11da177e4SLinus Torvalds #ifndef _NET_AH_H 21da177e4SLinus Torvalds #define _NET_AH_H 31da177e4SLinus Torvalds 49409f38aSHerbert Xu #include <linux/crypto.h> 51da177e4SLinus Torvalds #include <net/xfrm.h> 61da177e4SLinus Torvalds 71da177e4SLinus Torvalds /* This is the maximum truncated ICV length that we know of. */ 81da177e4SLinus Torvalds #define MAX_AH_AUTH_LEN 12 91da177e4SLinus Torvalds 101da177e4SLinus Torvalds struct ah_data 111da177e4SLinus Torvalds { 121da177e4SLinus Torvalds u8 *work_icv; 131da177e4SLinus Torvalds int icv_full_len; 141da177e4SLinus Torvalds int icv_trunc_len; 151da177e4SLinus Torvalds 1607d4ee58SHerbert Xu struct crypto_hash *tfm; 171da177e4SLinus Torvalds }; 181da177e4SLinus Torvalds 1907d4ee58SHerbert Xu static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb, 2007d4ee58SHerbert Xu u8 *auth_data) 211da177e4SLinus Torvalds { 2207d4ee58SHerbert Xu struct hash_desc desc; 2307d4ee58SHerbert Xu int err; 2407d4ee58SHerbert Xu 2507d4ee58SHerbert Xu desc.tfm = ahp->tfm; 2607d4ee58SHerbert Xu desc.flags = 0; 271da177e4SLinus Torvalds 281da177e4SLinus Torvalds memset(auth_data, 0, ahp->icv_trunc_len); 2907d4ee58SHerbert Xu err = crypto_hash_init(&desc); 3007d4ee58SHerbert Xu if (unlikely(err)) 3107d4ee58SHerbert Xu goto out; 3207d4ee58SHerbert Xu err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update); 3307d4ee58SHerbert Xu if (unlikely(err)) 3407d4ee58SHerbert Xu goto out; 3507d4ee58SHerbert Xu err = crypto_hash_final(&desc, ahp->work_icv); 3607d4ee58SHerbert Xu 3707d4ee58SHerbert Xu out: 3807d4ee58SHerbert Xu return err; 391da177e4SLinus Torvalds } 401da177e4SLinus Torvalds 4187bdc48dSHerbert Xu struct ip_auth_hdr; 4287bdc48dSHerbert Xu 4387bdc48dSHerbert Xu static inline struct ip_auth_hdr *ip_auth_hdr(const struct sk_buff *skb) 4487bdc48dSHerbert Xu { 4587bdc48dSHerbert Xu return (struct ip_auth_hdr *)skb_transport_header(skb); 4687bdc48dSHerbert Xu } 4787bdc48dSHerbert Xu 481da177e4SLinus Torvalds #endif 49