[lng-odp] [PATCH API-NEXT v3 6/11] linux-gen: ipsec: support replay window checks

Github ODP bot Wed, 25 Oct 2017 02:10:17 -0700

From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: 825f75ed8644ef57c5648961e7982daf13cd9375
 ** Merge commit sha: 42beb7e73df5f59ecb1d29f3adb5d8669c61bca7
 **/
 platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)


diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 55b60162d..5bb8330cb 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
 
        capa->max_num_sa = ODP_CONFIG_IPSEC_SAS;
 
+       capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS;
+
        rc = odp_crypto_capability(&crypto_capa);
        if (rc < 0)
                return rc;
@@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
                ip->frag_offset = 0;
                ip->ttl = 0;
 
+               aad.spi = ah.spi;
+               aad.seq_no = ah.seq_no;
+
+               param.aad.ptr = (uint8_t *)&aad;
+               param.aad.length = sizeof(aad);
+
                param.auth_range.offset = ip_offset;
                param.auth_range.length = odp_be_to_cpu_16(ip->tot_len);
                param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN;
@@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
                goto out;
        }
 
+       if (_odp_ipsec_sa_replay_precheck(ipsec_sa,
+                                         odp_be_to_cpu_32(aad.seq_no),
+                                         status) < 0)
+               goto out;
+
        if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0)
                goto out;
 
@@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
        if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0)
                goto out;
 
+       if (_odp_ipsec_sa_replay_update(ipsec_sa,
+                                       odp_be_to_cpu_32(aad.seq_no),
+                                       status) < 0)
+               goto out;
+
        ip_offset = odp_packet_l3_offset(pkt);
        ip = odp_packet_l3_ptr(pkt, NULL);
        ip_hdr_len = ipv4_hdr_len(ip);
@@ -814,6 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
                ah.next_header = ip->proto;
                ip->proto = _ODP_IPPROTO_AH;
 
+               aad.spi = ah.spi;
+               aad.seq_no = ah.seq_no;
+
+               param.aad.ptr = (uint8_t *)&aad;
+               param.aad.length = sizeof(aad);
+
                odp_packet_copy_from_mem(pkt,
                                         ipsec_offset, _ODP_AHHDR_LEN,
                                         &ah);

[lng-odp] [PATCH API-NEXT v3 6/11] linux-gen: ipsec: support replay window checks

Reply via email to