diff options
| author | Janne Peltonen <janne.peltonen@nokia.com> | 2021-06-21 13:54:13 +0300 |
|---|---|---|
| committer | Petri Savolainen <petri.savolainen@nokia.com> | 2021-07-08 15:53:53 +0300 |
| commit | d390fe72999e3c06ff45d3c0c6cd569f4e5858c2 (patch) | |
| tree | 765142ec5c9064701da0104cbd47c6a9104742ef /helper | |
| parent | a454f3b8856bf30e191d28f665b195ee15555f1b (diff) | |
helper: ipsec: check ICV length when checking auth capability
When checking IPsec algorithm support, check that the default ICV length
is supported. This patch does not add support for non-default ICV lengths
in the helper.
Add a helper function that returns the default ICV length for an algorithm.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Jere Leppänen <jere.leppanen@nokia.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Diffstat (limited to 'helper')
| -rw-r--r-- | helper/include/odp/helper/ipsec.h | 19 | ||||
| -rw-r--r-- | helper/ipsec.c | 57 |
2 files changed, 71 insertions, 5 deletions
diff --git a/helper/include/odp/helper/ipsec.h b/helper/include/odp/helper/ipsec.h index 66bed5399..1b2dbb77b 100644 --- a/helper/include/odp/helper/ipsec.h +++ b/helper/include/odp/helper/ipsec.h @@ -1,4 +1,5 @@ /* Copyright (c) 2014-2018, Linaro Limited + * Copyright (c) 2021, Nokia * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -74,9 +75,9 @@ ODP_STATIC_ASSERT(sizeof(odph_ahhdr_t) == ODPH_AHHDR_LEN, * Check IPSEC algorithm support * * Based on the capabilities exposed by the ODP implementation, check whether - * the specified IPSEC algorithm configuration is supported by the - * implementation. The caller provides the IPSEC capability structure as an - * argument to the helper function. + * the specified IPSEC algorithm configuration with the default ICV length + * is supported by the implementation. The caller provides the IPSEC + * capability structure as an argument to the helper function. * * @param capa IPSEC capability structure * @param cipher_alg Cipher algorithm @@ -94,6 +95,18 @@ int odph_ipsec_alg_check(odp_ipsec_capability_t capa, uint32_t auth_key_len); /** + * Return the default ICV length of an algorithm + * + * IPsec API specifies default ICV length for each authentication and + * combined mode algorithm. This function returns the default ICV length. + * + * @param auth_alg Authentication algorithm + * + * @return The default ICV length in bytes + */ +uint32_t odph_ipsec_auth_icv_len_default(odp_auth_alg_t auth_alg); + +/** * @} */ diff --git a/helper/ipsec.c b/helper/ipsec.c index 3d9e9fed8..3b54bb07f 100644 --- a/helper/ipsec.c +++ b/helper/ipsec.c @@ -1,5 +1,6 @@ /* Copyright (c) 2017-2018, Linaro Limited * Copyright (c) 2020 Marvell + * Copyright (c) 2021 Nokia * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -8,6 +9,55 @@ #include <odp/helper/ipsec.h> #include <odp/helper/odph_debug.h> +uint32_t odph_ipsec_auth_icv_len_default(odp_auth_alg_t auth_alg) +{ + uint32_t icv_len; + + switch (auth_alg) { + case ODP_AUTH_ALG_NULL: + icv_len = 0; + break; + case ODP_AUTH_ALG_MD5_HMAC: + icv_len = 12; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + icv_len = 12; + break; + case ODP_AUTH_ALG_SHA256_HMAC: + icv_len = 16; + break; + case ODP_AUTH_ALG_SHA384_HMAC: + icv_len = 24; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + icv_len = 32; + break; + case ODP_AUTH_ALG_AES_GCM: + icv_len = 16; + break; + case ODP_AUTH_ALG_AES_GMAC: + icv_len = 16; + break; + case ODP_AUTH_ALG_AES_CCM: + icv_len = 16; + break; + case ODP_AUTH_ALG_AES_CMAC: + icv_len = 12; + break; + case ODP_AUTH_ALG_AES_XCBC_MAC: + icv_len = 12; + break; + case ODP_AUTH_ALG_CHACHA20_POLY1305: + icv_len = 16; + break; + default: + ODPH_DBG("Unsupported authentication algorithm\n"); + icv_len = 0; + break; + } + return icv_len; +} + int odph_ipsec_alg_check(odp_ipsec_capability_t capa, odp_cipher_alg_t cipher_alg, uint32_t cipher_key_len, @@ -15,6 +65,7 @@ int odph_ipsec_alg_check(odp_ipsec_capability_t capa, uint32_t auth_key_len) { int i, num, max_capa; + uint32_t default_icv_len; odp_bool_t found; /* Check whether requested cipher algorithm is supported */ @@ -150,16 +201,18 @@ int odph_ipsec_alg_check(odp_ipsec_capability_t capa, return -1; } + default_icv_len = odph_ipsec_auth_icv_len_default(auth_alg); found = false; for (i = 0; i < num; i++) { - if (auth_capa[i].key_len == auth_key_len) { + if (auth_capa[i].key_len == auth_key_len && + auth_capa[i].icv_len == default_icv_len) { found = 1; break; } } if (!found) { - ODPH_DBG("Unsupported auth key length\n"); + ODPH_DBG("Unsupported auth key length & ICV length pair\n"); return -1; } |