diff options
| author |   Damjan Marion <damarion@cisco.com> | 2019-04-24 15:20:35 +0200 |
|---|---|---|
| committer |   Neale Ranns <nranns@cisco.com> | 2019-04-25 01:36:12 +0000 |
| commit | d1bed687231bb64cf7761da37431ba61bc32b6d8 (patch) | |
| tree | 891af80a873db9dda53c18e95f5eeb9366a1cb07 /src/vnet/ipsec/ipsec_if.c | |
| parent | 20bc56ab58189ad9fa24feaaca3e76ea8e636140 (diff) | |
crypto: improve key handling
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_if.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 8d0eef21ae0..9f64634c51e 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -510,6 +510,7 @@ int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 * key) { + vlib_main_t *vm = vlib_get_main (); ipsec_main_t *im = &ipsec_main; vnet_hw_interface_t *hi; ipsec_tunnel_if_t *t; @@ -526,24 +527,36 @@ ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index, sa = pool_elt_at_index (im->sad, t->output_sa_index); ipsec_sa_set_crypto_alg (sa, alg); ipsec_mk_key (&sa->crypto_key, key, vec_len (key)); + sa->crypto_calg = im->crypto_algs[alg].alg; + vnet_crypto_key_modify (vm, sa->crypto_key_index, sa->crypto_calg, + key, vec_len (key)); } else if (type == IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG) { sa = pool_elt_at_index (im->sad, t->output_sa_index); ipsec_sa_set_integ_alg (sa, alg); ipsec_mk_key (&sa->integ_key, key, vec_len (key)); + sa->integ_calg = im->integ_algs[alg].alg; + vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg, + key, vec_len (key)); } else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO) { sa = pool_elt_at_index (im->sad, t->input_sa_index); ipsec_sa_set_crypto_alg (sa, alg); ipsec_mk_key (&sa->crypto_key, key, vec_len (key)); + sa->crypto_calg = im->crypto_algs[alg].alg; + vnet_crypto_key_modify (vm, sa->crypto_key_index, sa->crypto_calg, + key, vec_len (key)); } else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG) { sa = pool_elt_at_index (im->sad, t->input_sa_index); ipsec_sa_set_integ_alg (sa, alg); ipsec_mk_key (&sa->integ_key, key, vec_len (key)); + sa->integ_calg = im->integ_algs[alg].alg; + vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg, + key, vec_len (key)); } else return VNET_API_ERROR_INVALID_VALUE; |