diff options
| author |   Nicolas PLANEL <nplanel@cisco.com> | 2025-02-28 19:59:14 +0100 |
|---|---|---|
| committer |   Damjan Marion <dmarion@0xa5.net> | 2025-04-04 15:02:44 +0000 |
| commit | f479eeb76b4a1aa0bfd3adf888a8679e27875fd8 (patch) | |
| tree | 3ba0e29f4c5e5ab07a45ecafbf8f6f60730e3e84 /src/vnet/crypto/config.c | |
| parent | 6fa7a0e408d1737b9ba2f809518e9b7ad2b51ac3 (diff) | |
crypto: make configurable crypto engines
Add a configuration sections crypto-engines, it works like plugins syntax :
The following configuration will load and register only openssl engine
'''
crypto-engines {
default {disable}
openssl {enable}
}
'''
And this one will load all engines except openssl
'''
crypto-engines {
default {enable}
openssl {disable}
}
'''
Type: feature
Change-Id: Ia637db93b497d0c4333704f3c024e85de3941791
Signed-off-by: Nicolas PLANEL <nplanel@cisco.com>
Signed-off-by: Nicolas PLANEL <nplanel@gmail.com>
Signed-off-by: Nicolas PLANEL <nplanel@cisco.com>
Diffstat (limited to 'src/vnet/crypto/config.c')
| -rw-r--r-- | src/vnet/crypto/config.c | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/src/vnet/crypto/config.c b/src/vnet/crypto/config.c new file mode 100644 index 00000000000..09f39b38b4e --- /dev/null +++ b/src/vnet/crypto/config.c @@ -0,0 +1,105 @@ +/* + * config.c: crypto engines configuration + * + * Copyright (c) 2025 Cisco and/or its affiliates. + * SPDX-License-Identifier: Apache-2.0 + * https://spdx.org/licenses/Apache-2.0.html + */ + +#include <vlib/vlib.h> +#include <vnet/crypto/crypto.h> + +static clib_error_t * +config_one_crypto (vlib_main_t *vm, char *name, unformat_input_t *input) +{ + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_config_t *pc; + clib_error_t *error = 0; + uword *p; + int is_enable = 0; + int is_disable = 0; + + if (cm->config_index_by_name == 0) + cm->config_index_by_name = hash_create_string (0, sizeof (uword)); + + p = hash_get_mem (cm->config_index_by_name, name); + if (p) + { + error = clib_error_return (0, "crypto '%s' already configured", name); + goto done; + } + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "enable")) + is_enable = 1; + else if (unformat (input, "disable")) + is_disable = 1; + else + { + error = clib_error_return (0, "unknown input '%U'", + format_unformat_error, input); + goto done; + } + } + + if (is_enable && is_disable) + { + error = clib_error_return (0, + "please specify either enable or disable" + " for crypto '%s'", + name); + goto done; + } + + vec_add2 (cm->configs, pc, 1); + pc->is_enabled = is_enable; + pc->is_disabled = is_disable; + pc->name = vec_dup (name); + hash_set_mem (cm->config_index_by_name, pc->name, pc - cm->configs); + +done: + return error; +} + +static clib_error_t * +crypto_engines_config (vlib_main_t *vm, unformat_input_t *input) +{ + vnet_crypto_main_t *cm = &crypto_main; + clib_error_t *error = 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + unformat_input_t sub_input; + u8 *s = 0; + if (unformat (input, "default %U", unformat_vlib_cli_sub_input, + &sub_input)) + { + cm->default_disabled = unformat (&sub_input, "disable") ? 1 : 0; + unformat_free (&sub_input); + } + else if (unformat (input, "%s %U", &s, unformat_vlib_cli_sub_input, + &sub_input)) + { + error = config_one_crypto (vm, (char *) s, &sub_input); + vec_free (s); + unformat_free (&sub_input); + if (error) + goto done; + } + else + { + error = clib_error_return (0, "unknown input '%U'", + format_unformat_error, input); + { + vec_free (s); + goto done; + } + } + } + +done: + return error; +} + +VLIB_EARLY_CONFIG_FUNCTION (crypto_engines_config, "crypto-engines"); |