From 8863123badb7fea96a8a4dfc39131ce40161eee6 Mon Sep 17 00:00:00 2001 From: Damjan Marion Date: Wed, 20 Mar 2019 16:30:54 +0100 Subject: [PATCH] crypto: add hmac truncate option This reverts commit 785368e559dbdf50676f74f43f13423c817abb52. Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d Signed-off-by: Damjan Marion --- src/plugins/crypto_openssl/main.c | 9 ++++++++- src/vnet/crypto/crypto.h | 2 +- src/vnet/ipsec/esp.h | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index 09d726749e1..7b645f4be88 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -102,6 +102,7 @@ static_always_inline u32 openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, const EVP_MD * md) { + u8 buffer[64]; openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data, vm->thread_index); HMAC_CTX *ctx = ptd->hmac_ctx; @@ -113,7 +114,13 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL); HMAC_Update (ctx, op->src, op->len); - HMAC_Final (ctx, op->dst, &out_len); + if (op->hmac_trunc_len) + { + HMAC_Final (ctx, buffer, &out_len); + clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len); + } + else + HMAC_Final (ctx, op->dst, &out_len); op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; } return n_ops; diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 4c9467f272f..7b65aa5c43d 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -77,7 +77,7 @@ typedef struct CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); vnet_crypto_op_type_t op:16; vnet_crypto_op_status_t status:8; - u8 key_len; + u8 key_len, hmac_trunc_len; u16 flags; #define VNET_CRYPTO_OP_FLAG_INIT_IV 1 u32 len; diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 74ab1f05778..8e61d9d751d 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -219,6 +219,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len, op->src = data; op->len = data_len; op->dst = signature; + op->hmac_trunc_len = sa->integ_trunc_size; #if 0 HMAC_Init_ex (ctx, key, key_len, md, NULL); -- 2.16.6