diff mbox series

[API-NEXT,v6,6/12] linux-gen: ipsec: add support for AES-GMAC-ESP

Message ID 1510581611-13870-7-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v6,1/12] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 13, 2017, 2 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Implement AES-GMAC-ESP support.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 60f2c36c67f6b216666f85876af63f7091b1bff0
 **/
 platform/linux-generic/odp_ipsec_sad.c | 66 +++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 28 deletions(-)
diff mbox series

Patch

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index b2d12eada..e76c7a195 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -263,6 +263,40 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 	crypto_param.auth_alg = param->crypto.auth_alg;
 	crypto_param.auth_key = param->crypto.auth_key;
 
+	switch (crypto_param.cipher_alg) {
+	case ODP_CIPHER_ALG_NULL:
+		ipsec_sa->esp_iv_len = 0;
+		ipsec_sa->esp_block_len = 1;
+		crypto_param.iv.length = 0;
+		break;
+	case ODP_CIPHER_ALG_DES:
+	case ODP_CIPHER_ALG_3DES_CBC:
+		ipsec_sa->esp_iv_len = 8;
+		ipsec_sa->esp_block_len = 8;
+		crypto_param.iv.length = 8;
+		break;
+#if ODP_DEPRECATED_API
+	case ODP_CIPHER_ALG_AES128_CBC:
+#endif
+	case ODP_CIPHER_ALG_AES_CBC:
+		ipsec_sa->esp_iv_len = 16;
+		ipsec_sa->esp_block_len = 16;
+		crypto_param.iv.length = 16;
+		break;
+#if ODP_DEPRECATED_API
+	case ODP_CIPHER_ALG_AES128_GCM:
+#endif
+	case ODP_CIPHER_ALG_AES_GCM:
+		ipsec_sa->use_counter_iv = 1;
+		ipsec_sa->esp_iv_len = 8;
+		ipsec_sa->esp_block_len = 16;
+		ipsec_sa->icv_len = 16;
+		crypto_param.iv.length = 12;
+		break;
+	default:
+		goto error;
+	}
+
 	switch (crypto_param.auth_alg) {
 	case ODP_AUTH_ALG_NULL:
 		ipsec_sa->icv_len = 0;
@@ -291,37 +325,13 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 	case ODP_AUTH_ALG_AES_GCM:
 		ipsec_sa->icv_len = 16;
 		break;
-	default:
-		goto error;
-	}
-
-	switch (crypto_param.cipher_alg) {
-	case ODP_CIPHER_ALG_NULL:
-		ipsec_sa->esp_iv_len = 0;
-		ipsec_sa->esp_block_len = 1;
-		crypto_param.iv.length = 0;
-		break;
-	case ODP_CIPHER_ALG_DES:
-	case ODP_CIPHER_ALG_3DES_CBC:
-		ipsec_sa->esp_iv_len = 8;
-		ipsec_sa->esp_block_len = 8;
-		crypto_param.iv.length = 8;
-		break;
-#if ODP_DEPRECATED_API
-	case ODP_CIPHER_ALG_AES128_CBC:
-#endif
-	case ODP_CIPHER_ALG_AES_CBC:
-		ipsec_sa->esp_iv_len = 16;
-		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 16;
-		break;
-#if ODP_DEPRECATED_API
-	case ODP_CIPHER_ALG_AES128_GCM:
-#endif
-	case ODP_CIPHER_ALG_AES_GCM:
+	case ODP_AUTH_ALG_AES_GMAC:
+		if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
+			return ODP_IPSEC_SA_INVALID;
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
+		ipsec_sa->icv_len = 16;
 		crypto_param.iv.length = 12;
 		break;
 	default: