summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-03-20 16:30:54 +0100
committerDamjan Marion <dmarion@me.com>2019-03-20 17:24:31 +0000
commit8863123badb7fea96a8a4dfc39131ce40161eee6 (patch)
treea5602b7395f41a94fb41fe3691d324de0f19f7ac /src
parentf2edfbd2122bbf746a8e91cb343331fb843ee5eb (diff)
crypto: add hmac truncate option
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52. Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/crypto_openssl/main.c9
-rw-r--r--src/vnet/crypto/crypto.h2
-rw-r--r--src/vnet/ipsec/esp.h1
3 files changed, 10 insertions, 2 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 09d726749e1..7b645f4be88 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -102,6 +102,7 @@ static_always_inline u32
openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
const EVP_MD * md)
{
+ u8 buffer[64];
openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
vm->thread_index);
HMAC_CTX *ctx = ptd->hmac_ctx;
@@ -113,7 +114,13 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
HMAC_Update (ctx, op->src, op->len);
- HMAC_Final (ctx, op->dst, &out_len);
+ if (op->hmac_trunc_len)
+ {
+ HMAC_Final (ctx, buffer, &out_len);
+ clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len);
+ }
+ else
+ HMAC_Final (ctx, op->dst, &out_len);
op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
}
return n_ops;
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 4c9467f272f..7b65aa5c43d 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -77,7 +77,7 @@ typedef struct
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
vnet_crypto_op_type_t op:16;
vnet_crypto_op_status_t status:8;
- u8 key_len;
+ u8 key_len, hmac_trunc_len;
u16 flags;
#define VNET_CRYPTO_OP_FLAG_INIT_IV 1
u32 len;
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 74ab1f05778..8e61d9d751d 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -219,6 +219,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len,
op->src = data;
op->len = data_len;
op->dst = signature;
+ op->hmac_trunc_len = sa->integ_trunc_size;
#if 0
HMAC_Init_ex (ctx, key, key_len, md, NULL);