linux/include/net/esp.h

#ifndef _NET_ESP_H
#define _NET_ESP_H

#include <linux/crypto.h>
#include <net/xfrm.h>
#include <asm/scatterlist.h>

#define ESP_NUM_FAST_SG		4

struct esp_data
{
	struct scatterlist		sgbuf[ESP_NUM_FAST_SG];

	/* Confidentiality */
	struct {
		u8			*key;		/* Key */
		int			key_len;	/* Key length */
		u8			*ivec;		/* ivec buffer */
		/* ivlen is offset from enc_data, where encrypted data start.
		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
		 * We assume that it is either zero (no ivec), or
		 * >= crypto_tfm_alg_ivsize(tfm). */
		int			ivlen;
		int			padlen;		/* 0..255 */
		struct crypto_blkcipher	*tfm;		/* crypto handle */
	} conf;

	/* Integrity. It is active when icv_full_len != 0 */
	struct {
		u8			*key;		/* Key */
		int			key_len;	/* Length of the key */
		u8			*work_icv;
		int			icv_full_len;
		int			icv_trunc_len;
		void			(*icv)(struct esp_data*,
		                               struct sk_buff *skb,
		                               int offset, int len, u8 *icv);
		struct crypto_tfm	*tfm;
	} auth;
};

extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len);
extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);

static inline void
esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
                int len, u8 *auth_data)
{
	struct crypto_tfm *tfm = esp->auth.tfm;
	char *icv = esp->auth.work_icv;

	memset(auth_data, 0, esp->auth.icv_trunc_len);
	crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
	skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
	crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
	memcpy(auth_data, icv, esp->auth.icv_trunc_len);
}

#endif
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`#ifndef _NET_ESP_H`
			`#define _NET_ESP_H`

[IPSEC]: Move linux/crypto.h inclusion out of net/xfrm.h The header file linux/crypto.h is only needed by a few files so including it in net/xfrm.h (which is included by half of the networking stack) is a waste. This patch moves it out of net/xfrm.h and into the specific header files that actually need it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2006-08-06 19:49:12 +10:00			`#include <linux/crypto.h>`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`#include <net/xfrm.h>`
			`#include <asm/scatterlist.h>`

			`#define ESP_NUM_FAST_SG 4`

			`struct esp_data`
			`{`
			`struct scatterlist sgbuf[ESP_NUM_FAST_SG];`

			`/* Confidentiality */`
			`struct {`
			`u8 key; / Key */`
			`int key_len; /* Key length */`
			`u8 ivec; / ivec buffer */`
			`/* ivlen is offset from enc_data, where encrypted data start.`
			`* It is logically different of crypto_tfm_alg_ivsize(tfm).`
			`* We assume that it is either zero (no ivec), or`
			`* >= crypto_tfm_alg_ivsize(tfm). */`
			`int ivlen;`
			`int padlen; /* 0..255 */`
[IPSEC] ESP: Use block ciphers where applicable This patch converts IPSec/ESP to use the new block cipher type where applicable. Similar to the HMAC conversion, existing algorithm names have been kept for compatibility. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2006-07-30 15:41:01 +10:00			`struct crypto_blkcipher tfm; / crypto handle */`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`} conf;`

			`/* Integrity. It is active when icv_full_len != 0 */`
			`struct {`
			`u8 key; / Key */`
			`int key_len; /* Length of the key */`
			`u8 *work_icv;`
			`int icv_full_len;`
			`int icv_trunc_len;`
			`void (icv)(struct esp_data,`
			`struct sk_buff *skb,`
			`int offset, int len, u8 *icv);`
			`struct crypto_tfm *tfm;`
			`} auth;`
			`};`

			`extern int skb_to_sgvec(struct sk_buff skb, struct scatterlist sg, int offset, int len);`
			`extern int skb_cow_data(struct sk_buff skb, int tailbits, struct sk_buff *trailer);`
			`extern void pskb_put(struct sk_buff skb, struct sk_buff *tail, int len);`

			`static inline void`
			`esp_hmac_digest(struct esp_data esp, struct sk_buff skb, int offset,`
			`int len, u8 *auth_data)`
			`{`
			`struct crypto_tfm *tfm = esp->auth.tfm;`
			`char *icv = esp->auth.work_icv;`

			`memset(auth_data, 0, esp->auth.icv_trunc_len);`
			`crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);`
			`skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);`
			`crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);`
			`memcpy(auth_data, icv, esp->auth.icv_trunc_len);`
			`}`

			`#endif`