summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d6255c7)
raw | patch | inline | side by side (parent: d6255c7)
author | Tinku Mannan <tmannan@ti.com> | |
Fri, 19 Oct 2012 15:24:55 +0000 (11:24 -0400) | ||
committer | Tinku Mannan <tmannan@ti.com> | |
Fri, 19 Oct 2012 15:24:55 +0000 (11:24 -0400) |
ti/runtime/netapi/src/netapi_sec.c | patch | blob | history |
index 9b7ba92f7bcc9c25efb6d4d722d4432c4ea03cb9..388e2e19052489a86ccd1ed8e4494c157f3fd486 100755 (executable)
NWAL_SA_DIR_INBOUND,
0,
0,
- NWAL_SA_AALG_HMAC_SHA1, //update
- NWAL_SA_EALG_AES_CTR, //update
+ NWAL_SA_AALG_HMAC_SHA1, /* update from input */
+ NWAL_SA_EALG_AES_CTR, /* update from input */
{ 0x00}, /* remMacAddr: NA */
- 12, /* macSize */
+ 12, /* update from input, mac size */
NWAL_MATCH_ACTION_CONTINUE_NEXT_ROUTE, /* Continue parsing to next route for match */
NWAL_NEXT_ROUTE_FAIL_ACTION_HOST, /* For next route fail action by default is route to host */
CPPI_PARAM_NOT_SPECIFIED, /* Use default flow configured to NWAL if packet is routed to host */
createParam.saIpSecParam.cipherMode = sa_info->cipherMode;
createParam.saIpSecParam.esnLo = sa_info->esnLo;
createParam.saIpSecParam.esnHi = sa_info->esnHi;
- if (sa_info->authMode == NWAL_SA_AALG_NULL)
- {
- createParam.saIpSecParam.replayWindow = 0;
- createParam.saIpSecParam.macSize = 0;
- }
+ if ((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) || (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))
+ {
+ createParam.saIpSecParam.macSize = 16;
+ }
+ if ((sa_info->authMode == NWAL_SA_AALG_NULL) &&
+ (!((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) ||
+ (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))))
+ {
+ createParam.saIpSecParam.replayWindow = 0;
+ createParam.saIpSecParam.macSize = 0;
+ }
memcpy(&createParam.keyParam,key_params,sizeof(nwalSecKeyParams_t));
if (route != NULL)
dmSaParam.dmSaParam.macSize=12; /**todo: pass in or deduce */
dmSaParam.dmSaParam.aadSize=0; /**todo: pass in or deduce */
dmSaParam.dmSaParam.enc1st = (sa_info->dir ==NWAL_SA_DIR_OUTBOUND) ? nwal_TRUE : nwal_FALSE; //encypt 1st for outbound
+ if ((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) || (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))
+ {
+ dmSaParam.dmSaParam.macSize = 16;
+ dmSaParam.dmSaParam.aadSize=8;
+ /* Enc1st needs to always be true for combined mode algorithms */
+ dmSaParam.dmSaParam.enc1st = nwal_TRUE;
+ }
+ else
+ {
+ dmSaParam.dmSaParam.macSize=12; /**todo: pass in or deduce */
+ dmSaParam.dmSaParam.aadSize=0; /**todo: pass in or deduce */
+ }
+
if (sa_info->authMode == NWAL_SA_AALG_NULL)
{
dmSaParam.dmSaParam.enc1st = nwal_TRUE;