diff options
| author |   Damjan Marion <damarion@cisco.com> | 2019-03-18 18:59:25 +0100 |
|---|---|---|
| committer |   Neale Ranns <nranns@cisco.com> | 2019-03-19 16:29:43 +0000 |
| commit | 91f17dc7c4e79343b8fba924e7cea6380a0e6653 (patch) | |
| tree | a5c47649bcf8d6668dc509bbc6f7b67e45714784 /src/vnet/ipsec/ipsec.c | |
| parent | 5daf0c55c094167ad590f683451239fa3e25c7fc (diff) | |
crypto: introduce crypto infra
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec.c | 71 |
1 files changed, 50 insertions, 21 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index ce93f32b429..e9d13a4e717 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -26,24 +26,6 @@ #include <vnet/ipsec/ah.h> ipsec_main_t ipsec_main; -ipsec_proto_main_t ipsec_proto_main; - -static void -ipsec_rand_seed (void) -{ - struct - { - time_t time; - pid_t pid; - void *p; - } seed_data; - - seed_data.time = time (NULL); - seed_data.pid = getpid (); - seed_data.p = (void *) &seed_data; - - RAND_seed ((const void *) &seed_data, sizeof (seed_data)); -} static clib_error_t * ipsec_check_ah_support (ipsec_sa_t * sa) @@ -240,8 +222,7 @@ ipsec_init (vlib_main_t * vm) { clib_error_t *error; ipsec_main_t *im = &ipsec_main; - - ipsec_rand_seed (); + ipsec_main_crypto_alg_t *a; clib_memset (im, 0, sizeof (im[0])); @@ -287,7 +268,55 @@ ipsec_init (vlib_main_t * vm) if ((error = vlib_call_init_function (vm, ipsec_tunnel_if_init))) return error; - ipsec_proto_init (); + vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1); + + a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC; + a->enc_op_type = VNET_CRYPTO_OP_DES_CBC_ENC; + a->dec_op_type = VNET_CRYPTO_OP_DES_CBC_DEC; + a->iv_size = a->block_size = 8; + + a = im->crypto_algs + IPSEC_CRYPTO_ALG_3DES_CBC; + a->enc_op_type = VNET_CRYPTO_OP_3DES_CBC_ENC; + a->dec_op_type = VNET_CRYPTO_OP_3DES_CBC_DEC; + a->iv_size = a->block_size = 8; + + a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128; + a->enc_op_type = VNET_CRYPTO_OP_AES_128_CBC_ENC; + a->dec_op_type = VNET_CRYPTO_OP_AES_128_CBC_DEC; + a->iv_size = a->block_size = 16; + + a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192; + a->enc_op_type = VNET_CRYPTO_OP_AES_192_CBC_ENC; + a->dec_op_type = VNET_CRYPTO_OP_AES_192_CBC_DEC; + a->iv_size = a->block_size = 16; + + a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256; + a->enc_op_type = VNET_CRYPTO_OP_AES_256_CBC_ENC; + a->dec_op_type = VNET_CRYPTO_OP_AES_256_CBC_DEC; + a->iv_size = a->block_size = 16; + + vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1); + ipsec_main_integ_alg_t *i; + + i = &im->integ_algs[IPSEC_INTEG_ALG_SHA1_96]; + i->op_type = VNET_CRYPTO_OP_SHA1_HMAC; + i->trunc_size = 12; + + i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_96]; + i->op_type = VNET_CRYPTO_OP_SHA1_HMAC; + i->trunc_size = 12; + + i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_128]; + i->op_type = VNET_CRYPTO_OP_SHA256_HMAC; + i->trunc_size = 16; + + i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_384_192]; + i->op_type = VNET_CRYPTO_OP_SHA384_HMAC; + i->trunc_size = 24; + + i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_512_256]; + i->op_type = VNET_CRYPTO_OP_SHA512_HMAC; + i->trunc_size = 32; return 0; } |