[lng-odp] [PATCH API-NEXT v3 6/8] linux-gen: ipsec: add support for AES-GMAC-ESP

Github ODP bot Thu, 09 Nov 2017 06:06:58 -0800

From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>

Implement AES-GMAC-ESP support.


Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: ba7b9d98bb5dfe0cf7d7d28767c7a9c02d421d2d
 **/
 platform/linux-generic/odp_ipsec_sad.c | 60 +++++++++++++++++++---------------
 1 file changed, 34 insertions(+), 26 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 457b81d04..369d927ee 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -263,6 +263,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
        crypto_param.auth_alg = param->crypto.auth_alg;
        crypto_param.auth_key = param->crypto.auth_key;
 
+       switch (crypto_param.cipher_alg) {
+       case ODP_CIPHER_ALG_NULL:
+               ipsec_sa->esp_iv_len = 0;
+               ipsec_sa->esp_block_len = 1;
+               break;
+       case ODP_CIPHER_ALG_DES:
+       case ODP_CIPHER_ALG_3DES_CBC:
+               ipsec_sa->esp_iv_len = 8;
+               ipsec_sa->esp_block_len = 8;
+               break;
+#if ODP_DEPRECATED_API
+       case ODP_CIPHER_ALG_AES128_CBC:
+#endif
+       case ODP_CIPHER_ALG_AES_CBC:
+               ipsec_sa->esp_iv_len = 16;
+               ipsec_sa->esp_block_len = 16;
+               break;
+#if ODP_DEPRECATED_API
+       case ODP_CIPHER_ALG_AES128_GCM:
+#endif
+       case ODP_CIPHER_ALG_AES_GCM:
+               ipsec_sa->use_counter_iv = 1;
+               ipsec_sa->esp_iv_len = 8;
+               ipsec_sa->esp_block_len = 16;
+               ipsec_sa->icv_len = 16;
+               break;
+       default:
+               goto error;
+       }
+
        switch (crypto_param.auth_alg) {
        case ODP_AUTH_ALG_NULL:
                ipsec_sa->icv_len = 0;
@@ -291,35 +321,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
        case ODP_AUTH_ALG_AES_GCM:
                ipsec_sa->icv_len = 16;
                break;
-       default:
-               goto error;
-       }
-
-       switch (crypto_param.cipher_alg) {
-       case ODP_CIPHER_ALG_NULL:
-               ipsec_sa->esp_iv_len = 0;
-               ipsec_sa->esp_block_len = 1;
-               break;
-       case ODP_CIPHER_ALG_DES:
-       case ODP_CIPHER_ALG_3DES_CBC:
-               ipsec_sa->esp_iv_len = 8;
-               ipsec_sa->esp_block_len = 8;
-               break;
-#if ODP_DEPRECATED_API
-       case ODP_CIPHER_ALG_AES128_CBC:
-#endif
-       case ODP_CIPHER_ALG_AES_CBC:
-               ipsec_sa->esp_iv_len = 16;
-               ipsec_sa->esp_block_len = 16;
-               break;
-#if ODP_DEPRECATED_API
-       case ODP_CIPHER_ALG_AES128_GCM:
-#endif
-       case ODP_CIPHER_ALG_AES_GCM:
+       case ODP_AUTH_ALG_AES_GMAC:
+               if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
+                       return ODP_IPSEC_SA_INVALID;
                ipsec_sa->use_counter_iv = 1;
                ipsec_sa->esp_iv_len = 8;
                ipsec_sa->esp_block_len = 16;
-               crypto_param.iv.length = 12;
+               ipsec_sa->icv_len = 16;
                break;
        default:
                goto error;

[lng-odp] [PATCH API-NEXT v3 6/8] linux-gen: ipsec: add support for AES-GMAC-ESP

Reply via email to