xref: /openbmc/linux/include/net/esp.h (revision d5cb9783536a41df9f9cba5b0a1d78047ed787f7)
1 #ifndef _NET_ESP_H
2 #define _NET_ESP_H
3 
4 #include <net/xfrm.h>
5 #include <asm/scatterlist.h>
6 
7 #define ESP_NUM_FAST_SG		4
8 
9 struct esp_data
10 {
11 	struct scatterlist		sgbuf[ESP_NUM_FAST_SG];
12 
13 	/* Confidentiality */
14 	struct {
15 		u8			*key;		/* Key */
16 		int			key_len;	/* Key length */
17 		u8			*ivec;		/* ivec buffer */
18 		/* ivlen is offset from enc_data, where encrypted data start.
19 		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
20 		 * We assume that it is either zero (no ivec), or
21 		 * >= crypto_tfm_alg_ivsize(tfm). */
22 		int			ivlen;
23 		int			padlen;		/* 0..255 */
24 		struct crypto_tfm	*tfm;		/* crypto handle */
25 	} conf;
26 
27 	/* Integrity. It is active when icv_full_len != 0 */
28 	struct {
29 		u8			*key;		/* Key */
30 		int			key_len;	/* Length of the key */
31 		u8			*work_icv;
32 		int			icv_full_len;
33 		int			icv_trunc_len;
34 		void			(*icv)(struct esp_data*,
35 		                               struct sk_buff *skb,
36 		                               int offset, int len, u8 *icv);
37 		struct crypto_tfm	*tfm;
38 	} auth;
39 };
40 
41 extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len);
42 extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
43 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
44 
45 static inline void
46 esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
47                 int len, u8 *auth_data)
48 {
49 	struct crypto_tfm *tfm = esp->auth.tfm;
50 	char *icv = esp->auth.work_icv;
51 
52 	memset(auth_data, 0, esp->auth.icv_trunc_len);
53 	crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
54 	skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
55 	crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
56 	memcpy(auth_data, icv, esp->auth.icv_trunc_len);
57 }
58 
59 #endif
60