X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fsa.c;h=39624c493643e4e8a9478744909044dc4bf384e6;hb=9e09761b43179caa3bc825a83b18e3b27ddf7f10;hp=00c8cceed77351ee45bde72899433ade3194268d;hpb=4470c22de2e1c2b4bf2f5486c43102d2aca58b8a;p=dpdk.git

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 00c8cceed7..39624c4936 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -45,6 +45,7 @@
 #include <rte_byteorder.h>
 #include <rte_errno.h>
 #include <rte_ip.h>
+#include <rte_random.h>
 
 #include "ipsec.h"
 #include "esp.h"
@@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 		.iv_len = 8,
 		.block_size = 4,
-		.key_len = 16
+		.key_len = 20
 	},
 	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
 		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
-		.key_len = 16
+		.key_len = 20
 	}
 };
 
@@ -112,11 +113,16 @@ const struct supported_auth_algo auth_algos[] = {
 		.digest_len = 12,
 		.key_len = 20
 	},
+	{
+		.keyword = "sha256-hmac",
+		.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+		.digest_len = 12,
+		.key_len = 32
+	},
 	{
 		.keyword = "aes-128-gcm",
 		.algo = RTE_CRYPTO_AUTH_AES_GCM,
 		.digest_len = 16,
-		.key_len = 16,
 		.aad_len = 8,
 		.key_not_req = 1
 	}
@@ -170,15 +176,18 @@ static uint32_t
 parse_key_string(const char *key_str, uint8_t *key)
 {
 	const char *pt_start = key_str, *pt_end = key_str;
-	char sub_str[3];
 	uint32_t nb_bytes = 0;
 
 	while (pt_end != NULL) {
+		char sub_str[3] = {0};
+
 		pt_end = strchr(pt_start, ':');
 
-		if (pt_end == NULL)
-			strncpy(sub_str, pt_start, strlen(pt_start));
-		else {
+		if (pt_end == NULL) {
+			if (strlen(pt_start) > 2)
+				return 0;
+			strncpy(sub_str, pt_start, 2);
+		} else {
 			if (pt_end - pt_start > 2)
 				return 0;
 
@@ -307,6 +316,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (status->status < 0)
 				return;
 
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+				rule->salt = (uint32_t)rte_rand();
+
+			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+				key_len -= 4;
+				rule->cipher_key_len = key_len;
+				memcpy(&rule->salt,
+					&rule->cipher_key[key_len], 4);
+			}
+
 			cipher_algo_p = 1;
 			continue;
 		}