linux-pinenote/include/net/ah.h

#ifndef _NET_AH_H
#define _NET_AH_H

#include <linux/crypto.h>
#include <net/xfrm.h>

/* This is the maximum truncated ICV length that we know of. */
#define MAX_AH_AUTH_LEN	12

struct ah_data
{
	u8			*work_icv;
	int			icv_full_len;
	int			icv_trunc_len;

	struct crypto_hash	*tfm;
};

static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
				u8 *auth_data)
{
	struct hash_desc desc;
	int err;

	desc.tfm = ahp->tfm;
	desc.flags = 0;

	memset(auth_data, 0, ahp->icv_trunc_len);
	err = crypto_hash_init(&desc);
	if (unlikely(err))
		goto out;
	err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
	if (unlikely(err))
		goto out;
	err = crypto_hash_final(&desc, ahp->work_icv);

out:
	return err;
}

struct ip_auth_hdr;

static inline struct ip_auth_hdr *ip_auth_hdr(const struct sk_buff *skb)
{
	return (struct ip_auth_hdr *)skb_transport_header(skb);
}

#endif
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`#ifndef _NET_AH_H`
			`#define _NET_AH_H`

[IPSEC]: Move linux/crypto.h inclusion out of net/xfrm.h The header file linux/crypto.h is only needed by a few files so including it in net/xfrm.h (which is included by half of the networking stack) is a waste. This patch moves it out of net/xfrm.h and into the specific header files that actually need it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2006-08-06 19:49:12 +10:00			`#include <linux/crypto.h>`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`#include <net/xfrm.h>`

			`/* This is the maximum truncated ICV length that we know of. */`
			`#define MAX_AH_AUTH_LEN 12`

			`struct ah_data`
			`{`
			`u8 *work_icv;`
			`int icv_full_len;`
			`int icv_trunc_len;`

[IPSEC]: Use HMAC template and hash interface This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-08-20 14:24:50 +10:00			`struct crypto_hash *tfm;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`};`

[IPSEC]: Use HMAC template and hash interface This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-08-20 14:24:50 +10:00			`static inline int ah_mac_digest(struct ah_data ahp, struct sk_buff skb,`
			`u8 *auth_data)`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`{`
[IPSEC]: Use HMAC template and hash interface This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-08-20 14:24:50 +10:00			`struct hash_desc desc;`
			`int err;`

			`desc.tfm = ahp->tfm;`
			`desc.flags = 0;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00
			`memset(auth_data, 0, ahp->icv_trunc_len);`
[IPSEC]: Use HMAC template and hash interface This patch converts IPsec to use the new HMAC template. The names of existing simple digest algorithms may still be used to refer to their HMAC composites. The same structure can be used by other MACs such as AES-XCBC-MAC. This patch also switches from the digest interface to hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-08-20 14:24:50 +10:00			`err = crypto_hash_init(&desc);`
			`if (unlikely(err))`
			`goto out;`
			`err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);`
			`if (unlikely(err))`
			`goto out;`
			`err = crypto_hash_final(&desc, ahp->work_icv);`

			`out:`
			`return err;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`}`

[IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr This patch removes the duplicate ipv6_{auth,esp,comp}_hdr structures since they're identical to the IPv4 versions. Duplicating them would only create problems for ourselves later when we need to add things like extended sequence numbers. I've also added transport header type conversion headers for these types which are now used by the transforms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-10-10 15:45:25 -07:00			`struct ip_auth_hdr;`

			`static inline struct ip_auth_hdr ip_auth_hdr(const struct sk_buff skb)`
			`{`
			`return (struct ip_auth_hdr *)skb_transport_header(skb);`
			`}`

Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`#endif`