From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> Implement AES-GMAC-ESP support.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: ba7b9d98bb5dfe0cf7d7d28767c7a9c02d421d2d **/ platform/linux-generic/odp_ipsec_sad.c | 60 +++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 457b81d04..369d927ee 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -263,6 +263,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.auth_alg = param->crypto.auth_alg; crypto_param.auth_key = param->crypto.auth_key; + switch (crypto_param.cipher_alg) { + case ODP_CIPHER_ALG_NULL: + ipsec_sa->esp_iv_len = 0; + ipsec_sa->esp_block_len = 1; + break; + case ODP_CIPHER_ALG_DES: + case ODP_CIPHER_ALG_3DES_CBC: + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 8; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_CBC: +#endif + case ODP_CIPHER_ALG_AES_CBC: + ipsec_sa->esp_iv_len = 16; + ipsec_sa->esp_block_len = 16; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_GCM: +#endif + case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 16; + ipsec_sa->icv_len = 16; + break; + default: + goto error; + } + switch (crypto_param.auth_alg) { case ODP_AUTH_ALG_NULL: ipsec_sa->icv_len = 0; @@ -291,35 +321,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_AUTH_ALG_AES_GCM: ipsec_sa->icv_len = 16; break; - default: - goto error; - } - - switch (crypto_param.cipher_alg) { - case ODP_CIPHER_ALG_NULL: - ipsec_sa->esp_iv_len = 0; - ipsec_sa->esp_block_len = 1; - break; - case ODP_CIPHER_ALG_DES: - case ODP_CIPHER_ALG_3DES_CBC: - ipsec_sa->esp_iv_len = 8; - ipsec_sa->esp_block_len = 8; - break; -#if ODP_DEPRECATED_API - case ODP_CIPHER_ALG_AES128_CBC: -#endif - case ODP_CIPHER_ALG_AES_CBC: - ipsec_sa->esp_iv_len = 16; - ipsec_sa->esp_block_len = 16; - break; -#if ODP_DEPRECATED_API - case ODP_CIPHER_ALG_AES128_GCM: -#endif - case ODP_CIPHER_ALG_AES_GCM: + case ODP_AUTH_ALG_AES_GMAC: + if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg) + return ODP_IPSEC_SA_INVALID; ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; - crypto_param.iv.length = 12; + ipsec_sa->icv_len = 16; break; default: goto error;