crypto: add hmac truncate option

author Damjan Marion <damarion@cisco.com>

Wed, 20 Mar 2019 15:30:54 +0000 (16:30 +0100)

committer Damjan Marion <dmarion@me.com>

Wed, 20 Mar 2019 17:24:31 +0000 (17:24 +0000)
author Damjan Marion <damarion@cisco.com>
Wed, 20 Mar 2019 15:30:54 +0000 (16:30 +0100)
committer Damjan Marion <dmarion@me.com>
Wed, 20 Mar 2019 17:24:31 +0000 (17:24 +0000)
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c

index 09d7267..7b645f4 100644 (file)
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -102,6 +102,7 @@ static_always_inline u32
  openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
                   const EVP_MD * md)
  {
+  u8 buffer[64];
    openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
                                                      vm->thread_index);
    HMAC_CTX *ctx = ptd->hmac_ctx;
@@ -113,7 +114,13 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
  
        HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
        HMAC_Update (ctx, op->src, op->len);
-      HMAC_Final (ctx, op->dst, &out_len);
+      if (op->hmac_trunc_len)
+       {
+         HMAC_Final (ctx, buffer, &out_len);
+         clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len);
+       }
+      else
+       HMAC_Final (ctx, op->dst, &out_len);
        op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
      }
    return n_ops;
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h

index 4c9467f..7b65aa5 100644 (file)
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -77,7 +77,7 @@ typedef struct
    CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
    vnet_crypto_op_type_t op:16;
    vnet_crypto_op_status_t status:8;
-  u8 key_len;
+  u8 key_len, hmac_trunc_len;
    u16 flags;
  #define VNET_CRYPTO_OP_FLAG_INIT_IV 1
    u32 len;
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h

index 74ab1f0..8e61d9d 100644 (file)
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -219,6 +219,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len,
    op->src = data;
    op->len = data_len;
    op->dst = signature;
+  op->hmac_trunc_len = sa->integ_trunc_size;
  #if 0
  
    HMAC_Init_ex (ctx, key, key_len, md, NULL);
author	Damjan Marion <damarion@cisco.com>
	Wed, 20 Mar 2019 15:30:54 +0000 (16:30 +0100)
committer	Damjan Marion <dmarion@me.com>
	Wed, 20 Mar 2019 17:24:31 +0000 (17:24 +0000)
src/plugins/crypto_openssl/main.c		patch \| blob \| history
src/vnet/crypto/crypto.h		patch \| blob \| history
src/vnet/ipsec/esp.h		patch \| blob \| history