summaryrefslogtreecommitdiffstats
path: root/src/vnet/crypto
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-04-24 15:20:35 +0200
committerNeale Ranns <nranns@cisco.com>2019-04-25 01:36:12 +0000
commitd1bed687231bb64cf7761da37431ba61bc32b6d8 (patch)
tree891af80a873db9dda53c18e95f5eeb9366a1cb07 /src/vnet/crypto
parent20bc56ab58189ad9fa24feaaca3e76ea8e636140 (diff)
crypto: improve key handling
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/vnet/crypto')
-rw-r--r--src/vnet/crypto/crypto.c78
-rw-r--r--src/vnet/crypto/crypto.h51
2 files changed, 118 insertions, 11 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index dbdb58b16f6..b748e47fd3d 100644
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -129,7 +129,7 @@ vnet_crypto_set_handler (char *alg_name, char *engine)
return 0;
}
-vlib_error_t *
+void
vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
vnet_crypto_op_id_t opt,
vnet_crypto_ops_handler_t * fn)
@@ -145,7 +145,7 @@ vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
{
otd->active_engine_index = engine_index;
cm->ops_handlers[opt] = fn;
- return 0;
+ return;
}
ae = vec_elt_at_index (cm->engines, otd->active_engine_index);
if (ae->priority < e->priority)
@@ -154,7 +154,79 @@ vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
cm->ops_handlers[opt] = fn;
}
- return 0;
+ return;
+}
+
+void
+vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
+ vnet_crypto_key_handler_t * key_handler)
+{
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_engine_t *e = vec_elt_at_index (cm->engines, engine_index);
+ e->key_op_handler = key_handler;
+ return;
+}
+
+u32
+vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data,
+ u16 length)
+{
+ u32 index;
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_engine_t *engine;
+ vnet_crypto_key_t *key;
+ pool_get_zero (cm->keys, key);
+ index = key - cm->keys;
+ key->alg = alg;
+ vec_validate_aligned (key->data, length - 1, CLIB_CACHE_LINE_BYTES);
+ clib_memcpy (key->data, data, length);
+
+ /* *INDENT-OFF* */
+ vec_foreach (engine, cm->engines)
+ if (engine->key_op_handler)
+ engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_ADD, index);
+ /* *INDENT-ON* */
+ return index;
+}
+
+void
+vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index)
+{
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_engine_t *engine;
+ vnet_crypto_key_t *key = pool_elt_at_index (cm->keys, index);
+
+ /* *INDENT-OFF* */
+ vec_foreach (engine, cm->engines)
+ if (engine->key_op_handler)
+ engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_DEL, index);
+ /* *INDENT-ON* */
+
+ clib_memset (key->data, 0, vec_len (key->data));
+ vec_free (key->data);
+ pool_put (cm->keys, key);
+}
+
+void
+vnet_crypto_key_modify (vlib_main_t * vm, vnet_crypto_key_index_t index,
+ vnet_crypto_alg_t alg, u8 * data, u16 length)
+{
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_engine_t *engine;
+ vnet_crypto_key_t *key = pool_elt_at_index (cm->keys, index);
+
+ if (vec_len (key->data))
+ clib_memset (key->data, 0, vec_len (key->data));
+ vec_free (key->data);
+ vec_validate_aligned (key->data, length - 1, CLIB_CACHE_LINE_BYTES);
+ clib_memcpy (key->data, data, length);
+ key->alg = alg;
+
+ /* *INDENT-OFF* */
+ vec_foreach (engine, cm->engines)
+ if (engine->key_op_handler)
+ engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_MODIFY, index);
+ /* *INDENT-ON* */
}
static void
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 901c363342b..6ab32ec22bf 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -68,6 +68,13 @@ typedef enum
typedef enum
{
+ VNET_CRYPTO_KEY_OP_ADD,
+ VNET_CRYPTO_KEY_OP_DEL,
+ VNET_CRYPTO_KEY_OP_MODIFY,
+} vnet_crypto_key_op_t;
+
+typedef enum
+{
#define _(n, s) VNET_CRYPTO_OP_STATUS_##n,
foreach_crypto_op_status
#undef _
@@ -77,6 +84,7 @@ typedef enum
/* *INDENT-OFF* */
typedef enum
{
+ VNET_CRYPTO_ALG_NONE = 0,
#define _(n, s) VNET_CRYPTO_ALG_##n,
foreach_crypto_cipher_alg
foreach_crypto_aead_alg
@@ -87,6 +95,12 @@ typedef enum
VNET_CRYPTO_N_ALGS,
} vnet_crypto_alg_t;
+typedef struct
+{
+ u8 *data;
+ vnet_crypto_alg_t alg:8;
+} vnet_crypto_key_t;
+
typedef enum
{
VNET_CRYPTO_OP_NONE = 0,
@@ -115,10 +129,10 @@ typedef struct
u8 flags;
#define VNET_CRYPTO_OP_FLAG_INIT_IV (1 << 0)
#define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 1)
+ u32 key_index;
u32 len, salt;
u16 aad_len;
- u8 key_len, iv_len, digest_len, tag_len;
- u8 *key;
+ u8 iv_len, digest_len, tag_len;
u8 *iv;
u8 *src;
u8 *dst;
@@ -141,23 +155,30 @@ typedef struct
clib_bitmap_t *act_queues;
} vnet_crypto_thread_t;
+typedef u32 vnet_crypto_key_index_t;
+
typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm,
vnet_crypto_op_t * ops[], u32 n_ops);
+typedef void (vnet_crypto_key_handler_t) (vlib_main_t * vm,
+ vnet_crypto_key_op_t kop,
+ vnet_crypto_key_index_t idx);
+
u32 vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
char *desc);
-vlib_error_t *vnet_crypto_register_ops_handler (vlib_main_t * vm,
- u32 provider_index,
- vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t *
- f);
+void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_ops_handler_t * oph);
+void vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
+ vnet_crypto_key_handler_t * keyh);
typedef struct
{
char *name;
char *desc;
int priority;
+ vnet_crypto_key_handler_t *key_op_handler;
vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS];
} vnet_crypto_engine_t;
@@ -168,6 +189,7 @@ typedef struct
vnet_crypto_ops_handler_t **ops_handlers;
vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS];
vnet_crypto_engine_t *engines;
+ vnet_crypto_key_t *keys;
uword *engine_index_by_name;
uword *alg_index_by_name;
} vnet_crypto_main_t;
@@ -180,9 +202,14 @@ u32 vnet_crypto_submit_ops (vlib_main_t * vm, vnet_crypto_op_t ** jobs,
u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
u32 n_ops);
-
int vnet_crypto_set_handler (char *ops_handler_name, char *engine);
+u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg,
+ u8 * data, u16 length);
+void vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index);
+void vnet_crypto_key_modify (vlib_main_t * vm, vnet_crypto_key_index_t index,
+ vnet_crypto_alg_t alg, u8 * data, u16 len);
+
format_function_t format_vnet_crypto_alg;
format_function_t format_vnet_crypto_engine;
format_function_t format_vnet_crypto_op;
@@ -197,6 +224,7 @@ vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type)
clib_memset (op, 0xfe, sizeof (*op));
op->op = type;
op->flags = 0;
+ op->key_index = ~0;
}
static_always_inline vnet_crypto_op_type_t
@@ -207,6 +235,13 @@ vnet_crypto_get_op_type (vnet_crypto_op_id_t id)
return od->type;
}
+static_always_inline vnet_crypto_key_t *
+vnet_crypto_get_key (vnet_crypto_key_index_t index)
+{
+ vnet_crypto_main_t *cm = &crypto_main;
+ return vec_elt_at_index (cm->keys, index);
+}
+
#endif /* included_vnet_crypto_crypto_h */
/*