linux/include/net/ah.h
Herbert Xu 07d4ee583e [IPSEC]: Use HMAC template and hash interface
This patch converts IPsec to use the new HMAC template.  The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.

The same structure can be used by other MACs such as AES-XCBC-MAC.

This patch also switches from the digest interface to hash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:46:18 +10:00

44 lines
766 B
C

#ifndef _NET_AH_H
#define _NET_AH_H
#include <linux/crypto.h>
#include <net/xfrm.h>
/* This is the maximum truncated ICV length that we know of. */
#define MAX_AH_AUTH_LEN 12
struct ah_data
{
u8 *key;
int key_len;
u8 *work_icv;
int icv_full_len;
int icv_trunc_len;
struct crypto_hash *tfm;
};
static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
u8 *auth_data)
{
struct hash_desc desc;
int err;
desc.tfm = ahp->tfm;
desc.flags = 0;
memset(auth_data, 0, ahp->icv_trunc_len);
err = crypto_hash_init(&desc);
if (unlikely(err))
goto out;
err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
if (unlikely(err))
goto out;
err = crypto_hash_final(&desc, ahp->work_icv);
out:
return err;
}
#endif