diff options
Diffstat (limited to 'ipsec/ipsec-impl/src/main')
-rw-r--r-- | ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java | 62 |
1 files changed, 59 insertions, 3 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java index 4755c7a82..78a80120a 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java @@ -31,6 +31,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSaDetails; import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSaDump; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; import java.util.LinkedList; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation; @@ -84,16 +86,70 @@ public class IpsecStateCustomizer extends FutureJVppCustomizer IpsecSaDetailsReplyDump reply = dumpSa.get(); for (IpsecSaDetails details : reply.ipsecSaDetails) { SaBuilder saBuilder = new SaBuilder(); - saBuilder.setSpi(Integer.toUnsignedLong(details.spi)) + saBuilder.setSpi(Integer.toUnsignedLong(details.entry.spi)) .setAntiReplayWindow(Long.valueOf(details.replayWindow).intValue()) - .setAuthenticationAlgorithm(IkeIntegrityAlgorithmT.forValue(details.integAlg)) - .setEncryptionAlgorithm(IkeEncryptionAlgorithmT.forValue(details.cryptoAlg)); + .setAuthenticationAlgorithm(parseAuthAlgorithm(details.entry.integrityAlgorithm)) + .setEncryptionAlgorithm(parseCryptoAlgorithm(details.entry.cryptoAlgorithm)); listSa.add(saBuilder.build()); } builder.setSa(listSa); } } + private IkeEncryptionAlgorithmT parseCryptoAlgorithm(final IpsecCryptoAlg cryptoAlgorithm) { + switch (cryptoAlgorithm){ + case IPSEC_API_CRYPTO_ALG_NONE: + return IkeEncryptionAlgorithmT.EncrNull; + case IPSEC_API_CRYPTO_ALG_AES_CBC_128: + return IkeEncryptionAlgorithmT.EncrAesCbc128; + case IPSEC_API_CRYPTO_ALG_AES_CBC_192: + return IkeEncryptionAlgorithmT.EncrAesCbc192; + case IPSEC_API_CRYPTO_ALG_AES_CBC_256: + return IkeEncryptionAlgorithmT.EncrAesCbc256; + case IPSEC_API_CRYPTO_ALG_AES_CTR_128: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_192: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_256: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_GCM_128: + return IkeEncryptionAlgorithmT.EncrAesGcm8Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_192: + return IkeEncryptionAlgorithmT.EncrAesGcm12Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_256: + return IkeEncryptionAlgorithmT.EncrAesGcm16Icv; + case IPSEC_API_CRYPTO_ALG_DES_CBC: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrDes; + case IPSEC_API_CRYPTO_ALG_3DES_CBC: + return IkeEncryptionAlgorithmT.Encr3des; + } + return IkeEncryptionAlgorithmT.EncrNull; + } + + private IkeIntegrityAlgorithmT parseAuthAlgorithm(final IpsecIntegAlg integrityAlgorithm) { + switch (integrityAlgorithm){ + case IPSEC_API_INTEG_ALG_NONE: + return IkeIntegrityAlgorithmT.AuthNone; + case IPSEC_API_INTEG_ALG_MD5_96: + return IkeIntegrityAlgorithmT.AuthHmacMd596; + case IPSEC_API_INTEG_ALG_SHA1_96: + return IkeIntegrityAlgorithmT.AuthHmacSha196; + case IPSEC_API_INTEG_ALG_SHA_256_96: + return IkeIntegrityAlgorithmT.AuthHmacSha225696; + case IPSEC_API_INTEG_ALG_SHA_256_128: + return IkeIntegrityAlgorithmT.AuthHmacSha2256128; + case IPSEC_API_INTEG_ALG_SHA_384_192: + return IkeIntegrityAlgorithmT.AuthHmacSha2384192; + case IPSEC_API_INTEG_ALG_SHA_512_256: + return IkeIntegrityAlgorithmT.AuthHmacSha2512256; + } + return IkeIntegrityAlgorithmT.AuthNone; + } + @Override public void merge(@Nonnull final Builder<? extends DataObject> parentBuilder, @Nonnull final IpsecState readValue) { IpsecStateBuilder ipsecParentBuilder = (IpsecStateBuilder) parentBuilder; |