summaryrefslogtreecommitdiffstats
path: root/src/vnet/lisp-cp
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-04-24 15:20:35 +0200
committerNeale Ranns <nranns@cisco.com>2019-04-25 01:36:12 +0000
commitd1bed687231bb64cf7761da37431ba61bc32b6d8 (patch)
tree891af80a873db9dda53c18e95f5eeb9366a1cb07 /src/vnet/lisp-cp
parent20bc56ab58189ad9fa24feaaca3e76ea8e636140 (diff)
crypto: improve key handling
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/vnet/lisp-cp')
-rw-r--r--src/vnet/lisp-cp/control.c36
1 files changed, 32 insertions, 4 deletions
diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c
index 340217c661e..f8e9c1d5b44 100644
--- a/src/vnet/lisp-cp/control.c
+++ b/src/vnet/lisp-cp/control.c
@@ -2725,6 +2725,22 @@ build_map_register_record_list (lisp_cp_main_t * lcm)
return recs;
}
+static vnet_crypto_alg_t
+lisp_key_type_to_crypto_alg (lisp_key_type_t key_id)
+{
+ switch (key_id)
+ {
+ case HMAC_SHA_1_96:
+ return VNET_CRYPTO_ALG_HMAC_SHA1;
+ case HMAC_SHA_256_128:
+ return VNET_CRYPTO_ALG_HMAC_SHA256;
+ default:
+ clib_warning ("unsupported encryption key type: %d!", key_id);
+ break;
+ }
+ return VNET_CRYPTO_ALG_NONE;
+}
+
static vnet_crypto_op_id_t
lisp_key_type_to_crypto_op (lisp_key_type_t key_id)
{
@@ -2750,17 +2766,23 @@ update_map_register_auth_data (map_register_hdr_t * map_reg_hdr,
MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id);
MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len);
vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
- op->key = key;
- op->key_len = vec_len (key);
op->len = msg_len;
op->digest = MREG_DATA (map_reg_hdr);
op->src = (u8 *) map_reg_hdr;
op->digest_len = 0;
op->iv = 0;
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
+
+ op->key_index = ki;
+
vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
return 0;
}
@@ -3926,6 +3948,7 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
u16 auth_data_len;
int result;
vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
u8 out[EVP_MAX_MD_SIZE] = { 0, };
auth_data_len = auth_data_len_by_key_id (key_id);
@@ -3943,15 +3966,20 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
clib_memset (MNOTIFY_DATA (h), 0, auth_data_len);
vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
- op->key = key;
- op->key_len = vec_len (key);
op->len = msg_len;
op->digest = out;
op->src = (u8 *) h;
op->digest_len = 0;
op->iv = 0;
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
+
+ op->key_index = ki;
+
vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
result = memcmp (out, auth_data, auth_data_len);