summaryrefslogtreecommitdiffstats
path: root/include/net/esp.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/esp.h')
-rw-r--r--include/net/esp.h36
1 files changed, 21 insertions, 15 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index 90cd94fad7d..713d039f4af 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -1,6 +1,7 @@
#ifndef _NET_ESP_H
#define _NET_ESP_H
+#include <linux/crypto.h>
#include <net/xfrm.h>
#include <asm/scatterlist.h>
@@ -14,14 +15,15 @@ struct esp_data
struct {
u8 *key; /* Key */
int key_len; /* Key length */
- u8 *ivec; /* ivec buffer */
+ int padlen; /* 0..255 */
/* ivlen is offset from enc_data, where encrypted data start.
* It is logically different of crypto_tfm_alg_ivsize(tfm).
* We assume that it is either zero (no ivec), or
* >= crypto_tfm_alg_ivsize(tfm). */
int ivlen;
- int padlen; /* 0..255 */
- struct crypto_tfm *tfm; /* crypto handle */
+ int ivinitted;
+ u8 *ivec; /* ivec buffer */
+ struct crypto_blkcipher *tfm; /* crypto handle */
} conf;
/* Integrity. It is active when icv_full_len != 0 */
@@ -34,7 +36,7 @@ struct esp_data
void (*icv)(struct esp_data*,
struct sk_buff *skb,
int offset, int len, u8 *icv);
- struct crypto_tfm *tfm;
+ struct crypto_hash *tfm;
} auth;
};
@@ -42,18 +44,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset,
extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
-static inline void
-esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
- int len, u8 *auth_data)
+static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
+ int offset, int len)
{
- struct crypto_tfm *tfm = esp->auth.tfm;
- char *icv = esp->auth.work_icv;
-
- memset(auth_data, 0, esp->auth.icv_trunc_len);
- crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
- skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
- crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
- memcpy(auth_data, icv, esp->auth.icv_trunc_len);
+ struct hash_desc desc;
+ int err;
+
+ desc.tfm = esp->auth.tfm;
+ desc.flags = 0;
+
+ err = crypto_hash_init(&desc);
+ if (unlikely(err))
+ return err;
+ err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
+ if (unlikely(err))
+ return err;
+ return crypto_hash_final(&desc, esp->auth.work_icv);
}
#endif