From b5350285ce6ef3c66730f5d69f442bddb40f416b Mon Sep 17 00:00:00 2001 From: Zbigniew Bodek Date: Thu, 12 Jan 2017 15:52:37 +0100 Subject: [PATCH] examples/ipsec-secgw: support SHA256 HMAC Add minor adjustments to support SHA256 HMAC: - extend maximum key length to match SHA256 HMAC - add SHA256 HMAC parameters and configuration string - add SHA256 HMAC to inbound and outbound cases Signed-off-by: Zbigniew Bodek Acked-by: Sergio Gonzalez Monroy --- examples/ipsec-secgw/esp.c | 2 ++ examples/ipsec-secgw/ipsec.h | 2 +- examples/ipsec-secgw/sa.c | 6 ++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 9715ea9bd5..e77afa0e1d 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -122,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->auth_algo) { case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: + case RTE_CRYPTO_AUTH_SHA256_HMAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct esp_hdr) + sa->iv_len + payload_len; @@ -354,6 +355,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->auth_algo) { case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: + case RTE_CRYPTO_AUTH_SHA256_HMAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct esp_hdr) + sa->iv_len + pad_payload_len; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index dbc8c2cbed..fe4266143a 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -90,7 +90,7 @@ struct ip_addr { } ip; }; -#define MAX_KEY_SIZE 20 +#define MAX_KEY_SIZE 32 struct ipsec_sa { uint32_t spi; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 8c4406cf8f..39624c4936 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -113,6 +113,12 @@ const struct supported_auth_algo auth_algos[] = { .digest_len = 12, .key_len = 20 }, + { + .keyword = "sha256-hmac", + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .digest_len = 12, + .key_len = 32 + }, { .keyword = "aes-128-gcm", .algo = RTE_CRYPTO_AUTH_AES_GCM, -- 2.20.1