diff options
author | Vladimir Ratnikov <vratnikov@netgate.com> | 2022-09-13 13:09:53 +0000 |
---|---|---|
committer | Vladimir Ratnikov <vratnikov@netgate.com> | 2022-09-14 08:18:54 +0000 |
commit | d7c030d6065962b433416c679f3b568b096b49e2 (patch) | |
tree | 95e66893dca2b812938b1b4f93496c1a9438d5bc | |
parent | 51a7e44172512dab3ab70fce1426fd774a4edffe (diff) |
ipsec: make chacha20-poly1305 available via API
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
-rw-r--r-- | src/vnet/ipsec/ipsec.c | 7 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.c | 3 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.h | 30 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_types.api | 1 |
4 files changed, 27 insertions, 14 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index e95bd163049..3ea2e4d62df 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -579,6 +579,13 @@ ipsec_init (vlib_main_t * vm) a->block_align = 1; a->icv_size = 16; + a = im->crypto_algs + IPSEC_CRYPTO_ALG_CHACHA20_POLY1305; + a->enc_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC; + a->dec_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC; + a->alg = VNET_CRYPTO_ALG_CHACHA20_POLY1305; + a->iv_size = 8; + a->icv_size = 16; + vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1); ipsec_main_integ_alg_t *i; diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index 5c80545bb21..a330abcb244 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -104,7 +104,8 @@ ipsec_sa_set_crypto_alg (ipsec_sa_t * sa, ipsec_crypto_alg_t crypto_alg) sa->crypto_calg = im->crypto_algs[crypto_alg].alg; ASSERT (sa->crypto_iv_size <= ESP_MAX_IV_SIZE); ASSERT (sa->esp_block_align <= ESP_MAX_BLOCK_SIZE); - if (IPSEC_CRYPTO_ALG_IS_GCM (crypto_alg)) + if (IPSEC_CRYPTO_ALG_IS_GCM (crypto_alg) || + IPSEC_CRYPTO_ALG_CTR_AEAD_OTHERS (crypto_alg)) { sa->integ_icv_size = im->crypto_algs[crypto_alg].icv_size; ipsec_sa_set_IS_CTR (sa); diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index ec5ca11b179..057e8cd9bff 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -21,19 +21,20 @@ #include <vnet/fib/fib_node.h> #include <vnet/tunnel/tunnel.h> -#define foreach_ipsec_crypto_alg \ - _ (0, NONE, "none") \ - _ (1, AES_CBC_128, "aes-cbc-128") \ - _ (2, AES_CBC_192, "aes-cbc-192") \ - _ (3, AES_CBC_256, "aes-cbc-256") \ - _ (4, AES_CTR_128, "aes-ctr-128") \ - _ (5, AES_CTR_192, "aes-ctr-192") \ - _ (6, AES_CTR_256, "aes-ctr-256") \ - _ (7, AES_GCM_128, "aes-gcm-128") \ - _ (8, AES_GCM_192, "aes-gcm-192") \ - _ (9, AES_GCM_256, "aes-gcm-256") \ - _ (10, DES_CBC, "des-cbc") \ - _ (11, 3DES_CBC, "3des-cbc") +#define foreach_ipsec_crypto_alg \ + _ (0, NONE, "none") \ + _ (1, AES_CBC_128, "aes-cbc-128") \ + _ (2, AES_CBC_192, "aes-cbc-192") \ + _ (3, AES_CBC_256, "aes-cbc-256") \ + _ (4, AES_CTR_128, "aes-ctr-128") \ + _ (5, AES_CTR_192, "aes-ctr-192") \ + _ (6, AES_CTR_256, "aes-ctr-256") \ + _ (7, AES_GCM_128, "aes-gcm-128") \ + _ (8, AES_GCM_192, "aes-gcm-192") \ + _ (9, AES_GCM_256, "aes-gcm-256") \ + _ (10, DES_CBC, "des-cbc") \ + _ (11, 3DES_CBC, "3des-cbc") \ + _ (12, CHACHA20_POLY1305, "chacha20-poly1305") typedef enum { @@ -53,6 +54,9 @@ typedef enum (_alg == IPSEC_CRYPTO_ALG_AES_CTR_192) || \ (_alg == IPSEC_CRYPTO_ALG_AES_CTR_256))) +#define IPSEC_CRYPTO_ALG_CTR_AEAD_OTHERS(_alg) \ + (_alg == IPSEC_CRYPTO_ALG_CHACHA20_POLY1305) + #define foreach_ipsec_integ_alg \ _ (0, NONE, "none") \ _ (1, MD5_96, "md5-96") /* RFC2403 */ \ diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api index fd7068e926e..3f894348bcb 100644 --- a/src/vnet/ipsec/ipsec_types.api +++ b/src/vnet/ipsec/ipsec_types.api @@ -36,6 +36,7 @@ enum ipsec_crypto_alg IPSEC_API_CRYPTO_ALG_AES_GCM_256, IPSEC_API_CRYPTO_ALG_DES_CBC, IPSEC_API_CRYPTO_ALG_3DES_CBC, + IPSEC_API_CRYPTO_ALG_CHACHA20_POLY1305 [backwards_compatible], }; /* |