aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2021-02-01 05:17:24 -0500
committerMatthew Smith <mgsmith@netgate.com>2021-04-20 16:30:07 +0000
commit005d1e4d4822454363c4a0fa3a1d8b33a14ba6e8 (patch)
treed07153a8f8cb357194588b1d59bf898961a23933 /src/vnet
parent3b3cbfb1c083efed6a582fe26a41ab31f3aed504 (diff)
crypto: support async handlers for 3des and md5
With this change, add support for 3DES and MD5 in IPsec async mode. After changes in foreach_crypto_link_async_alg, the last combination in the list (aes-256-cbc-hmac-sha-512) started to fail during decription. That was also fixed by proper vector size validation. Type: improvement Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I660657bdab62ea9cf031c3e43d99f2317e5f74d7
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/crypto/crypto.c6
-rw-r--r--src/vnet/crypto/crypto.h9
2 files changed, 12 insertions, 3 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index b98d219d385..74f945e8382 100644
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -283,9 +283,9 @@ vnet_crypto_register_async_handler (vlib_main_t * vm, u32 engine_index,
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *ae, *e = vec_elt_at_index (cm->engines, engine_index);
vnet_crypto_async_op_data_t *otd = cm->async_opt_data + opt;
- vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1,
+ vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS,
CLIB_CACHE_LINE_BYTES);
- vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1,
+ vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS,
CLIB_CACHE_LINE_BYTES);
/* both enqueue hdl and dequeue hdl should present */
@@ -721,7 +721,7 @@ vnet_crypto_init (vlib_main_t * vm)
CLIB_CACHE_LINE_BYTES);
vec_validate (cm->algs, VNET_CRYPTO_N_ALGS);
vec_validate (cm->async_algs, VNET_CRYPTO_N_ASYNC_ALGS);
- clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS - 1);
+ clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS);
#define _(n, s, l) \
vnet_crypto_init_cipher_data (VNET_CRYPTO_ALG_##n, \
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 7db591fcf86..a44c8910555 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -86,18 +86,27 @@ typedef enum
/* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */
#define foreach_crypto_link_async_alg \
+ _ (3DES_CBC, MD5, "3des-cbc-hmac-md5", 24, 12) \
+ _ (AES_128_CBC, MD5, "aes-128-cbc-hmac-md5", 16, 12) \
+ _ (AES_192_CBC, MD5, "aes-192-cbc-hmac-md5", 24, 12) \
+ _ (AES_256_CBC, MD5, "aes-256-cbc-hmac-md5", 32, 12) \
+ _ (3DES_CBC, SHA1, "3des-cbc-hmac-sha-1", 24, 12) \
_ (AES_128_CBC, SHA1, "aes-128-cbc-hmac-sha-1", 16, 12) \
_ (AES_192_CBC, SHA1, "aes-192-cbc-hmac-sha-1", 24, 12) \
_ (AES_256_CBC, SHA1, "aes-256-cbc-hmac-sha-1", 32, 12) \
+ _ (3DES_CBC, SHA224, "3des-cbc-hmac-sha-224", 24, 14) \
_ (AES_128_CBC, SHA224, "aes-128-cbc-hmac-sha-224", 16, 14) \
_ (AES_192_CBC, SHA224, "aes-192-cbc-hmac-sha-224", 24, 14) \
_ (AES_256_CBC, SHA224, "aes-256-cbc-hmac-sha-224", 32, 14) \
+ _ (3DES_CBC, SHA256, "3des-cbc-hmac-sha-256", 24, 16) \
_ (AES_128_CBC, SHA256, "aes-128-cbc-hmac-sha-256", 16, 16) \
_ (AES_192_CBC, SHA256, "aes-192-cbc-hmac-sha-256", 24, 16) \
_ (AES_256_CBC, SHA256, "aes-256-cbc-hmac-sha-256", 32, 16) \
+ _ (3DES_CBC, SHA384, "3des-cbc-hmac-sha-384", 24, 24) \
_ (AES_128_CBC, SHA384, "aes-128-cbc-hmac-sha-384", 16, 24) \
_ (AES_192_CBC, SHA384, "aes-192-cbc-hmac-sha-384", 24, 24) \
_ (AES_256_CBC, SHA384, "aes-256-cbc-hmac-sha-384", 32, 24) \
+ _ (3DES_CBC, SHA512, "3des-cbc-hmac-sha-512", 24, 32) \
_ (AES_128_CBC, SHA512, "aes-128-cbc-hmac-sha-512", 16, 32) \
_ (AES_192_CBC, SHA512, "aes-192-cbc-hmac-sha-512", 24, 32) \
_ (AES_256_CBC, SHA512, "aes-256-cbc-hmac-sha-512", 32, 32) \