11da177e4SLinus Torvalds #ifndef _NET_ESP_H 21da177e4SLinus Torvalds #define _NET_ESP_H 31da177e4SLinus Torvalds 49409f38aSHerbert Xu #include <linux/crypto.h> 51da177e4SLinus Torvalds #include <net/xfrm.h> 61da177e4SLinus Torvalds #include <asm/scatterlist.h> 71da177e4SLinus Torvalds 81da177e4SLinus Torvalds #define ESP_NUM_FAST_SG 4 91da177e4SLinus Torvalds 101da177e4SLinus Torvalds struct esp_data 111da177e4SLinus Torvalds { 121da177e4SLinus Torvalds struct scatterlist sgbuf[ESP_NUM_FAST_SG]; 131da177e4SLinus Torvalds 141da177e4SLinus Torvalds /* Confidentiality */ 151da177e4SLinus Torvalds struct { 161da177e4SLinus Torvalds u8 *key; /* Key */ 171da177e4SLinus Torvalds int key_len; /* Key length */ 181da177e4SLinus Torvalds u8 *ivec; /* ivec buffer */ 191da177e4SLinus Torvalds /* ivlen is offset from enc_data, where encrypted data start. 201da177e4SLinus Torvalds * It is logically different of crypto_tfm_alg_ivsize(tfm). 211da177e4SLinus Torvalds * We assume that it is either zero (no ivec), or 221da177e4SLinus Torvalds * >= crypto_tfm_alg_ivsize(tfm). */ 231da177e4SLinus Torvalds int ivlen; 241da177e4SLinus Torvalds int padlen; /* 0..255 */ 256b7326c8SHerbert Xu struct crypto_blkcipher *tfm; /* crypto handle */ 261da177e4SLinus Torvalds } conf; 271da177e4SLinus Torvalds 281da177e4SLinus Torvalds /* Integrity. It is active when icv_full_len != 0 */ 291da177e4SLinus Torvalds struct { 301da177e4SLinus Torvalds u8 *key; /* Key */ 311da177e4SLinus Torvalds int key_len; /* Length of the key */ 321da177e4SLinus Torvalds u8 *work_icv; 331da177e4SLinus Torvalds int icv_full_len; 341da177e4SLinus Torvalds int icv_trunc_len; 351da177e4SLinus Torvalds void (*icv)(struct esp_data*, 361da177e4SLinus Torvalds struct sk_buff *skb, 371da177e4SLinus Torvalds int offset, int len, u8 *icv); 381da177e4SLinus Torvalds struct crypto_tfm *tfm; 391da177e4SLinus Torvalds } auth; 401da177e4SLinus Torvalds }; 411da177e4SLinus Torvalds 421da177e4SLinus Torvalds extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len); 431da177e4SLinus Torvalds extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); 441da177e4SLinus Torvalds extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 451da177e4SLinus Torvalds 461da177e4SLinus Torvalds static inline void 471da177e4SLinus Torvalds esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, 481da177e4SLinus Torvalds int len, u8 *auth_data) 491da177e4SLinus Torvalds { 501da177e4SLinus Torvalds struct crypto_tfm *tfm = esp->auth.tfm; 511da177e4SLinus Torvalds char *icv = esp->auth.work_icv; 521da177e4SLinus Torvalds 531da177e4SLinus Torvalds memset(auth_data, 0, esp->auth.icv_trunc_len); 541da177e4SLinus Torvalds crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); 551da177e4SLinus Torvalds skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); 561da177e4SLinus Torvalds crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); 571da177e4SLinus Torvalds memcpy(auth_data, icv, esp->auth.icv_trunc_len); 581da177e4SLinus Torvalds } 591da177e4SLinus Torvalds 601da177e4SLinus Torvalds #endif 61