diff options
author | Damjan Marion <damarion@cisco.com> | 2019-03-20 16:30:54 +0100 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-03-20 17:24:31 +0000 |
commit | 8863123badb7fea96a8a4dfc39131ce40161eee6 (patch) | |
tree | a5602b7395f41a94fb41fe3691d324de0f19f7ac /src | |
parent | f2edfbd2122bbf746a8e91cb343331fb843ee5eb (diff) |
crypto: add hmac truncate option
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52.
Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/crypto_openssl/main.c | 9 | ||||
-rw-r--r-- | src/vnet/crypto/crypto.h | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/esp.h | 1 |
3 files changed, 10 insertions, 2 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index 09d726749e1..7b645f4be88 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -102,6 +102,7 @@ static_always_inline u32 openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, const EVP_MD * md) { + u8 buffer[64]; openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data, vm->thread_index); HMAC_CTX *ctx = ptd->hmac_ctx; @@ -113,7 +114,13 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL); HMAC_Update (ctx, op->src, op->len); - HMAC_Final (ctx, op->dst, &out_len); + if (op->hmac_trunc_len) + { + HMAC_Final (ctx, buffer, &out_len); + clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len); + } + else + HMAC_Final (ctx, op->dst, &out_len); op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; } return n_ops; diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 4c9467f272f..7b65aa5c43d 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -77,7 +77,7 @@ typedef struct CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); vnet_crypto_op_type_t op:16; vnet_crypto_op_status_t status:8; - u8 key_len; + u8 key_len, hmac_trunc_len; u16 flags; #define VNET_CRYPTO_OP_FLAG_INIT_IV 1 u32 len; diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 74ab1f05778..8e61d9d751d 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -219,6 +219,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len, op->src = data; op->len = data_len; op->dst = signature; + op->hmac_trunc_len = sa->integ_trunc_size; #if 0 HMAC_Init_ex (ctx, key, key_len, md, NULL); |