[dpdk-dev] examples/ipsec-secgw: add support for SHA256 HMAC
Checks
Commit Message
From: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
Add minor adjustments to support SHA256 HMAC:
- extend maximum key length to match SHA256 HMAC
- add SHA256 HMAC parameters and configuration string
- add SHA256 HMAC to inbound and outbound cases
Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
---
examples/ipsec-secgw/esp.c | 2 ++
examples/ipsec-secgw/ipsec.h | 2 +-
examples/ipsec-secgw/sa.c | 6 ++++++
3 files changed, 9 insertions(+), 1 deletion(-)
Comments
On 12/01/2017 14:52, zbigniew.bodek@caviumnetworks.com wrote:
> From: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
>
> Add minor adjustments to support SHA256 HMAC:
> - extend maximum key length to match SHA256 HMAC
> - add SHA256 HMAC parameters and configuration string
> - add SHA256 HMAC to inbound and outbound cases
>
> Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
> ---
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Friday, January 13, 2017 8:52 AM
> To: zbigniew.bodek@caviumnetworks.com; dev@dpdk.org
> Cc: jerin.jacob@caviumnetworks.com
> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: add support for
> SHA256 HMAC
>
> On 12/01/2017 14:52, zbigniew.bodek@caviumnetworks.com wrote:
> > From: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
> >
> > Add minor adjustments to support SHA256 HMAC:
> > - extend maximum key length to match SHA256 HMAC
> > - add SHA256 HMAC parameters and configuration string
> > - add SHA256 HMAC to inbound and outbound cases
> >
> > Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
> > ---
>
> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
@@ -122,6 +122,7 @@
switch (sa->auth_algo) {
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct esp_hdr) +
sa->iv_len + payload_len;
@@ -354,6 +355,7 @@
switch (sa->auth_algo) {
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct esp_hdr) +
sa->iv_len + pad_payload_len;
@@ -90,7 +90,7 @@ struct ip_addr {
} ip;
};
-#define MAX_KEY_SIZE 20
+#define MAX_KEY_SIZE 32
struct ipsec_sa {
uint32_t spi;
@@ -114,6 +114,12 @@ struct supported_auth_algo {
.key_len = 20
},
{
+ .keyword = "sha256-hmac",
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .digest_len = 12,
+ .key_len = 32
+ },
+ {
.keyword = "aes-128-gcm",
.algo = RTE_CRYPTO_AUTH_AES_GCM,
.digest_len = 16,