#include <rte_byteorder.h>
#include <rte_errno.h>
#include <rte_ip.h>
+#include <rte_random.h>
#include "ipsec.h"
#include "esp.h"
.algo = RTE_CRYPTO_CIPHER_AES_GCM,
.iv_len = 8,
.block_size = 4,
- .key_len = 16
+ .key_len = 20
},
{
.keyword = "aes-128-ctr",
.algo = RTE_CRYPTO_CIPHER_AES_CTR,
.iv_len = 8,
.block_size = 16, /* XXX AESNI MB limition, should be 4 */
- .key_len = 16
+ .key_len = 20
}
};
.digest_len = 12,
.key_len = 20
},
+ {
+ .keyword = "sha256-hmac",
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .digest_len = 12,
+ .key_len = 32
+ },
{
.keyword = "aes-128-gcm",
.algo = RTE_CRYPTO_AUTH_AES_GCM,
.digest_len = 16,
- .key_len = 16,
.aad_len = 8,
.key_not_req = 1
}
parse_key_string(const char *key_str, uint8_t *key)
{
const char *pt_start = key_str, *pt_end = key_str;
- char sub_str[3];
uint32_t nb_bytes = 0;
while (pt_end != NULL) {
+ char sub_str[3] = {0};
+
pt_end = strchr(pt_start, ':');
- if (pt_end == NULL)
- strncpy(sub_str, pt_start, strlen(pt_start));
- else {
+ if (pt_end == NULL) {
+ if (strlen(pt_start) > 2)
+ return 0;
+ strncpy(sub_str, pt_start, 2);
+ } else {
if (pt_end - pt_start > 2)
return 0;
if (status->status < 0)
return;
+ if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+ rule->salt = (uint32_t)rte_rand();
+
+ if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+ (algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+ key_len -= 4;
+ rule->cipher_key_len = key_len;
+ memcpy(&rule->salt,
+ &rule->cipher_key[key_len], 4);
+ }
+
cipher_algo_p = 1;
continue;
}