From 50d75cae2a2c521db81caf24476e2860c98f825b Mon Sep 17 00:00:00 2001 From: Sergio Gonzalez Monroy Date: Thu, 29 Sep 2016 16:44:13 +0100 Subject: [PATCH] examples/ipsec-secgw: initialize SA salt This patch initializes the salt value used by the following cipher algorithms: - CBC: random salt - GCM/CTR: the key required is 20B, and the last 4B are used as salt. Signed-off-by: Sergio Gonzalez Monroy Acked-by: Pablo de Lara --- examples/ipsec-secgw/sa.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 00c8cceed7..9e2c8a9a8f 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -45,6 +45,7 @@ #include #include #include +#include #include "ipsec.h" #include "esp.h" @@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = { .algo = RTE_CRYPTO_CIPHER_AES_GCM, .iv_len = 8, .block_size = 4, - .key_len = 16 + .key_len = 20 }, { .keyword = "aes-128-ctr", .algo = RTE_CRYPTO_CIPHER_AES_CTR, .iv_len = 8, .block_size = 16, /* XXX AESNI MB limition, should be 4 */ - .key_len = 16 + .key_len = 20 } }; @@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = { .keyword = "aes-128-gcm", .algo = RTE_CRYPTO_AUTH_AES_GCM, .digest_len = 16, - .key_len = 16, .aad_len = 8, .key_not_req = 1 } @@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, if (status->status < 0) return; + if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC) + rule->salt = (uint32_t)rte_rand(); + + if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) || + (algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) { + key_len -= 4; + rule->cipher_key_len = key_len; + memcpy(&rule->salt, + &rule->cipher_key[key_len], 4); + } + cipher_algo_p = 1; continue; } -- 2.20.1