diff options
Diffstat (limited to 'include/net/esp.h')
| -rw-r--r-- | include/net/esp.h | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/include/net/esp.h b/include/net/esp.h index 90cd94fad7d9..713d039f4af7 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | #ifndef _NET_ESP_H | 1 | #ifndef _NET_ESP_H |
| 2 | #define _NET_ESP_H | 2 | #define _NET_ESP_H |
| 3 | 3 | ||
| 4 | #include <linux/crypto.h> | ||
| 4 | #include <net/xfrm.h> | 5 | #include <net/xfrm.h> |
| 5 | #include <asm/scatterlist.h> | 6 | #include <asm/scatterlist.h> |
| 6 | 7 | ||
| @@ -14,14 +15,15 @@ struct esp_data | |||
| 14 | struct { | 15 | struct { |
| 15 | u8 *key; /* Key */ | 16 | u8 *key; /* Key */ |
| 16 | int key_len; /* Key length */ | 17 | int key_len; /* Key length */ |
| 17 | u8 *ivec; /* ivec buffer */ | 18 | int padlen; /* 0..255 */ |
| 18 | /* ivlen is offset from enc_data, where encrypted data start. | 19 | /* ivlen is offset from enc_data, where encrypted data start. |
| 19 | * It is logically different of crypto_tfm_alg_ivsize(tfm). | 20 | * It is logically different of crypto_tfm_alg_ivsize(tfm). |
| 20 | * We assume that it is either zero (no ivec), or | 21 | * We assume that it is either zero (no ivec), or |
| 21 | * >= crypto_tfm_alg_ivsize(tfm). */ | 22 | * >= crypto_tfm_alg_ivsize(tfm). */ |
| 22 | int ivlen; | 23 | int ivlen; |
| 23 | int padlen; /* 0..255 */ | 24 | int ivinitted; |
| 24 | struct crypto_tfm *tfm; /* crypto handle */ | 25 | u8 *ivec; /* ivec buffer */ |
| 26 | struct crypto_blkcipher *tfm; /* crypto handle */ | ||
| 25 | } conf; | 27 | } conf; |
| 26 | 28 | ||
| 27 | /* Integrity. It is active when icv_full_len != 0 */ | 29 | /* Integrity. It is active when icv_full_len != 0 */ |
| @@ -34,7 +36,7 @@ struct esp_data | |||
| 34 | void (*icv)(struct esp_data*, | 36 | void (*icv)(struct esp_data*, |
| 35 | struct sk_buff *skb, | 37 | struct sk_buff *skb, |
| 36 | int offset, int len, u8 *icv); | 38 | int offset, int len, u8 *icv); |
| 37 | struct crypto_tfm *tfm; | 39 | struct crypto_hash *tfm; |
| 38 | } auth; | 40 | } auth; |
| 39 | }; | 41 | }; |
| 40 | 42 | ||
| @@ -42,18 +44,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, | |||
| 42 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); | 44 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); |
| 43 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); | 45 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); |
| 44 | 46 | ||
| 45 | static inline void | 47 | static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, |
| 46 | esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, | 48 | int offset, int len) |
| 47 | int len, u8 *auth_data) | ||
| 48 | { | 49 | { |
| 49 | struct crypto_tfm *tfm = esp->auth.tfm; | 50 | struct hash_desc desc; |
| 50 | char *icv = esp->auth.work_icv; | 51 | int err; |
| 51 | 52 | ||
| 52 | memset(auth_data, 0, esp->auth.icv_trunc_len); | 53 | desc.tfm = esp->auth.tfm; |
| 53 | crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); | 54 | desc.flags = 0; |
| 54 | skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); | 55 | |
| 55 | crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); | 56 | err = crypto_hash_init(&desc); |
| 56 | memcpy(auth_data, icv, esp->auth.icv_trunc_len); | 57 | if (unlikely(err)) |
| 58 | return err; | ||
| 59 | err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); | ||
| 60 | if (unlikely(err)) | ||
| 61 | return err; | ||
| 62 | return crypto_hash_final(&desc, esp->auth.work_icv); | ||
| 57 | } | 63 | } |
| 58 | 64 | ||
| 59 | #endif | 65 | #endif |