examples/ipsec-secgw: initialize SA salt

This patch initializes the salt value used by the following cipher algorithms: - CBC: random salt - GCM/CTR: the key required is 20B, and the last 4B are used as salt. Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-09-29 16:44:13 +01:00 · 2016-09-29 16:44:13 +01:00 · 50d75cae2a
commit 50d75cae2a
parent e715ca2892
1 changed files with 14 additions and 3 deletions
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@ -45,6 +45,7 @@
 #include <rte_byteorder.h>
 #include <rte_errno.h>
 #include <rte_ip.h>
+#include <rte_random.h>

 #include "ipsec.h"
 #include "esp.h"
@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 		.iv_len = 8,
 		.block_size = 4,
-		.key_len = 16
+		.key_len = 20
 	},
 	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
 		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
-		.key_len = 16
+		.key_len = 20
 	}
 };

@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "aes-128-gcm",
 		.algo = RTE_CRYPTO_AUTH_AES_GCM,
 		.digest_len = 16,
-		.key_len = 16,
 		.aad_len = 8,
 		.key_not_req = 1
 	}
@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (status->status < 0)
 				return;

+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+				rule->salt = (uint32_t)rte_rand();
+
+			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+				key_len -= 4;
+				rule->cipher_key_len = key_len;
+				memcpy(&rule->salt,
+					&rule->cipher_key[key_len], 4);
+			}
+
 			cipher_algo_p = 1;
 			continue;
 		}