diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-06-21 12:44:11 +0000 |
|---|---|---|
| committer | Neale Ranns <nranns@cisco.com> | 2019-06-25 09:39:10 +0000 |
| commit | ece2ae0fa27a11d25fff6ea27263d5c5ba5c9dbc (patch) | |
| tree | 15dbd3f370dcfe4526673601b3a00076d8a7507f | |
| parent | 47e77304edf72fda629f054b393013ff795d5637 (diff) | |
ipsec: return error if the engine backend has no handler for the
requested alogrithm.
Type: feature
Change-Id: I19a9c14b2bb52ba2fc66246845b7ada73d5095d1
Signed-off-by: Neale Ranns <nranns@cisco.com>
| -rw-r--r-- | src/vnet/crypto/crypto.c | 8 | ||||
| -rw-r--r-- | src/vnet/crypto/crypto.h | 1 | ||||
| -rw-r--r-- | src/vnet/ipsec/ipsec.c | 24 |
3 files changed, 32 insertions, 1 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index bad3970f419..4da8a14a14b 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -129,6 +129,14 @@ vnet_crypto_set_handler (char *alg_name, char *engine) return 0; } +int +vnet_crypto_is_set_handler (vnet_crypto_alg_t alg) +{ + vnet_crypto_main_t *cm = &crypto_main; + + return (NULL != cm->ops_handlers[alg]); +} + void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index, vnet_crypto_op_id_t opt, diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 89af8535c52..9c15d53a6c1 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -205,6 +205,7 @@ u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[], u32 n_ops); int vnet_crypto_set_handler (char *ops_handler_name, char *engine); +int vnet_crypto_is_set_handler (vnet_crypto_alg_t alg); u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data, u16 length); diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index 84f0809954e..4caae4840fb 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -30,15 +30,37 @@ ipsec_main_t ipsec_main; static clib_error_t * ipsec_check_ah_support (ipsec_sa_t * sa) { + ipsec_main_t *im = &ipsec_main; + if (sa->integ_alg == IPSEC_INTEG_ALG_NONE) return clib_error_return (0, "unsupported none integ-alg"); + + if (!vnet_crypto_is_set_handler (im->integ_algs[sa->integ_alg].alg)) + return clib_error_return (0, "No crypto engine support for %U", + format_ipsec_integ_alg, sa->integ_alg); + return 0; } static clib_error_t * ipsec_check_esp_support (ipsec_sa_t * sa) { - return 0; + ipsec_main_t *im = &ipsec_main; + + if (IPSEC_INTEG_ALG_NONE != sa->integ_alg) + { + if (!vnet_crypto_is_set_handler (im->integ_algs[sa->integ_alg].alg)) + return clib_error_return (0, "No crypto engine support for %U", + format_ipsec_integ_alg, sa->integ_alg); + } + if (IPSEC_CRYPTO_ALG_NONE != sa->crypto_alg) + { + if (!vnet_crypto_is_set_handler (im->crypto_algs[sa->crypto_alg].alg)) + return clib_error_return (0, "No crypto engine support for %U", + format_ipsec_crypto_alg, sa->crypto_alg); + } + + return (0); } clib_error_t * |