diff options
Diffstat (limited to 'example/ipsec_crypto/odp_ipsec.c')
-rw-r--r-- | example/ipsec_crypto/odp_ipsec.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/example/ipsec_crypto/odp_ipsec.c b/example/ipsec_crypto/odp_ipsec.c index 9fec94620..c6a64399f 100644 --- a/example/ipsec_crypto/odp_ipsec.c +++ b/example/ipsec_crypto/odp_ipsec.c @@ -1,4 +1,5 @@ /* Copyright (c) 2013-2018, Linaro Limited + * Copyright (c) 2021, Nokia * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -772,6 +773,20 @@ pkt_disposition_e do_ipsec_in_finish(odp_packet_t pkt, return PKT_CONTINUE; } +static int generate_iv(uint8_t *buf, uint32_t size) +{ + uint32_t n = 0; + int32_t ret; + + while (n < size) { + ret = odp_random_data(buf + n, size - n, ODP_RANDOM_CRYPTO); + if (ret < 0) + return 1; + n += ret; + } + return 0; +} + /** * Packet Processing - Output IPsec packet classification * @@ -859,7 +874,9 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, trl_len = encrypt_len - ip_data_len; esp->spi = odp_cpu_to_be_32(entry->esp.spi); - memcpy(esp + 1, entry->state.iv, entry->esp.iv_len); + if (generate_iv(esp->iv, entry->esp.iv_len)) + return PKT_DROP; + params.cipher_iv_ptr = esp->iv; esp_t = (odph_esptrl_t *)(ip_data + encrypt_len) - 1; esp_t->pad_len = trl_len - sizeof(*esp_t); @@ -957,20 +974,9 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t *pkt, } if (ctx->ipsec.tun_hdr_offset) { odph_ipv4hdr_t *ip; - int ret; ip = (odph_ipv4hdr_t *)(ctx->ipsec.tun_hdr_offset + buf); ip->id = odp_cpu_to_be_16((*ctx->ipsec.tun_hdr_id)++); - if (!ip->id) { - /* re-init tunnel hdr id */ - ret = odp_random_data((uint8_t *)ctx->ipsec.tun_hdr_id, - sizeof(*ctx->ipsec.tun_hdr_id), - 1); - if (ret != sizeof(*ctx->ipsec.tun_hdr_id)) { - ODPH_ERR("Error: Not enough random data\n"); - exit(EXIT_FAILURE); - } - } } out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; |