diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2021-02-01 05:17:24 -0500 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2021-04-20 16:30:07 +0000 |
commit | 005d1e4d4822454363c4a0fa3a1d8b33a14ba6e8 (patch) | |
tree | d07153a8f8cb357194588b1d59bf898961a23933 /src/vnet | |
parent | 3b3cbfb1c083efed6a582fe26a41ab31f3aed504 (diff) |
crypto: support async handlers for 3des and md5
With this change, add support for 3DES and MD5 in IPsec async mode.
After changes in foreach_crypto_link_async_alg, the last combination in
the list (aes-256-cbc-hmac-sha-512) started to fail during decription.
That was also fixed by proper vector size validation.
Type: improvement
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I660657bdab62ea9cf031c3e43d99f2317e5f74d7
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/crypto/crypto.c | 6 | ||||
-rw-r--r-- | src/vnet/crypto/crypto.h | 9 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index b98d219d385..74f945e8382 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -283,9 +283,9 @@ vnet_crypto_register_async_handler (vlib_main_t * vm, u32 engine_index, vnet_crypto_main_t *cm = &crypto_main; vnet_crypto_engine_t *ae, *e = vec_elt_at_index (cm->engines, engine_index); vnet_crypto_async_op_data_t *otd = cm->async_opt_data + opt; - vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1, + vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS, CLIB_CACHE_LINE_BYTES); - vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1, + vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS, CLIB_CACHE_LINE_BYTES); /* both enqueue hdl and dequeue hdl should present */ @@ -721,7 +721,7 @@ vnet_crypto_init (vlib_main_t * vm) CLIB_CACHE_LINE_BYTES); vec_validate (cm->algs, VNET_CRYPTO_N_ALGS); vec_validate (cm->async_algs, VNET_CRYPTO_N_ASYNC_ALGS); - clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS - 1); + clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS); #define _(n, s, l) \ vnet_crypto_init_cipher_data (VNET_CRYPTO_ALG_##n, \ diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 7db591fcf86..a44c8910555 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -86,18 +86,27 @@ typedef enum /* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */ #define foreach_crypto_link_async_alg \ + _ (3DES_CBC, MD5, "3des-cbc-hmac-md5", 24, 12) \ + _ (AES_128_CBC, MD5, "aes-128-cbc-hmac-md5", 16, 12) \ + _ (AES_192_CBC, MD5, "aes-192-cbc-hmac-md5", 24, 12) \ + _ (AES_256_CBC, MD5, "aes-256-cbc-hmac-md5", 32, 12) \ + _ (3DES_CBC, SHA1, "3des-cbc-hmac-sha-1", 24, 12) \ _ (AES_128_CBC, SHA1, "aes-128-cbc-hmac-sha-1", 16, 12) \ _ (AES_192_CBC, SHA1, "aes-192-cbc-hmac-sha-1", 24, 12) \ _ (AES_256_CBC, SHA1, "aes-256-cbc-hmac-sha-1", 32, 12) \ + _ (3DES_CBC, SHA224, "3des-cbc-hmac-sha-224", 24, 14) \ _ (AES_128_CBC, SHA224, "aes-128-cbc-hmac-sha-224", 16, 14) \ _ (AES_192_CBC, SHA224, "aes-192-cbc-hmac-sha-224", 24, 14) \ _ (AES_256_CBC, SHA224, "aes-256-cbc-hmac-sha-224", 32, 14) \ + _ (3DES_CBC, SHA256, "3des-cbc-hmac-sha-256", 24, 16) \ _ (AES_128_CBC, SHA256, "aes-128-cbc-hmac-sha-256", 16, 16) \ _ (AES_192_CBC, SHA256, "aes-192-cbc-hmac-sha-256", 24, 16) \ _ (AES_256_CBC, SHA256, "aes-256-cbc-hmac-sha-256", 32, 16) \ + _ (3DES_CBC, SHA384, "3des-cbc-hmac-sha-384", 24, 24) \ _ (AES_128_CBC, SHA384, "aes-128-cbc-hmac-sha-384", 16, 24) \ _ (AES_192_CBC, SHA384, "aes-192-cbc-hmac-sha-384", 24, 24) \ _ (AES_256_CBC, SHA384, "aes-256-cbc-hmac-sha-384", 32, 24) \ + _ (3DES_CBC, SHA512, "3des-cbc-hmac-sha-512", 24, 32) \ _ (AES_128_CBC, SHA512, "aes-128-cbc-hmac-sha-512", 16, 32) \ _ (AES_192_CBC, SHA512, "aes-192-cbc-hmac-sha-512", 24, 32) \ _ (AES_256_CBC, SHA512, "aes-256-cbc-hmac-sha-512", 32, 32) \ |