Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: cde7068) | patch
dpdk: ipsec gcm fixes 56/23456/2
authorChristian Hopps <chopps@labn.net>
Sun, 3 Nov 2019 05:02:18 +0000 (01:02 -0400)
committerAndrew Yourtchenko <ayourtch@gmail.com>
Mon, 18 Nov 2019 13:30:59 +0000 (13:30 +0000)
commit8f6b9a39e63190639bfc19e162bfb63ccbf26871
tree3f20e2727d9cd4f39de3845679ca7e8f6a59d4dbtree | snapshot
parentcde7068bbe8d76d84c2e44f79e32c60a1525bcc9commit | diff
dpdk: ipsec gcm fixes

- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.

- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.

Type: fix

Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit d58419f19b33560d224471bc16674a525427308e)
src/plugins/dpdk/ipsec/esp_decrypt.c diff | blob | history
src/plugins/dpdk/ipsec/esp_encrypt.c diff | blob | history
src/plugins/dpdk/ipsec/ipsec.c diff | blob | history
Vector Packet Processing