summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec.c
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-03-18 18:59:25 +0100
committerNeale Ranns <nranns@cisco.com>2019-03-19 16:29:43 +0000
commit91f17dc7c4e79343b8fba924e7cea6380a0e6653 (patch)
treea5c47649bcf8d6668dc509bbc6f7b67e45714784 /src/vnet/ipsec/ipsec.c
parent5daf0c55c094167ad590f683451239fa3e25c7fc (diff)
crypto: introduce crypto infra
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
-rw-r--r--src/vnet/ipsec/ipsec.c71
1 files changed, 50 insertions, 21 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index ce93f32b429..e9d13a4e717 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -26,24 +26,6 @@
#include <vnet/ipsec/ah.h>
ipsec_main_t ipsec_main;
-ipsec_proto_main_t ipsec_proto_main;
-
-static void
-ipsec_rand_seed (void)
-{
- struct
- {
- time_t time;
- pid_t pid;
- void *p;
- } seed_data;
-
- seed_data.time = time (NULL);
- seed_data.pid = getpid ();
- seed_data.p = (void *) &seed_data;
-
- RAND_seed ((const void *) &seed_data, sizeof (seed_data));
-}
static clib_error_t *
ipsec_check_ah_support (ipsec_sa_t * sa)
@@ -240,8 +222,7 @@ ipsec_init (vlib_main_t * vm)
{
clib_error_t *error;
ipsec_main_t *im = &ipsec_main;
-
- ipsec_rand_seed ();
+ ipsec_main_crypto_alg_t *a;
clib_memset (im, 0, sizeof (im[0]));
@@ -287,7 +268,55 @@ ipsec_init (vlib_main_t * vm)
if ((error = vlib_call_init_function (vm, ipsec_tunnel_if_init)))
return error;
- ipsec_proto_init ();
+ vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
+
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
+ a->enc_op_type = VNET_CRYPTO_OP_DES_CBC_ENC;
+ a->dec_op_type = VNET_CRYPTO_OP_DES_CBC_DEC;
+ a->iv_size = a->block_size = 8;
+
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_3DES_CBC;
+ a->enc_op_type = VNET_CRYPTO_OP_3DES_CBC_ENC;
+ a->dec_op_type = VNET_CRYPTO_OP_3DES_CBC_DEC;
+ a->iv_size = a->block_size = 8;
+
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128;
+ a->enc_op_type = VNET_CRYPTO_OP_AES_128_CBC_ENC;
+ a->dec_op_type = VNET_CRYPTO_OP_AES_128_CBC_DEC;
+ a->iv_size = a->block_size = 16;
+
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192;
+ a->enc_op_type = VNET_CRYPTO_OP_AES_192_CBC_ENC;
+ a->dec_op_type = VNET_CRYPTO_OP_AES_192_CBC_DEC;
+ a->iv_size = a->block_size = 16;
+
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256;
+ a->enc_op_type = VNET_CRYPTO_OP_AES_256_CBC_ENC;
+ a->dec_op_type = VNET_CRYPTO_OP_AES_256_CBC_DEC;
+ a->iv_size = a->block_size = 16;
+
+ vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
+ ipsec_main_integ_alg_t *i;
+
+ i = &im->integ_algs[IPSEC_INTEG_ALG_SHA1_96];
+ i->op_type = VNET_CRYPTO_OP_SHA1_HMAC;
+ i->trunc_size = 12;
+
+ i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
+ i->op_type = VNET_CRYPTO_OP_SHA1_HMAC;
+ i->trunc_size = 12;
+
+ i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
+ i->op_type = VNET_CRYPTO_OP_SHA256_HMAC;
+ i->trunc_size = 16;
+
+ i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
+ i->op_type = VNET_CRYPTO_OP_SHA384_HMAC;
+ i->trunc_size = 24;
+
+ i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
+ i->op_type = VNET_CRYPTO_OP_SHA512_HMAC;
+ i->trunc_size = 32;
return 0;
}