]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | #ifndef _NET_ESP_H |
2 | #define _NET_ESP_H | |
3 | ||
9409f38a | 4 | #include <linux/crypto.h> |
1da177e4 LT |
5 | #include <net/xfrm.h> |
6 | #include <asm/scatterlist.h> | |
7 | ||
8 | #define ESP_NUM_FAST_SG 4 | |
9 | ||
10 | struct esp_data | |
11 | { | |
12 | struct scatterlist sgbuf[ESP_NUM_FAST_SG]; | |
13 | ||
14 | /* Confidentiality */ | |
15 | struct { | |
16 | u8 *key; /* Key */ | |
17 | int key_len; /* Key length */ | |
18 | u8 *ivec; /* ivec buffer */ | |
19 | /* ivlen is offset from enc_data, where encrypted data start. | |
20 | * It is logically different of crypto_tfm_alg_ivsize(tfm). | |
21 | * We assume that it is either zero (no ivec), or | |
22 | * >= crypto_tfm_alg_ivsize(tfm). */ | |
23 | int ivlen; | |
24 | int padlen; /* 0..255 */ | |
6b7326c8 | 25 | struct crypto_blkcipher *tfm; /* crypto handle */ |
1da177e4 LT |
26 | } conf; |
27 | ||
28 | /* Integrity. It is active when icv_full_len != 0 */ | |
29 | struct { | |
30 | u8 *key; /* Key */ | |
31 | int key_len; /* Length of the key */ | |
32 | u8 *work_icv; | |
33 | int icv_full_len; | |
34 | int icv_trunc_len; | |
35 | void (*icv)(struct esp_data*, | |
36 | struct sk_buff *skb, | |
37 | int offset, int len, u8 *icv); | |
38 | struct crypto_tfm *tfm; | |
39 | } auth; | |
40 | }; | |
41 | ||
42 | extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len); | |
43 | extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); | |
44 | extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); | |
45 | ||
46 | static inline void | |
47 | esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, | |
48 | int len, u8 *auth_data) | |
49 | { | |
50 | struct crypto_tfm *tfm = esp->auth.tfm; | |
51 | char *icv = esp->auth.work_icv; | |
52 | ||
53 | memset(auth_data, 0, esp->auth.icv_trunc_len); | |
54 | crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); | |
55 | skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); | |
56 | crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); | |
57 | memcpy(auth_data, icv, esp->auth.icv_trunc_len); | |
58 | } | |
59 | ||
60 | #endif |