diff options
-rw-r--r-- | src/plugins/quic/quic.c | 14 | ||||
-rw-r--r-- | src/plugins/quic/quic.h | 2 | ||||
-rw-r--r-- | src/plugins/quic/quic_crypto.c | 28 |
3 files changed, 33 insertions, 11 deletions
diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c index 31cfcced86f..8b111369fed 100644 --- a/src/plugins/quic/quic.c +++ b/src/plugins/quic/quic.c @@ -2180,8 +2180,11 @@ quic_process_one_rx_packet (u64 udp_session_handle, svm_fifo_t * f, if (rv == QUIC_PACKET_TYPE_RECEIVE) { pctx->ptype = QUIC_PACKET_TYPE_RECEIVE; - quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index); - quic_crypto_decrypt_packet (qctx, pctx); + if (quic_main.vnet_crypto_enabled) + { + quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index); + quic_crypto_decrypt_packet (qctx, pctx); + } return 0; } else if (rv == QUIC_PACKET_TYPE_MIGRATE) @@ -2506,6 +2509,13 @@ quic_init (vlib_main_t * vm) qm->default_crypto_engine = CRYPTO_ENGINE_VPP; qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY; clib_rwlock_init (&qm->crypto_keys_quic_rw_lock); + + vnet_crypto_main_t *cm = &crypto_main; + if (vec_len (cm->engines) == 0) + qm->vnet_crypto_enabled = 0; + else + qm->vnet_crypto_enabled = 1; + vec_free (a->name); return 0; } diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h index 98f4ce87f81..1e83d9235d7 100644 --- a/src/plugins/quic/quic.h +++ b/src/plugins/quic/quic.h @@ -275,6 +275,8 @@ typedef struct quic_main_ u32 udp_fifo_prealloc; u32 connection_timeout; + u8 vnet_crypto_enabled; + clib_rwlock_t crypto_keys_quic_rw_lock; } quic_main_t; diff --git a/src/plugins/quic/quic_crypto.c b/src/plugins/quic/quic_crypto.c index dd7300388d4..d8fd4a916e6 100644 --- a/src/plugins/quic/quic_crypto.c +++ b/src/plugins/quic/quic_crypto.c @@ -623,17 +623,27 @@ quic_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc, assert (0); } - ctx->super.do_decrypt = quic_crypto_aead_decrypt; + if (quic_main.vnet_crypto_enabled) + { + ctx->super.do_decrypt = quic_crypto_aead_decrypt; - ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init; - ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update; - ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final; - ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto; + ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init; + ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update; + ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final; + ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto; - clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock); - ctx->key_index = vnet_crypto_key_add (vm, algo, - (u8 *) key, _ctx->algo->key_size); - clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock); + clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock); + ctx->key_index = vnet_crypto_key_add (vm, algo, + (u8 *) key, _ctx->algo->key_size); + clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock); + } + else + { + if (!strcmp (ctx->super.algo->name, "AES128-GCM")) + ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key); + else if (!strcmp (ctx->super.algo->name, "AES256-GCM")) + ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key); + } return 0; } |