1#ifndef _NET_ESP_H 2#define _NET_ESP_H 3 4#include <linux/crypto.h> 5#include <net/xfrm.h> 6#include <asm/scatterlist.h> 7 8#define ESP_NUM_FAST_SG 4 9 10struct esp_data 11{ 12 struct scatterlist sgbuf[ESP_NUM_FAST_SG]; 13 14 /* Confidentiality */ 15 struct { 16 u8 *key; /* Key */ 17 int key_len; /* Key length */ 18 int padlen; /* 0..255 */ 19 /* ivlen is offset from enc_data, where encrypted data start. 20 * It is logically different of crypto_tfm_alg_ivsize(tfm). 21 * We assume that it is either zero (no ivec), or 22 * >= crypto_tfm_alg_ivsize(tfm). */ 23 int ivlen; 24 int ivinitted; 25 u8 *ivec; /* ivec buffer */ 26 struct crypto_blkcipher *tfm; /* crypto handle */ 27 } conf; 28 29 /* Integrity. It is active when icv_full_len != 0 */ 30 struct { 31 u8 *key; /* Key */ 32 int key_len; /* Length of the key */ 33 u8 *work_icv; 34 int icv_full_len; 35 int icv_trunc_len; 36 void (*icv)(struct esp_data*, 37 struct sk_buff *skb, 38 int offset, int len, u8 *icv); 39 struct crypto_hash *tfm; 40 } auth; 41}; 42 43extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 44 45static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb, 46 int offset, int len) 47{ 48 struct hash_desc desc; 49 int err; 50 51 desc.tfm = esp->auth.tfm; 52 desc.flags = 0; 53 54 err = crypto_hash_init(&desc); 55 if (unlikely(err)) 56 return err; 57 err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update); 58 if (unlikely(err)) 59 return err; 60 return crypto_hash_final(&desc, esp->auth.work_icv); 61} 62 63#endif 64