1 #ifndef _NET_ESP_H 2 #define _NET_ESP_H 3 4 #include <linux/crypto.h> 5 #include <net/xfrm.h> 6 #include <asm/scatterlist.h> 7 8 #define ESP_NUM_FAST_SG 4 9 10 struct esp_data 11 { 12 struct scatterlist sgbuf[ESP_NUM_FAST_SG]; 13 14 /* Confidentiality */ 15 struct { 16 int padlen; /* 0..255 */ 17 /* ivlen is offset from enc_data, where encrypted data start. 18 * It is logically different of crypto_tfm_alg_ivsize(tfm). 19 * We assume that it is either zero (no ivec), or 20 * >= crypto_tfm_alg_ivsize(tfm). */ 21 int ivlen; 22 int ivinitted; 23 u8 *ivec; /* ivec buffer */ 24 struct crypto_blkcipher *tfm; /* crypto handle */ 25 } conf; 26 27 /* Integrity. It is active when icv_full_len != 0 */ 28 struct { 29 u8 *work_icv; 30 int icv_full_len; 31 int icv_trunc_len; 32 struct crypto_hash *tfm; 33 } auth; 34 }; 35 36 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 37 38 static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, 39 int offset, int len) 40 { 41 struct hash_desc desc; 42 int err; 43 44 desc.tfm = esp->auth.tfm; 45 desc.flags = 0; 46 47 err = crypto_hash_init(&desc); 48 if (unlikely(err)) 49 return err; 50 err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); 51 if (unlikely(err)) 52 return err; 53 return crypto_hash_final(&desc, esp->auth.work_icv); 54 } 55 56 struct ip_esp_hdr; 57 58 static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb) 59 { 60 return (struct ip_esp_hdr *)skb_transport_header(skb); 61 } 62 63 #endif 64