1 #ifndef _NET_ESP_H 2 #define _NET_ESP_H 3 4 #include <linux/crypto.h> 5 #include <net/xfrm.h> 6 #include <asm/scatterlist.h> 7 8 #define ESP_NUM_FAST_SG 4 9 10 struct esp_data 11 { 12 struct scatterlist sgbuf[ESP_NUM_FAST_SG]; 13 14 /* Confidentiality */ 15 struct { 16 u8 *key; /* Key */ 17 int key_len; /* Key length */ 18 u8 *ivec; /* ivec buffer */ 19 /* ivlen is offset from enc_data, where encrypted data start. 20 * It is logically different of crypto_tfm_alg_ivsize(tfm). 21 * We assume that it is either zero (no ivec), or 22 * >= crypto_tfm_alg_ivsize(tfm). */ 23 int ivlen; 24 int padlen; /* 0..255 */ 25 struct crypto_blkcipher *tfm; /* crypto handle */ 26 } conf; 27 28 /* Integrity. It is active when icv_full_len != 0 */ 29 struct { 30 u8 *key; /* Key */ 31 int key_len; /* Length of the key */ 32 u8 *work_icv; 33 int icv_full_len; 34 int icv_trunc_len; 35 void (*icv)(struct esp_data*, 36 struct sk_buff *skb, 37 int offset, int len, u8 *icv); 38 struct crypto_hash *tfm; 39 } auth; 40 }; 41 42 extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len); 43 extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); 44 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 45 46 static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, 47 int offset, int len) 48 { 49 struct hash_desc desc; 50 int err; 51 52 desc.tfm = esp->auth.tfm; 53 desc.flags = 0; 54 55 err = crypto_hash_init(&desc); 56 if (unlikely(err)) 57 return err; 58 err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); 59 if (unlikely(err)) 60 return err; 61 return crypto_hash_final(&desc, esp->auth.work_icv); 62 } 63 64 #endif 65