", 87 .name = "hmac(sha256)",
88 .compat = "sha256",
85 89
86 .uinfo = { 90 .uinfo = {
87 .auth = { 91 .auth = {
@@ -98,7 +102,8 @@ static struct xfrm_algo_desc aalg_list[] = {
98 } 102 }
99}, 103},
100{ 104{
101 .name = "ripemd160", 105 .name = "hmac(ripemd160)",
106 .compat = "ripemd160",
102 107
103 .uinfo = { 108 .uinfo = {
104 .auth = { 109 .auth = {
@@ -480,11 +485,12 @@ EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
480 485
481/* Move to common area: it is shared with AH. */ 486/* Move to common area: it is shared with AH. */
482 487
483void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, 488int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
484 int offset, int len, icv_update_fn_t icv_update) 489 int offset, int len, icv_update_fn_t icv_update)
485{ 490{
486 int start = skb_headlen(skb); 491 int start = skb_headlen(skb);
487 int i, copy = start - offset; 492 int i, copy = start - offset;
493 int err;
488 struct scatterlist sg; 494 struct scatterlist sg;
489 495
490 /* Checksum header. */ 496 /* Checksum header. */
@@ -496,10 +502,12 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
496 sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE; 502 sg.offset = (unsigned long)(skb->data + offset) % PAGE_SIZE;
497 sg.length = copy; 503 sg.length = copy;
498 504
499 icv_update(tfm, &sg, 1); 505 err = icv_update(desc, &sg, copy);
506 if (unlikely(err))
507 return err;
500 508
501 if ((len -= copy) == 0) 509 if ((len -= copy) == 0)
502 return; 510 return 0;
503 offset += copy; 511 offset += copy;
504 } 512 }
505 513
@@ -519,10 +527,12 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
519 sg.offset = frag->page_offset + offset-start; 527 sg.offset = frag->page_offset + offset-start;
520 sg.length = copy; 528 sg.length = copy;
521 529
522 icv_update(tfm, &sg, 1); 530 err = icv_update(desc, &sg, copy);
531 if (unlikely(err))
532 return err;
523 533
524 if (!(len -= copy)) 534 if (!(len -= copy))
525 return; 535 return 0;
526 offset += copy; 536 offset += copy;
527 } 537 }
528 start = end; 538 start = end;
@@ -540,15 +550,19 @@ void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
540 if ((copy = end - offset) > 0) { 550 if ((copy = end - offset) > 0) {
541 if (copy > len) 551 if (copy > len)
542 copy = len; 552 copy = len;
543 skb_icv_walk(list, tfm, offset-start, copy, icv_update); 553 err = skb_icv_walk(list, desc, offset-start,
554 copy, icv_update);
555 if (unlikely(err))
556 return err;
544 if ((len -= copy) == 0) 557 if ((len -= copy) == 0)
545 return; 558 return 0;
546 offset += copy; 559 offset += copy;
547 } 560 }
548 start = end; 561 start = end;
549 } 562 }
550 } 563 }
551 BUG_ON(len); 564 BUG_ON(len);
565 return 0;
552} 566}
553EXPORT_SYMBOL_GPL(skb_icv_walk); 567EXPORT_SYMBOL_GPL(skb_icv_walk);
554 568