xref: /openbmc/linux/include/net/esp.h (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 #ifndef _NET_ESP_H
2 #define _NET_ESP_H
3 
4 #include <linux/crypto.h>
5 #include <net/xfrm.h>
6 #include <asm/scatterlist.h>
7 
8 #define ESP_NUM_FAST_SG		4
9 
10 struct esp_data
11 {
12 	struct scatterlist		sgbuf[ESP_NUM_FAST_SG];
13 
14 	/* Confidentiality */
15 	struct {
16 		u8			*key;		/* Key */
17 		int			key_len;	/* Key length */
18 		int			padlen;		/* 0..255 */
19 		/* ivlen is offset from enc_data, where encrypted data start.
20 		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
21 		 * We assume that it is either zero (no ivec), or
22 		 * >= crypto_tfm_alg_ivsize(tfm). */
23 		int			ivlen;
24 		int			ivinitted;
25 		u8			*ivec;		/* ivec buffer */
26 		struct crypto_blkcipher	*tfm;		/* crypto handle */
27 	} conf;
28 
29 	/* Integrity. It is active when icv_full_len != 0 */
30 	struct {
31 		u8			*key;		/* Key */
32 		int			key_len;	/* Length of the key */
33 		u8			*work_icv;
34 		int			icv_full_len;
35 		int			icv_trunc_len;
36 		void			(*icv)(struct esp_data*,
37 		                               struct sk_buff *skb,
38 		                               int offset, int len, u8 *icv);
39 		struct crypto_hash	*tfm;
40 	} auth;
41 };
42 
43 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
44 
45 static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
46 				 int offset, int len)
47 {
48 	struct hash_desc desc;
49 	int err;
50 
51 	desc.tfm = esp->auth.tfm;
52 	desc.flags = 0;
53 
54 	err = crypto_hash_init(&desc);
55 	if (unlikely(err))
56 		return err;
57 	err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
58 	if (unlikely(err))
59 		return err;
60 	return crypto_hash_final(&desc, esp->auth.work_icv);
61 }
62 
63 #endif
64