bc31d3b2c7
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
42 lines
738 B
C
42 lines
738 B
C
#ifndef _NET_AH_H
|
|
#define _NET_AH_H
|
|
|
|
#include <linux/crypto.h>
|
|
#include <net/xfrm.h>
|
|
|
|
/* This is the maximum truncated ICV length that we know of. */
|
|
#define MAX_AH_AUTH_LEN 12
|
|
|
|
struct ah_data
|
|
{
|
|
u8 *work_icv;
|
|
int icv_full_len;
|
|
int icv_trunc_len;
|
|
|
|
struct crypto_hash *tfm;
|
|
};
|
|
|
|
static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
|
|
u8 *auth_data)
|
|
{
|
|
struct hash_desc desc;
|
|
int err;
|
|
|
|
desc.tfm = ahp->tfm;
|
|
desc.flags = 0;
|
|
|
|
memset(auth_data, 0, ahp->icv_trunc_len);
|
|
err = crypto_hash_init(&desc);
|
|
if (unlikely(err))
|
|
goto out;
|
|
err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
|
|
if (unlikely(err))
|
|
goto out;
|
|
err = crypto_hash_final(&desc, ahp->work_icv);
|
|
|
|
out:
|
|
return err;
|
|
}
|
|
|
|
#endif
|