[IPSEC]: Use HMAC template and hash interface

	int			icv_full_len;

	int			icv_trunc_len;

	void			(*icv)(struct ah_data*,

	                               struct sk_buff *skb, u8 *icv);

	struct crypto_tfm	*tfm;

	struct crypto_hash	*tfm;

};

static inline void

ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)

static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,

				u8 *auth_data)

{

	struct crypto_tfm *tfm = ahp->tfm;

	struct hash_desc desc;

	int err;

	desc.tfm = ahp->tfm;

	desc.flags = 0;

	memset(auth_data, 0, ahp->icv_trunc_len);

	crypto_hmac_init(tfm, ahp->key, &ahp->key_len);

	skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update);

	crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv);

	memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len);

	err = crypto_hash_init(&desc);

	if (unlikely(err))

		goto out;

	err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);

	if (unlikely(err))

		goto out;

	err = crypto_hash_final(&desc, ahp->work_icv);

out:

	return err;

}

#endif

		void			(*icv)(struct esp_data*,

		                               struct sk_buff *skb,

		                               int offset, int len, u8 *icv);

		struct crypto_tfm	*tfm;

		struct crypto_hash	*tfm;

	} auth;

};

extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);

extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);

static inline void

esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,

                int len, u8 *auth_data)

static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,

				 int offset, int len)

{

	struct crypto_tfm *tfm = esp->auth.tfm;

	char *icv = esp->auth.work_icv;

	memset(auth_data, 0, esp->auth.icv_trunc_len);

	crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);

	skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);

	crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);

	memcpy(auth_data, icv, esp->auth.icv_trunc_len);

	struct hash_desc desc;

	int err;

	desc.tfm = esp->auth.tfm;

	desc.flags = 0;

	err = crypto_hash_init(&desc);

	if (unlikely(err))

		return err;

	err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);

	if (unlikely(err))

		return err;

	return crypto_hash_final(&desc, esp->auth.work_icv);

}

#endif

extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);

extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);

struct crypto_tfm;

struct hash_desc;

struct scatterlist;

typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int);

typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,

			      unsigned int);

extern void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,

extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm,

			int offset, int len, icv_update_fn_t icv_update);

static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,

#include <linux/err.h>

#include <linux/module.h>

#include <net/ip.h>

#include <net/xfrm.h>

	ah->spi = x->id.spi;

	ah->seq_no = htonl(++x->replay.oseq);

	xfrm_aevent_doreplay(x);

	ahp->icv(ahp, skb, ah->auth_data);

	err = ah_mac_digest(ahp, skb, ah->auth_data);

	if (err)

		goto error;

	memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len);

	top_iph->tos = iph->tos;

	top_iph->ttl = iph->ttl;

{

	int ah_hlen;

	int ihl;

	int err = -EINVAL;

	struct iphdr *iph;

	struct ip_auth_hdr *ah;

	struct ah_data *ahp;

		memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);

		skb_push(skb, ihl);

		ahp->icv(ahp, skb, ah->auth_data);

		if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {

		err = ah_mac_digest(ahp, skb, ah->auth_data);

		if (err)

			goto out;

		err = -EINVAL;

		if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {

			x->stats.integrity_failed++;

			goto out;

		}

	return 0;

out:

	return -EINVAL;

	return err;

}

static void ah4_err(struct sk_buff *skb, u32 info)

{

	struct ah_data *ahp = NULL;

	struct xfrm_algo_desc *aalg_desc;

	struct crypto_hash *tfm;

	if (!x->aalg)

		goto error;

	ahp->key = x->aalg->alg_key;

	ahp->key_len = (x->aalg->alg_key_len+7)/8;

	ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);

	if (!ahp->tfm)

	tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);

	if (IS_ERR(tfm))

		goto error;

	ahp->tfm = tfm;

	if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))

		goto error;

	ahp->icv = ah_hmac_digest;

	/*

	 * Lookup the algorithm description maintained by xfrm_algo,

	 * verify crypto transform properties, and store information

	 * we need for AH processing.  This lookup cannot fail here

	 * after a successful crypto_alloc_tfm().

	 * after a successful crypto_alloc_hash().

	 */

	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);

	BUG_ON(!aalg_desc);

	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=

	    crypto_tfm_alg_digestsize(ahp->tfm)) {

	    crypto_hash_digestsize(tfm)) {

		printk(KERN_INFO "AH: %s digestsize %u != %hu\n",

		       x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm),

		       x->aalg->alg_name, crypto_hash_digestsize(tfm),

		       aalg_desc->uinfo.auth.icv_fullbits/8);

		goto error;

	}

error:

	if (ahp) {

		kfree(ahp->work_icv);

		crypto_free_tfm(ahp->tfm);

		crypto_free_hash(ahp->tfm);

		kfree(ahp);

	}

	return -EINVAL;

	kfree(ahp->work_icv);

	ahp->work_icv = NULL;

	crypto_free_tfm(ahp->tfm);

	crypto_free_hash(ahp->tfm);

	ahp->tfm = NULL;

	kfree(ahp);

}

	}

	if (esp->auth.icv_full_len) {

		esp->auth.icv(esp, skb, (u8*)esph-skb->data,

		              sizeof(struct ip_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);

		pskb_put(skb, trailer, alen);

		err = esp_mac_digest(esp, skb, (u8 *)esph - skb->data,

				     sizeof(*esph) + esp->conf.ivlen + clen);

		memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen);

	}

	ip_send_check(top_iph);

	/* If integrity check is required, do this. */

	if (esp->auth.icv_full_len) {

		u8 sum[esp->auth.icv_full_len];

		u8 sum1[alen];

		u8 sum[alen];

		esp->auth.icv(esp, skb, 0, skb->len-alen, sum);

		err = esp_mac_digest(esp, skb, 0, skb->len - alen);

		if (err)

			goto out;

		if (skb_copy_bits(skb, skb->len-alen, sum1, alen))

		if (skb_copy_bits(skb, skb->len - alen, sum, alen))

			BUG();

		if (unlikely(memcmp(sum, sum1, alen))) {

		if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {

			x->stats.integrity_failed++;

			goto out;

		}

	esp->conf.tfm = NULL;

	kfree(esp->conf.ivec);

	esp->conf.ivec = NULL;

	crypto_free_tfm(esp->auth.tfm);

	crypto_free_hash(esp->auth.tfm);

	esp->auth.tfm = NULL;

	kfree(esp->auth.work_icv);

	esp->auth.work_icv = NULL;

	if (x->aalg) {

		struct xfrm_algo_desc *aalg_desc;

		struct crypto_hash *hash;

		esp->auth.key = x->aalg->alg_key;

		esp->auth.key_len = (x->aalg->alg_key_len+7)/8;

		esp->auth.tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);

		if (esp->auth.tfm == NULL)

		hash = crypto_alloc_hash(x->aalg->alg_name, 0,

					 CRYPTO_ALG_ASYNC);

		if (IS_ERR(hash))

			goto error;

		esp->auth.tfm = hash;

		if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))

			goto error;

		esp->auth.icv = esp_hmac_digest;

		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);

		BUG_ON(!aalg_desc);

		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=

		    crypto_tfm_alg_digestsize(esp->auth.tfm)) {

		    crypto_hash_digestsize(hash)) {

			NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",

				 x->aalg->alg_name,

				 crypto_tfm_alg_digestsize(esp->auth.tfm),

				 crypto_hash_digestsize(hash),

				 aalg_desc->uinfo.auth.icv_fullbits/8);

			goto error;

		}