Merge ssh://master.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-x86

[linux-2.6-omap-h63xx.git] / include / net / esp.h
diff --git a/include/net/esp.h b/include/net/esp.h

index 90cd94fad7d9cbbc286caa2d7b9674b924f61877..c1bc529809daad155865ed444049fdb1396b1b21 100644 (file)
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -1,6 +1,7 @@
  #ifndef _NET_ESP_H
  #define _NET_ESP_H
  
+#include <linux/crypto.h>
  #include <net/xfrm.h>
  #include <asm/scatterlist.h>
  
@@ -12,48 +13,51 @@ struct esp_data
  
         /* Confidentiality */
         struct {
-               u8                      *key;           /* Key */
-               int                     key_len;        /* Key length */
-               u8                      *ivec;          /* ivec buffer */
+               int                     padlen;         /* 0..255 */
                 /* ivlen is offset from enc_data, where encrypted data start.
                  * It is logically different of crypto_tfm_alg_ivsize(tfm).
                  * We assume that it is either zero (no ivec), or
                  * >= crypto_tfm_alg_ivsize(tfm). */
                 int                     ivlen;
-               int                     padlen;         /* 0..255 */
-               struct crypto_tfm       *tfm;           /* crypto handle */
+               int                     ivinitted;
+               u8                      *ivec;          /* ivec buffer */
+               struct crypto_blkcipher *tfm;           /* crypto handle */
         } conf;
  
         /* Integrity. It is active when icv_full_len != 0 */
         struct {
-               u8                      *key;           /* Key */
-               int                     key_len;        /* Length of the key */
                 u8                      *work_icv;
                 int                     icv_full_len;
                 int                     icv_trunc_len;
-               void                    (*icv)(struct esp_data*,
-                                              struct sk_buff *skb,
-                                              int offset, int len, u8 *icv);
-               struct crypto_tfm       *tfm;
+               struct crypto_hash      *tfm;
         } auth;
  };
  
-extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len);
-extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
  extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
  
-static inline void
-esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
-                int len, u8 *auth_data)
+static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
+                                int offset, int len)
+{
+       struct hash_desc desc;
+       int err;
+
+       desc.tfm = esp->auth.tfm;
+       desc.flags = 0;
+
+       err = crypto_hash_init(&desc);
+       if (unlikely(err))
+               return err;
+       err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
+       if (unlikely(err))
+               return err;
+       return crypto_hash_final(&desc, esp->auth.work_icv);
+}
+
+struct ip_esp_hdr;
+
+static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb)
  {
-       struct crypto_tfm *tfm = esp->auth.tfm;
-       char *icv = esp->auth.work_icv;
-
-       memset(auth_data, 0, esp->auth.icv_trunc_len);
-       crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
-       skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
-       crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
-       memcpy(auth_data, icv, esp->auth.icv_trunc_len);
+       return (struct ip_esp_hdr *)skb_transport_header(skb);
  }
  
  #endif