[net-next-2.6.git] / include / net / esp.h

#ifndef _NET_ESP_H
#define _NET_ESP_H

#include <linux/crypto.h>
#include <net/xfrm.h>
#include <asm/scatterlist.h>

#define ESP_NUM_FAST_SG		4

struct esp_data
{
	struct scatterlist		sgbuf[ESP_NUM_FAST_SG];

	/* Confidentiality */
	struct {
		u8			*key;		/* Key */
		int			key_len;	/* Key length */
		int			padlen;		/* 0..255 */
		/* ivlen is offset from enc_data, where encrypted data start.
		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
		 * We assume that it is either zero (no ivec), or
		 * >= crypto_tfm_alg_ivsize(tfm). */
		int			ivlen;
		int			ivinitted;
		u8			*ivec;		/* ivec buffer */
		struct crypto_blkcipher	*tfm;		/* crypto handle */
	} conf;

	/* Integrity. It is active when icv_full_len != 0 */
	struct {
		u8			*key;		/* Key */
		int			key_len;	/* Length of the key */
		u8			*work_icv;
		int			icv_full_len;
		int			icv_trunc_len;
		void			(*icv)(struct esp_data*,
		                               struct sk_buff *skb,
		                               int offset, int len, u8 *icv);
		struct crypto_hash	*tfm;
	} auth;
};

extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);

static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
				 int offset, int len)
{
	struct hash_desc desc;
	int err;

	desc.tfm = esp->auth.tfm;
	desc.flags = 0;

	err = crypto_hash_init(&desc);
	if (unlikely(err))
		return err;
	err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
	if (unlikely(err))
		return err;
	return crypto_hash_final(&desc, esp->auth.work_icv);
}

#endif
Commit	Line	Data
1da177e4 LT	1	#ifndef _NET_ESP_H
	2	#define _NET_ESP_H
	3
9409f38a	4	#include <linux/crypto.h>
1da177e4 LT	5	#include <net/xfrm.h>
	6	#include <asm/scatterlist.h>
	7
	8	#define ESP_NUM_FAST_SG 4
	9
	10	struct esp_data
	11	{
	12	struct scatterlist sgbuf[ESP_NUM_FAST_SG];
	13
	14	/* Confidentiality */
	15	struct {
	16	u8 key; / Key */
	17	int key_len; /* Key length */
e4bec827	18	int padlen; /* 0..255 */
1da177e4 LT	19	/* ivlen is offset from enc_data, where encrypted data start.
	20	* It is logically different of crypto_tfm_alg_ivsize(tfm).
	21	* We assume that it is either zero (no ivec), or
	22	* >= crypto_tfm_alg_ivsize(tfm). */
	23	int ivlen;
e4bec827 DM	24	int ivinitted;
e4bec827 DM	25	u8 ivec; / ivec buffer */
6b7326c8	26	struct crypto_blkcipher tfm; / crypto handle */
1da177e4 LT	27	} conf;
	28
	29	/* Integrity. It is active when icv_full_len != 0 */
	30	struct {
	31	u8 key; / Key */
	32	int key_len; /* Length of the key */
	33	u8 *work_icv;
	34	int icv_full_len;
	35	int icv_trunc_len;
	36	void (icv)(struct esp_data,
	37	struct sk_buff *skb,
	38	int offset, int len, u8 *icv);
07d4ee58	39	struct crypto_hash *tfm;
1da177e4 LT	40	} auth;
	41	};
	42
1da177e4 LT	43	extern void pskb_put(struct sk_buff skb, struct sk_buff *tail, int len);
1da177e4 LT	44
07d4ee58 HX	45	static inline int esp_mac_digest(struct esp_data esp, struct sk_buff skb,
07d4ee58 HX	46	int offset, int len)
1da177e4	47	{
07d4ee58 HX	48	struct hash_desc desc;
	49	int err;
	50
	51	desc.tfm = esp->auth.tfm;
	52	desc.flags = 0;
	53
	54	err = crypto_hash_init(&desc);
	55	if (unlikely(err))
	56	return err;
	57	err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
	58	if (unlikely(err))
	59	return err;
	60	return crypto_hash_final(&desc, esp->auth.work_icv);
1da177e4 LT	61	}
	62
	63	#endif