[dpdk-dev] [PATCH v3 7/9] examples/ipsec-secgw: initialize sa salt
Sergio Gonzalez Monroy
sergio.gonzalez.monroy at intel.com
Thu Sep 29 17:44:13 CEST 2016
This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
---
examples/ipsec-secgw/sa.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 00c8cce..9e2c8a9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -45,6 +45,7 @@
#include <rte_byteorder.h>
#include <rte_errno.h>
#include <rte_ip.h>
+#include <rte_random.h>
#include "ipsec.h"
#include "esp.h"
@@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = {
.algo = RTE_CRYPTO_CIPHER_AES_GCM,
.iv_len = 8,
.block_size = 4,
- .key_len = 16
+ .key_len = 20
},
{
.keyword = "aes-128-ctr",
.algo = RTE_CRYPTO_CIPHER_AES_CTR,
.iv_len = 8,
.block_size = 16, /* XXX AESNI MB limition, should be 4 */
- .key_len = 16
+ .key_len = 20
}
};
@@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = {
.keyword = "aes-128-gcm",
.algo = RTE_CRYPTO_AUTH_AES_GCM,
.digest_len = 16,
- .key_len = 16,
.aad_len = 8,
.key_not_req = 1
}
@@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
if (status->status < 0)
return;
+ if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+ rule->salt = (uint32_t)rte_rand();
+
+ if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+ (algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+ key_len -= 4;
+ rule->cipher_key_len = key_len;
+ memcpy(&rule->salt,
+ &rule->cipher_key[key_len], 4);
+ }
+
cipher_algo_p = 1;
continue;
}
--
2.5.5
More information about the dev
mailing list