From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id C33F35689 for ; Thu, 29 Sep 2016 17:44:26 +0200 (CEST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP; 29 Sep 2016 08:44:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,415,1470726000"; d="scan'208";a="14587626" Received: from sie-lab-212-109.ir.intel.com (HELO silpixa00389029.ir.intel.com) ([10.237.212.109]) by fmsmga005.fm.intel.com with ESMTP; 29 Sep 2016 08:44:25 -0700 From: Sergio Gonzalez Monroy To: dev@dpdk.org Cc: pablo.de.lara.guarch@intel.com Date: Thu, 29 Sep 2016 16:44:13 +0100 Message-Id: <1475163857-142366-8-git-send-email-sergio.gonzalez.monroy@intel.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1475163857-142366-1-git-send-email-sergio.gonzalez.monroy@intel.com> References: <1474616734-118291-1-git-send-email-sergio.gonzalez.monroy@intel.com> <1475163857-142366-1-git-send-email-sergio.gonzalez.monroy@intel.com> Subject: [dpdk-dev] [PATCH v3 7/9] examples/ipsec-secgw: initialize sa salt X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 15:44:27 -0000 This patch initializes the salt value used by the following cipher algorithms: - CBC: random salt - GCM/CTR: the key required is 20B, and the last 4B are used as salt. Signed-off-by: Sergio Gonzalez Monroy --- examples/ipsec-secgw/sa.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 00c8cce..9e2c8a9 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -45,6 +45,7 @@ #include #include #include +#include #include "ipsec.h" #include "esp.h" @@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = { .algo = RTE_CRYPTO_CIPHER_AES_GCM, .iv_len = 8, .block_size = 4, - .key_len = 16 + .key_len = 20 }, { .keyword = "aes-128-ctr", .algo = RTE_CRYPTO_CIPHER_AES_CTR, .iv_len = 8, .block_size = 16, /* XXX AESNI MB limition, should be 4 */ - .key_len = 16 + .key_len = 20 } }; @@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = { .keyword = "aes-128-gcm", .algo = RTE_CRYPTO_AUTH_AES_GCM, .digest_len = 16, - .key_len = 16, .aad_len = 8, .key_not_req = 1 } @@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, if (status->status < 0) return; + if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC) + rule->salt = (uint32_t)rte_rand(); + + if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) || + (algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) { + key_len -= 4; + rule->cipher_key_len = key_len; + memcpy(&rule->salt, + &rule->cipher_key[key_len], 4); + } + cipher_algo_p = 1; continue; } -- 2.5.5