diff options
author | Damjan Marion <damarion@cisco.com> | 2019-04-24 15:20:35 +0200 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2019-04-25 01:36:12 +0000 |
commit | d1bed687231bb64cf7761da37431ba61bc32b6d8 (patch) | |
tree | 891af80a873db9dda53c18e95f5eeb9366a1cb07 /src/vnet/crypto | |
parent | 20bc56ab58189ad9fa24feaaca3e76ea8e636140 (diff) |
crypto: improve key handling
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/vnet/crypto')
-rw-r--r-- | src/vnet/crypto/crypto.c | 78 | ||||
-rw-r--r-- | src/vnet/crypto/crypto.h | 51 |
2 files changed, 118 insertions, 11 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index dbdb58b16f6..b748e47fd3d 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -129,7 +129,7 @@ vnet_crypto_set_handler (char *alg_name, char *engine) return 0; } -vlib_error_t * +void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index, vnet_crypto_op_id_t opt, vnet_crypto_ops_handler_t * fn) @@ -145,7 +145,7 @@ vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index, { otd->active_engine_index = engine_index; cm->ops_handlers[opt] = fn; - return 0; + return; } ae = vec_elt_at_index (cm->engines, otd->active_engine_index); if (ae->priority < e->priority) @@ -154,7 +154,79 @@ vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index, cm->ops_handlers[opt] = fn; } - return 0; + return; +} + +void +vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index, + vnet_crypto_key_handler_t * key_handler) +{ + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_engine_t *e = vec_elt_at_index (cm->engines, engine_index); + e->key_op_handler = key_handler; + return; +} + +u32 +vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data, + u16 length) +{ + u32 index; + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_engine_t *engine; + vnet_crypto_key_t *key; + pool_get_zero (cm->keys, key); + index = key - cm->keys; + key->alg = alg; + vec_validate_aligned (key->data, length - 1, CLIB_CACHE_LINE_BYTES); + clib_memcpy (key->data, data, length); + + /* *INDENT-OFF* */ + vec_foreach (engine, cm->engines) + if (engine->key_op_handler) + engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_ADD, index); + /* *INDENT-ON* */ + return index; +} + +void +vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index) +{ + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_engine_t *engine; + vnet_crypto_key_t *key = pool_elt_at_index (cm->keys, index); + + /* *INDENT-OFF* */ + vec_foreach (engine, cm->engines) + if (engine->key_op_handler) + engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_DEL, index); + /* *INDENT-ON* */ + + clib_memset (key->data, 0, vec_len (key->data)); + vec_free (key->data); + pool_put (cm->keys, key); +} + +void +vnet_crypto_key_modify (vlib_main_t * vm, vnet_crypto_key_index_t index, + vnet_crypto_alg_t alg, u8 * data, u16 length) +{ + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_engine_t *engine; + vnet_crypto_key_t *key = pool_elt_at_index (cm->keys, index); + + if (vec_len (key->data)) + clib_memset (key->data, 0, vec_len (key->data)); + vec_free (key->data); + vec_validate_aligned (key->data, length - 1, CLIB_CACHE_LINE_BYTES); + clib_memcpy (key->data, data, length); + key->alg = alg; + + /* *INDENT-OFF* */ + vec_foreach (engine, cm->engines) + if (engine->key_op_handler) + engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_MODIFY, index); + /* *INDENT-ON* */ } static void diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 901c363342b..6ab32ec22bf 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -68,6 +68,13 @@ typedef enum typedef enum { + VNET_CRYPTO_KEY_OP_ADD, + VNET_CRYPTO_KEY_OP_DEL, + VNET_CRYPTO_KEY_OP_MODIFY, +} vnet_crypto_key_op_t; + +typedef enum +{ #define _(n, s) VNET_CRYPTO_OP_STATUS_##n, foreach_crypto_op_status #undef _ @@ -77,6 +84,7 @@ typedef enum /* *INDENT-OFF* */ typedef enum { + VNET_CRYPTO_ALG_NONE = 0, #define _(n, s) VNET_CRYPTO_ALG_##n, foreach_crypto_cipher_alg foreach_crypto_aead_alg @@ -87,6 +95,12 @@ typedef enum VNET_CRYPTO_N_ALGS, } vnet_crypto_alg_t; +typedef struct +{ + u8 *data; + vnet_crypto_alg_t alg:8; +} vnet_crypto_key_t; + typedef enum { VNET_CRYPTO_OP_NONE = 0, @@ -115,10 +129,10 @@ typedef struct u8 flags; #define VNET_CRYPTO_OP_FLAG_INIT_IV (1 << 0) #define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 1) + u32 key_index; u32 len, salt; u16 aad_len; - u8 key_len, iv_len, digest_len, tag_len; - u8 *key; + u8 iv_len, digest_len, tag_len; u8 *iv; u8 *src; u8 *dst; @@ -141,23 +155,30 @@ typedef struct clib_bitmap_t *act_queues; } vnet_crypto_thread_t; +typedef u32 vnet_crypto_key_index_t; + typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops); +typedef void (vnet_crypto_key_handler_t) (vlib_main_t * vm, + vnet_crypto_key_op_t kop, + vnet_crypto_key_index_t idx); + u32 vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio, char *desc); -vlib_error_t *vnet_crypto_register_ops_handler (vlib_main_t * vm, - u32 provider_index, - vnet_crypto_op_id_t opt, - vnet_crypto_ops_handler_t * - f); +void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index, + vnet_crypto_op_id_t opt, + vnet_crypto_ops_handler_t * oph); +void vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index, + vnet_crypto_key_handler_t * keyh); typedef struct { char *name; char *desc; int priority; + vnet_crypto_key_handler_t *key_op_handler; vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS]; } vnet_crypto_engine_t; @@ -168,6 +189,7 @@ typedef struct vnet_crypto_ops_handler_t **ops_handlers; vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS]; vnet_crypto_engine_t *engines; + vnet_crypto_key_t *keys; uword *engine_index_by_name; uword *alg_index_by_name; } vnet_crypto_main_t; @@ -180,9 +202,14 @@ u32 vnet_crypto_submit_ops (vlib_main_t * vm, vnet_crypto_op_t ** jobs, u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[], u32 n_ops); - int vnet_crypto_set_handler (char *ops_handler_name, char *engine); +u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, + u8 * data, u16 length); +void vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index); +void vnet_crypto_key_modify (vlib_main_t * vm, vnet_crypto_key_index_t index, + vnet_crypto_alg_t alg, u8 * data, u16 len); + format_function_t format_vnet_crypto_alg; format_function_t format_vnet_crypto_engine; format_function_t format_vnet_crypto_op; @@ -197,6 +224,7 @@ vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type) clib_memset (op, 0xfe, sizeof (*op)); op->op = type; op->flags = 0; + op->key_index = ~0; } static_always_inline vnet_crypto_op_type_t @@ -207,6 +235,13 @@ vnet_crypto_get_op_type (vnet_crypto_op_id_t id) return od->type; } +static_always_inline vnet_crypto_key_t * +vnet_crypto_get_key (vnet_crypto_key_index_t index) +{ + vnet_crypto_main_t *cm = &crypto_main; + return vec_elt_at_index (cm->keys, index); +} + #endif /* included_vnet_crypto_crypto_h */ /* |