diff mbox series

[API-NEXT,v16,15/16] linux-gen: ipsec: add AES-CTR cipher support

Message ID 1510581630-13993-16-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v16,1/16] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 13, 2017, 2 p.m. UTC 
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Add support for encrypting packets with AES-CTR cipher.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d
 **/
 platform/linux-generic/include/odp_ipsec_internal.h |  1 +
 platform/linux-generic/odp_ipsec.c                  | 13 +++++++++++++
 platform/linux-generic/odp_ipsec_sad.c              |  7 +++++++
 3 files changed, 21 insertions(+)
diff mbox series

Patch

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h
index 0a7f96256..b50b65be6 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -127,6 +127,7 @@  struct ipsec_sa_s {
 			unsigned	dec_ttl : 1;
 			unsigned	copy_dscp : 1;
 			unsigned	copy_df : 1;
+			unsigned	aes_ctr_iv : 1;
 
 			/* Only for outbound */
 			unsigned	use_counter_iv : 1;
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index 4c032b9c0..9533ca422 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -337,6 +337,13 @@  static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
 			goto err;
 		}
 
+		if (ipsec_sa->aes_ctr_iv) {
+			iv[12] = 0;
+			iv[13] = 0;
+			iv[14] = 0;
+			iv[15] = 1;
+		}
+
 		hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len;
 		trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len;
 
@@ -729,6 +736,12 @@  static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
 			memcpy(iv + ipsec_sa->salt_length, &ctr,
 			       ipsec_sa->esp_iv_len);
 
+			if (ipsec_sa->aes_ctr_iv) {
+				iv[12] = 0;
+				iv[13] = 0;
+				iv[14] = 0;
+				iv[15] = 1;
+			}
 		} else if (ipsec_sa->esp_iv_len) {
 			uint32_t len;
 
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 425175692..8eaa4f902 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -319,6 +319,13 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->esp_block_len = 16;
 		crypto_param.iv.length = 16;
 		break;
+	case ODP_CIPHER_ALG_AES_CTR:
+		ipsec_sa->use_counter_iv = 1;
+		ipsec_sa->aes_ctr_iv = 1;
+		ipsec_sa->esp_iv_len = 8;
+		ipsec_sa->esp_block_len = 16;
+		crypto_param.iv.length = 16;
+		break;
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_GCM:
 #endif