diff options
| author |   Damjan Marion <damarion@cisco.com> | 2025-01-16 11:53:55 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@0xa5.net> | 2025-01-16 14:40:58 +0000 |
| commit | 574c4574cd93e698af74d09992541af04150ead4 (patch) | |
| tree | f4f71687b7387e2a9dc9f27d099ac9cf0854a2b3 | |
| parent | a0b1a06e0bd8f563f3ce5a23db90b23b7b5d341f (diff) | |
ipsec: make algo data constant
Type: improvement
Change-Id: I554418fca0cbe1a2b42eddc24eccf25ede5f678a
Signed-off-by: Damjan Marion <damarion@cisco.com>
| -rw-r--r-- | src/vnet/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | src/vnet/ipsec/ipsec.c | 151 | ||||
| -rw-r--r-- | src/vnet/ipsec/ipsec.h | 22 | ||||
| -rw-r--r-- | src/vnet/ipsec/main.c | 181 |
4 files changed, 193 insertions, 162 deletions
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt index 9bd35007139..36cbb7e634b 100644 --- a/src/vnet/CMakeLists.txt +++ b/src/vnet/CMakeLists.txt @@ -552,6 +552,7 @@ list(APPEND VNET_SOURCES ipsec/ipsec_spd_policy.c ipsec/ipsec_tun.c ipsec/ipsec_tun_in.c + ipsec/main.c ipsec/esp_format.c ipsec/esp_encrypt.c ipsec/esp_decrypt.c diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index 8b43dd23cc8..a1d4d56768c 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -36,8 +36,6 @@ */ #define IPSEC4_SPD_DEFAULT_HASH_NUM_BUCKETS (1 << 22) -ipsec_main_t ipsec_main; - esp_async_post_next_t esp_encrypt_async_next; esp_async_post_next_t esp_decrypt_async_next; @@ -424,7 +422,6 @@ ipsec_init (vlib_main_t * vm) { clib_error_t *error; ipsec_main_t *im = &ipsec_main; - ipsec_main_crypto_alg_t *a; /* Backend registration requires the feature arcs to be set up */ if ((error = vlib_call_init_function (vm, vnet_feature_init))) @@ -471,154 +468,6 @@ ipsec_init (vlib_main_t * vm) if ((error = vlib_call_init_function (vm, ipsec_cli_init))) return error; - vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1); - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE; - a->enc_op_id = VNET_CRYPTO_OP_NONE; - a->dec_op_id = VNET_CRYPTO_OP_NONE; - a->alg = VNET_CRYPTO_ALG_NONE; - a->iv_size = 0; - a->block_align = 1; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC; - a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC; - a->alg = VNET_CRYPTO_ALG_DES_CBC; - a->iv_size = a->block_align = 8; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_3DES_CBC; - a->enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC; - a->alg = VNET_CRYPTO_ALG_3DES_CBC; - a->iv_size = a->block_align = 8; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128; - a->enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_128_CBC; - a->iv_size = a->block_align = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192; - a->enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_192_CBC; - a->iv_size = a->block_align = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256; - a->enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_256_CBC; - a->iv_size = a->block_align = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CTR_128; - a->enc_op_id = VNET_CRYPTO_OP_AES_128_CTR_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_128_CTR_DEC; - a->alg = VNET_CRYPTO_ALG_AES_128_CTR; - a->iv_size = 8; - a->block_align = 1; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CTR_192; - a->enc_op_id = VNET_CRYPTO_OP_AES_192_CTR_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_192_CTR_DEC; - a->alg = VNET_CRYPTO_ALG_AES_192_CTR; - a->iv_size = 8; - a->block_align = 1; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CTR_256; - a->enc_op_id = VNET_CRYPTO_OP_AES_256_CTR_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_256_CTR_DEC; - a->alg = VNET_CRYPTO_ALG_AES_256_CTR; - a->iv_size = 8; - a->block_align = 1; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128; - a->enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC; - a->alg = VNET_CRYPTO_ALG_AES_128_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192; - a->enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC; - a->alg = VNET_CRYPTO_ALG_AES_192_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256; - a->enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC; - a->alg = VNET_CRYPTO_ALG_AES_256_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_CHACHA20_POLY1305; - a->enc_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC; - a->dec_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC; - a->alg = VNET_CRYPTO_ALG_CHACHA20_POLY1305; - a->iv_size = 8; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_128; - a->enc_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_128_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_192; - a->enc_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_192_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_256; - a->enc_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_ENC; - a->dec_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_DEC; - a->alg = VNET_CRYPTO_ALG_AES_256_GCM; - a->iv_size = 8; - a->block_align = 1; - a->icv_size = 16; - - vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1); - ipsec_main_integ_alg_t *i; - - i = &im->integ_algs[IPSEC_INTEG_ALG_MD5_96]; - i->op_id = VNET_CRYPTO_OP_MD5_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_MD5; - i->icv_size = 12; - - i = &im->integ_algs[IPSEC_INTEG_ALG_SHA1_96]; - i->op_id = VNET_CRYPTO_OP_SHA1_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_SHA1; - i->icv_size = 12; - - i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_96]; - i->op_id = VNET_CRYPTO_OP_SHA1_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_SHA256; - i->icv_size = 12; - - i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_128]; - i->op_id = VNET_CRYPTO_OP_SHA256_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_SHA256; - i->icv_size = 16; - - i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_384_192]; - i->op_id = VNET_CRYPTO_OP_SHA384_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_SHA384; - i->icv_size = 24; - - i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_512_256]; - i->op_id = VNET_CRYPTO_OP_SHA512_HMAC; - i->alg = VNET_CRYPTO_ALG_HMAC_SHA512; - i->icv_size = 32; - vec_validate_aligned (im->ptd, vlib_num_workers (), CLIB_CACHE_LINE_BYTES); im->async_mode = 0; diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h index 9ab054cf2a9..3409d0e4fb9 100644 --- a/src/vnet/ipsec/ipsec.h +++ b/src/vnet/ipsec/ipsec.h @@ -112,19 +112,19 @@ typedef struct typedef struct { - vnet_crypto_op_id_t enc_op_id; - vnet_crypto_op_id_t dec_op_id; - vnet_crypto_alg_t alg; - u8 iv_size; - u8 block_align; - u8 icv_size; + const vnet_crypto_op_id_t enc_op_id; + const vnet_crypto_op_id_t dec_op_id; + const vnet_crypto_alg_t alg; + const u8 iv_size; + const u8 block_align; + const u8 icv_size; } ipsec_main_crypto_alg_t; typedef struct { - vnet_crypto_op_id_t op_id; - vnet_crypto_alg_t alg; - u8 icv_size; + const vnet_crypto_op_id_t op_id; + const vnet_crypto_alg_t alg; + const u8 icv_size; } ipsec_main_integ_alg_t; typedef struct @@ -224,10 +224,10 @@ typedef struct u32 esp_default_backend; /* crypto alg data */ - ipsec_main_crypto_alg_t *crypto_algs; + ipsec_main_crypto_alg_t crypto_algs[IPSEC_CRYPTO_N_ALG]; /* crypto integ data */ - ipsec_main_integ_alg_t *integ_algs; + ipsec_main_integ_alg_t integ_algs[IPSEC_INTEG_N_ALG]; /* per-thread data */ ipsec_per_thread_data_t *ptd; diff --git a/src/vnet/ipsec/main.c b/src/vnet/ipsec/main.c new file mode 100644 index 00000000000..e17d1dc5cfe --- /dev/null +++ b/src/vnet/ipsec/main.c @@ -0,0 +1,181 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2025 Cisco Systems, Inc. + */ + +#include <vlib/vlib.h> +#include <vnet/ipsec/ipsec.h> + +ipsec_main_t ipsec_main = { + .crypto_algs = { + [IPSEC_CRYPTO_ALG_NONE] = { + .enc_op_id = VNET_CRYPTO_OP_NONE, + .dec_op_id = VNET_CRYPTO_OP_NONE, + .alg = VNET_CRYPTO_ALG_NONE, + .iv_size = 0, + .block_align = 1, + }, + + [IPSEC_CRYPTO_ALG_DES_CBC] = { + .enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC, + .dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC, + .alg = VNET_CRYPTO_ALG_DES_CBC, + .iv_size = 8, + .block_align = 8, + }, + + [IPSEC_CRYPTO_ALG_3DES_CBC] = { + .enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC, + .dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC, + .alg = VNET_CRYPTO_ALG_3DES_CBC, + .iv_size = 8, + .block_align = 8, + }, + + [IPSEC_CRYPTO_ALG_AES_CBC_128] = { + .enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC, + .alg = VNET_CRYPTO_ALG_AES_128_CBC, + .iv_size = 16, + .block_align = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_CBC_192] = { + .enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC, + .alg = VNET_CRYPTO_ALG_AES_192_CBC, + .iv_size = 16, + .block_align = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_CBC_256] = { + .enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC, + .alg = VNET_CRYPTO_ALG_AES_256_CBC, + .iv_size = 16, + .block_align = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_CTR_128] = { + .enc_op_id = VNET_CRYPTO_OP_AES_128_CTR_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_128_CTR_DEC, + .alg = VNET_CRYPTO_ALG_AES_128_CTR, + .iv_size = 8, + .block_align = 1, + }, + + [IPSEC_CRYPTO_ALG_AES_CTR_192] = { + .enc_op_id = VNET_CRYPTO_OP_AES_192_CTR_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_192_CTR_DEC, + .alg = VNET_CRYPTO_ALG_AES_192_CTR, + .iv_size = 8, + .block_align = 1, + }, + + [IPSEC_CRYPTO_ALG_AES_CTR_256] = { + .enc_op_id = VNET_CRYPTO_OP_AES_256_CTR_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_256_CTR_DEC, + .alg = VNET_CRYPTO_ALG_AES_256_CTR, + .iv_size = 8, + .block_align = 1, + }, + + [IPSEC_CRYPTO_ALG_AES_GCM_128] = { + .enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC, + .alg = VNET_CRYPTO_ALG_AES_128_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_GCM_192] = { + .enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC, + .alg = VNET_CRYPTO_ALG_AES_192_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_GCM_256] = { + .enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC, + .alg = VNET_CRYPTO_ALG_AES_256_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_CHACHA20_POLY1305] = { + .enc_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC, + .dec_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, + .alg = VNET_CRYPTO_ALG_CHACHA20_POLY1305, + .iv_size = 8, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_NULL_GMAC_128] = { + .enc_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_DEC, + .alg = VNET_CRYPTO_ALG_AES_128_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_NULL_GMAC_192] = { + .enc_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_DEC, + .alg = VNET_CRYPTO_ALG_AES_192_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + + [IPSEC_CRYPTO_ALG_AES_NULL_GMAC_256] = { + .enc_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_ENC, + .dec_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_DEC, + .alg = VNET_CRYPTO_ALG_AES_256_GCM, + .iv_size = 8, + .block_align = 1, + .icv_size = 16, + }, + }, + .integ_algs = { + [IPSEC_INTEG_ALG_MD5_96] = { + .op_id = VNET_CRYPTO_OP_MD5_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_MD5, + .icv_size = 12, + }, + + [IPSEC_INTEG_ALG_SHA1_96] = { + .op_id = VNET_CRYPTO_OP_SHA1_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_SHA1, + .icv_size = 12, + }, + + [IPSEC_INTEG_ALG_SHA_256_96] = { + .op_id = VNET_CRYPTO_OP_SHA1_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_SHA256, + .icv_size = 12, + }, + + [IPSEC_INTEG_ALG_SHA_256_128] = { + .op_id = VNET_CRYPTO_OP_SHA256_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_SHA256, + .icv_size = 16, + }, + + [IPSEC_INTEG_ALG_SHA_384_192] = { + .op_id = VNET_CRYPTO_OP_SHA384_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_SHA384, + .icv_size = 24, + }, + + [IPSEC_INTEG_ALG_SHA_512_256] = { + .op_id = VNET_CRYPTO_OP_SHA512_HMAC, + .alg = VNET_CRYPTO_ALG_HMAC_SHA512, + .icv_size = 32, + }, + }, +}; |