crypto: AES GCM IV length is always 12

... at least for use cases we are interested in

Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>

diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index fb9754f..eaa16ce 100644 (file)
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -155,7 +155,7 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
       int len;
 
       EVP_DecryptInit_ex (ctx, cipher, 0, 0, 0);
-      EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, op->iv_len, 0);
+      EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
       EVP_DecryptInit_ex (ctx, 0, 0, key->data, op->iv);
       if (op->aad_len)
        EVP_DecryptUpdate (ctx, 0, &len, op->aad, op->aad_len);

diff --git a/src/plugins/unittest/crypto_test.c b/src/plugins/unittest/crypto_test.c
index b4f4874..24910e7 100644 (file)
--- a/src/plugins/unittest/crypto_test.c
+++ b/src/plugins/unittest/crypto_test.c
@@ -114,7 +114,6 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
            case VNET_CRYPTO_OP_TYPE_ENCRYPT:
            case VNET_CRYPTO_OP_TYPE_DECRYPT:
              op->iv = r->iv.data;
-             op->iv_len = r->iv.length;
              op->key_index = vnet_crypto_key_add (vm, r->alg,
                                                   r->key.data,
                                                   r->key.length);
@@ -128,7 +127,6 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
            case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
            case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
              op->iv = r->iv.data;
-             op->iv_len = r->iv.length;
              op->key_index = vnet_crypto_key_add (vm, r->alg,
                                                   r->key.data,
                                                   r->key.length);

diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 6ab32ec..2d9c524 100644 (file)
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -132,7 +132,7 @@ typedef struct
   u32 key_index;
   u32 len, salt;
   u16 aad_len;
-  u8 iv_len, digest_len, tag_len;
+  u8 digest_len, tag_len;
   u8 *iv;
   u8 *src;
   u8 *dst;

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index dfc86d4..92bd606 100644 (file)
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -266,7 +266,6 @@ esp_decrypt_inline (vlib_main_t * vm,
               */
              op->iv -= sizeof (sa0->salt);
              clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt));
-             op->iv_len = cpd.iv_sz + sizeof (sa0->salt);
 
              op->tag = payload + len;
              op->tag_len = 16;