diff options
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ah.h | 30 | ||||
-rw-r--r-- | include/net/esp.h | 31 | ||||
-rw-r--r-- | include/net/ipcomp.h | 5 | ||||
-rw-r--r-- | include/net/sctp/constants.h | 4 | ||||
-rw-r--r-- | include/net/sctp/sctp.h | 11 | ||||
-rw-r--r-- | include/net/sctp/structs.h | 3 | ||||
-rw-r--r-- | include/net/xfrm.h | 12 |
7 files changed, 52 insertions, 44 deletions
diff --git a/include/net/ah.h b/include/net/ah.h index ceff00afae09..8f257c159902 100644 --- a/include/net/ah.h +++ b/include/net/ah.h | |||
@@ -1,6 +1,7 @@ | |||
1 | #ifndef _NET_AH_H | 1 | #ifndef _NET_AH_H |
2 | #define _NET_AH_H | 2 | #define _NET_AH_H |
3 | 3 | ||
4 | #include <linux/crypto.h> | ||
4 | #include <net/xfrm.h> | 5 | #include <net/xfrm.h> |
5 | 6 | ||
6 | /* This is the maximum truncated ICV length that we know of. */ | 7 | /* This is the maximum truncated ICV length that we know of. */ |
@@ -14,22 +15,29 @@ struct ah_data | |||
14 | int icv_full_len; | 15 | int icv_full_len; |
15 | int icv_trunc_len; | 16 | int icv_trunc_len; |
16 | 17 | ||
17 | void (*icv)(struct ah_data*, | 18 | struct crypto_hash *tfm; |
18 | struct sk_buff *skb, u8 *icv); | ||
19 | |||
20 | struct crypto_tfm *tfm; | ||
21 | }; | 19 | }; |
22 | 20 | ||
23 | static inline void | 21 | static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb, |
24 | ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data) | 22 | u8 *auth_data) |
25 | { | 23 | { |
26 | struct crypto_tfm *tfm = ahp->tfm; | 24 | struct hash_desc desc; |
25 | int err; | ||
26 | |||
27 | desc.tfm = ahp->tfm; | ||
28 | desc.flags = 0; | ||
27 | 29 | ||
28 | memset(auth_data, 0, ahp->icv_trunc_len); | 30 | memset(auth_data, 0, ahp->icv_trunc_len); |
29 | crypto_hmac_init(tfm, ahp->key, &ahp->key_len); | 31 | err = crypto_hash_init(&desc); |
30 | skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update); | 32 | if (unlikely(err)) |
31 | crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv); | 33 | goto out; |
32 | memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len); | 34 | err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update); |
35 | if (unlikely(err)) | ||
36 | goto out; | ||
37 | err = crypto_hash_final(&desc, ahp->work_icv); | ||
38 | |||
39 | out: | ||
40 | return err; | ||
33 | } | 41 | } |
34 | 42 | ||
35 | #endif | 43 | #endif |
diff --git a/include/net/esp.h b/include/net/esp.h index 90cd94fad7d9..064366d66eea 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
@@ -1,6 +1,7 @@ | |||
1 | #ifndef _NET_ESP_H | 1 | #ifndef _NET_ESP_H |
2 | #define _NET_ESP_H | 2 | #define _NET_ESP_H |
3 | 3 | ||
4 | #include <linux/crypto.h> | ||
4 | #include <net/xfrm.h> | 5 | #include <net/xfrm.h> |
5 | #include <asm/scatterlist.h> | 6 | #include <asm/scatterlist.h> |
6 | 7 | ||
@@ -21,7 +22,7 @@ struct esp_data | |||
21 | * >= crypto_tfm_alg_ivsize(tfm). */ | 22 | * >= crypto_tfm_alg_ivsize(tfm). */ |
22 | int ivlen; | 23 | int ivlen; |
23 | int padlen; /* 0..255 */ | 24 | int padlen; /* 0..255 */ |
24 | struct crypto_tfm *tfm; /* crypto handle */ | 25 | struct crypto_blkcipher *tfm; /* crypto handle */ |
25 | } conf; | 26 | } conf; |
26 | 27 | ||
27 | /* Integrity. It is active when icv_full_len != 0 */ | 28 | /* Integrity. It is active when icv_full_len != 0 */ |
@@ -34,7 +35,7 @@ struct esp_data | |||
34 | void (*icv)(struct esp_data*, | 35 | void (*icv)(struct esp_data*, |
35 | struct sk_buff *skb, | 36 | struct sk_buff *skb, |
36 | int offset, int len, u8 *icv); | 37 | int offset, int len, u8 *icv); |
37 | struct crypto_tfm *tfm; | 38 | struct crypto_hash *tfm; |
38 | } auth; | 39 | } auth; |
39 | }; | 40 | }; |
40 | 41 | ||
@@ -42,18 +43,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, | |||
42 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); | 43 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); |
43 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); | 44 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); |
44 | 45 | ||
45 | static inline void | 46 | static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, |
46 | esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, | 47 | int offset, int len) |
47 | int len, u8 *auth_data) | ||
48 | { | 48 | { |
49 | struct crypto_tfm *tfm = esp->auth.tfm; | 49 | struct hash_desc desc; |
50 | char *icv = esp->auth.work_icv; | 50 | int err; |
51 | 51 | ||
52 | memset(auth_data, 0, esp->auth.icv_trunc_len); | 52 | desc.tfm = esp->auth.tfm; |
53 | crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); | 53 | desc.flags = 0; |
54 | skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); | 54 | |
55 | crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); | 55 | err = crypto_hash_init(&desc); |
56 | memcpy(auth_data, icv, esp->auth.icv_trunc_len); | 56 | if (unlikely(err)) |
57 | return err; | ||
58 | err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); | ||
59 | if (unlikely(err)) | ||
60 | return err; | ||
61 | return crypto_hash_final(&desc, esp->auth.work_icv); | ||
57 | } | 62 | } |
58 | 63 | ||
59 | #endif | 64 | #endif |
diff --git a/include/net/ipcomp.h b/include/net/ipcomp.h index e651a57ecdd5..87c1af3e5e82 100644 --- a/include/net/ipcomp.h +++ b/include/net/ipcomp.h | |||
@@ -1,11 +1,14 @@ | |||
1 | #ifndef _NET_IPCOMP_H | 1 | #ifndef _NET_IPCOMP_H |
2 | #define _NET_IPCOMP_H | 2 | #define _NET_IPCOMP_H |
3 | 3 | ||
4 | #include <linux/crypto.h> | ||
5 | #include <linux/types.h> | ||
6 | |||
4 | #define IPCOMP_SCRATCH_SIZE 65400 | 7 | #define IPCOMP_SCRATCH_SIZE 65400 |
5 | 8 | ||
6 | struct ipcomp_data { | 9 | struct ipcomp_data { |
7 | u16 threshold; | 10 | u16 threshold; |
8 | struct crypto_tfm **tfms; | 11 | struct crypto_comp **tfms; |
9 | }; | 12 | }; |
10 | 13 | ||
11 | #endif | 14 | #endif |
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index c51541ee0247..57166bfdf8eb 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h | |||
@@ -312,9 +312,9 @@ enum { SCTP_MAX_GABS = 16 }; | |||
312 | */ | 312 | */ |
313 | 313 | ||
314 | #if defined (CONFIG_SCTP_HMAC_MD5) | 314 | #if defined (CONFIG_SCTP_HMAC_MD5) |
315 | #define SCTP_COOKIE_HMAC_ALG "md5" | 315 | #define SCTP_COOKIE_HMAC_ALG "hmac(md5)" |
316 | #elif defined (CONFIG_SCTP_HMAC_SHA1) | 316 | #elif defined (CONFIG_SCTP_HMAC_SHA1) |
317 | #define SCTP_COOKIE_HMAC_ALG "sha1" | 317 | #define SCTP_COOKIE_HMAC_ALG "hmac(sha1)" |
318 | #else | 318 | #else |
319 | #define SCTP_COOKIE_HMAC_ALG NULL | 319 | #define SCTP_COOKIE_HMAC_ALG NULL |
320 | #endif | 320 | #endif |
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index 92eae0e0f3f1..1c1abce5f6b6 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h | |||
@@ -330,17 +330,6 @@ static inline void sctp_v6_exit(void) { return; } | |||
330 | 330 | ||
331 | #endif /* #if defined(CONFIG_IPV6) */ | 331 | #endif /* #if defined(CONFIG_IPV6) */ |
332 | 332 | ||
333 | /* Some wrappers, in case crypto not available. */ | ||
334 | #if defined (CONFIG_CRYPTO_HMAC) | ||
335 | #define sctp_crypto_alloc_tfm crypto_alloc_tfm | ||
336 | #define sctp_crypto_free_tfm crypto_free_tfm | ||
337 | #define sctp_crypto_hmac crypto_hmac | ||
338 | #else | ||
339 | #define sctp_crypto_alloc_tfm(x...) NULL | ||
340 | #define sctp_crypto_free_tfm(x...) | ||
341 | #define sctp_crypto_hmac(x...) | ||
342 | #endif | ||
343 | |||
344 | 333 | ||
345 | /* Map an association to an assoc_id. */ | 334 | /* Map an association to an assoc_id. */ |
346 | static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc) | 335 | static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc) |
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index e5aa7ff1f5b5..0412e730c765 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h | |||
@@ -87,6 +87,7 @@ struct sctp_bind_addr; | |||
87 | struct sctp_ulpq; | 87 | struct sctp_ulpq; |
88 | struct sctp_ep_common; | 88 | struct sctp_ep_common; |
89 | struct sctp_ssnmap; | 89 | struct sctp_ssnmap; |
90 | struct crypto_hash; | ||
90 | 91 | ||
91 | 92 | ||
92 | #include <net/sctp/tsnmap.h> | 93 | #include <net/sctp/tsnmap.h> |
@@ -264,7 +265,7 @@ struct sctp_sock { | |||
264 | struct sctp_pf *pf; | 265 | struct sctp_pf *pf; |
265 | 266 | ||
266 | /* Access to HMAC transform. */ | 267 | /* Access to HMAC transform. */ |
267 | struct crypto_tfm *hmac; | 268 | struct crypto_hash *hmac; |
268 | 269 | ||
269 | /* What is our base endpointer? */ | 270 | /* What is our base endpointer? */ |
270 | struct sctp_endpoint *ep; | 271 | struct sctp_endpoint *ep; |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 9c5ee9f20b65..3ecd9fa1ed4b 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -8,7 +8,6 @@ | |||
8 | #include <linux/list.h> | 8 | #include <linux/list.h> |
9 | #include <linux/skbuff.h> | 9 | #include <linux/skbuff.h> |
10 | #include <linux/socket.h> | 10 | #include <linux/socket.h> |
11 | #include <linux/crypto.h> | ||
12 | #include <linux/pfkeyv2.h> | 11 | #include <linux/pfkeyv2.h> |
13 | #include <linux/in6.h> | 12 | #include <linux/in6.h> |
14 | #include <linux/mutex.h> | 13 | #include <linux/mutex.h> |
@@ -855,6 +854,7 @@ struct xfrm_algo_comp_info { | |||
855 | 854 | ||
856 | struct xfrm_algo_desc { | 855 | struct xfrm_algo_desc { |
857 | char *name; | 856 | char *name; |
857 | char *compat; | ||
858 | u8 available:1; | 858 | u8 available:1; |
859 | union { | 859 | union { |
860 | struct xfrm_algo_auth_info auth; | 860 | struct xfrm_algo_auth_info auth; |
@@ -984,11 +984,13 @@ extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); | |||
984 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); | 984 | extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); |
985 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); | 985 | extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); |
986 | 986 | ||
987 | struct crypto_tfm; | 987 | struct hash_desc; |
988 | typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int); | 988 | struct scatterlist; |
989 | typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *, | ||
990 | unsigned int); | ||
989 | 991 | ||
990 | extern void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, | 992 | extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm, |
991 | int offset, int len, icv_update_fn_t icv_update); | 993 | int offset, int len, icv_update_fn_t icv_update); |
992 | 994 | ||
993 | static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, | 995 | static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, |
994 | int family) | 996 | int family) |