wireguard: add async mode for encryption packets

Originally wireguard doesn't support async mode for encryption packets.

This patch add async mode for encryption in wireguard and also adds
support chacha20-poly1305 algorithm in cryptodev for async handler.
In addition it contains new command line to activate async mode for wireguard:
  set wireguard async mode on|off

and also add new command to check active mode for wireguard:
  show wireguard mode

Type: improvement

Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6

1 files changed, 0 insertions, 60 deletions

diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index c8605f117cd..6efec28fef8 100644
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -630,58 +630,6 @@ error:
 }
 
 enum noise_state_crypt
-noise_sync_remote_encrypt (vlib_main_t *vm, vnet_crypto_op_t **crypto_ops,
-			   noise_remote_t *r, uint32_t *r_idx, uint64_t *nonce,
-			   uint8_t *src, size_t srclen, uint8_t *dst, u32 bi,
-			   u8 *iv, f64 time)
-{
-  noise_keypair_t *kp;
-  enum noise_state_crypt ret = SC_FAILED;
-
-  if ((kp = r->r_current) == NULL)
-    goto error;
-
-  /* We confirm that our values are within our tolerances. We want:
-   *  - a valid keypair
-   *  - our keypair to be less than REJECT_AFTER_TIME seconds old
-   *  - our receive counter to be less than REJECT_AFTER_MESSAGES
-   *  - our send counter to be less than REJECT_AFTER_MESSAGES
-   */
-  if (!kp->kp_valid ||
-      wg_birthdate_has_expired_opt (kp->kp_birthdate, REJECT_AFTER_TIME,
-				    time) ||
-      kp->kp_ctr.c_recv >= REJECT_AFTER_MESSAGES ||
-      ((*nonce = noise_counter_send (&kp->kp_ctr)) > REJECT_AFTER_MESSAGES))
-    goto error;
-
-  /* We encrypt into the same buffer, so the caller must ensure that buf
-   * has NOISE_AUTHTAG_LEN bytes to store the MAC. The nonce and index
-   * are passed back out to the caller through the provided data pointer. */
-  *r_idx = kp->kp_remote_index;
-
-  wg_prepare_sync_op (vm, crypto_ops, src, srclen, dst, NULL, 0, *nonce,
-		      VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC, kp->kp_send_index,
-		      bi, iv);
-
-  /* If our values are still within tolerances, but we are approaching
-   * the tolerances, we notify the caller with ESTALE that they should
-   * establish a new keypair. The current keypair can continue to be used
-   * until the tolerances are hit. We notify if:
-   *  - our send counter is valid and not less than REKEY_AFTER_MESSAGES
-   *  - we're the initiator and our keypair is older than
-   *    REKEY_AFTER_TIME seconds */
-  ret = SC_KEEP_KEY_FRESH;
-  if ((kp->kp_valid && *nonce >= REKEY_AFTER_MESSAGES) ||
-      (kp->kp_is_initiator && wg_birthdate_has_expired_opt (
-				kp->kp_birthdate, REKEY_AFTER_TIME, time)))
-    goto error;
-
-  ret = SC_OK;
-error:
-  return ret;
-}
-
-enum noise_state_crypt
 noise_sync_remote_decrypt (vlib_main_t *vm, vnet_crypto_op_t **crypto_ops,
 			   noise_remote_t *r, uint32_t r_idx, uint64_t nonce,
 			   uint8_t *src, size_t srclen, uint8_t *dst, u32 bi,
@@ -791,14 +739,6 @@ noise_remote_handshake_index_drop (noise_remote_t * r)
     u->u_index_drop (hs->hs_local_index);
 }
 
-static uint64_t
-noise_counter_send (noise_counter_t * ctr)
-{
-  uint64_t ret;
-  ret = ctr->c_send++;
-  return ret;
-}
-
 static void
 noise_kdf (uint8_t * a, uint8_t * b, uint8_t * c, const uint8_t * x,
 	   size_t a_len, size_t b_len, size_t c_len, size_t x_len,