xref: /openbmc/linux/include/net/esp.h (revision 6b7326c8) 
11da177e4SLinus Torvalds #ifndef _NET_ESP_H
21da177e4SLinus Torvalds #define _NET_ESP_H
31da177e4SLinus Torvalds 
49409f38aSHerbert Xu #include <linux/crypto.h>
51da177e4SLinus Torvalds #include <net/xfrm.h>
61da177e4SLinus Torvalds #include <asm/scatterlist.h>
71da177e4SLinus Torvalds 
81da177e4SLinus Torvalds #define ESP_NUM_FAST_SG		4
91da177e4SLinus Torvalds 
101da177e4SLinus Torvalds struct esp_data
111da177e4SLinus Torvalds {
121da177e4SLinus Torvalds 	struct scatterlist		sgbuf[ESP_NUM_FAST_SG];
131da177e4SLinus Torvalds 
141da177e4SLinus Torvalds 	/* Confidentiality */
151da177e4SLinus Torvalds 	struct {
161da177e4SLinus Torvalds 		u8			*key;		/* Key */
171da177e4SLinus Torvalds 		int			key_len;	/* Key length */
181da177e4SLinus Torvalds 		u8			*ivec;		/* ivec buffer */
191da177e4SLinus Torvalds 		/* ivlen is offset from enc_data, where encrypted data start.
201da177e4SLinus Torvalds 		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
211da177e4SLinus Torvalds 		 * We assume that it is either zero (no ivec), or
221da177e4SLinus Torvalds 		 * >= crypto_tfm_alg_ivsize(tfm). */
231da177e4SLinus Torvalds 		int			ivlen;
241da177e4SLinus Torvalds 		int			padlen;		/* 0..255 */
256b7326c8SHerbert Xu 		struct crypto_blkcipher	*tfm;		/* crypto handle */
261da177e4SLinus Torvalds 	} conf;
271da177e4SLinus Torvalds 
281da177e4SLinus Torvalds 	/* Integrity. It is active when icv_full_len != 0 */
291da177e4SLinus Torvalds 	struct {
301da177e4SLinus Torvalds 		u8			*key;		/* Key */
311da177e4SLinus Torvalds 		int			key_len;	/* Length of the key */
321da177e4SLinus Torvalds 		u8			*work_icv;
331da177e4SLinus Torvalds 		int			icv_full_len;
341da177e4SLinus Torvalds 		int			icv_trunc_len;
351da177e4SLinus Torvalds 		void			(*icv)(struct esp_data*,
361da177e4SLinus Torvalds 		                               struct sk_buff *skb,
371da177e4SLinus Torvalds 		                               int offset, int len, u8 *icv);
381da177e4SLinus Torvalds 		struct crypto_tfm	*tfm;
391da177e4SLinus Torvalds 	} auth;
401da177e4SLinus Torvalds };
411da177e4SLinus Torvalds 
421da177e4SLinus Torvalds extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len);
431da177e4SLinus Torvalds extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
441da177e4SLinus Torvalds extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
451da177e4SLinus Torvalds 
461da177e4SLinus Torvalds static inline void
471da177e4SLinus Torvalds esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
481da177e4SLinus Torvalds                 int len, u8 *auth_data)
491da177e4SLinus Torvalds {
501da177e4SLinus Torvalds 	struct crypto_tfm *tfm = esp->auth.tfm;
511da177e4SLinus Torvalds 	char *icv = esp->auth.work_icv;
521da177e4SLinus Torvalds 
531da177e4SLinus Torvalds 	memset(auth_data, 0, esp->auth.icv_trunc_len);
541da177e4SLinus Torvalds 	crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
551da177e4SLinus Torvalds 	skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
561da177e4SLinus Torvalds 	crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
571da177e4SLinus Torvalds 	memcpy(auth_data, icv, esp->auth.icv_trunc_len);
581da177e4SLinus Torvalds }
591da177e4SLinus Torvalds 
601da177e4SLinus Torvalds #endif
61