diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-04-08 07:36:50 +0000 |
|---|---|---|
| committer |   Dave Wallace <dwallacelf@gmail.com> | 2019-04-10 18:35:13 +0000 |
| commit | 92e93844826fc080ea7f3495ba3e06de3f4d03f1 (patch) | |
| tree | 0725acaacebcec816db24be35143824e4326bb68 /src/vnet | |
| parent | 9847792e18f1fd9f3b8fedea4fc53eed1096ab75 (diff) | |
crypto: Intel IPSEC-MB engine
A plugin to use Intel IPSec MB library as a VPP crypto engine
This changes uses concepts from:
https://gerrit.fd.io/r/#/c/17301/
hence that author's work is acknowledge below
Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet')
| -rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 13 | ||||
| -rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 2 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 9b24e5aaeaa..de951d1dc85 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -232,7 +232,9 @@ esp_decrypt_inline (vlib_main_t * vm, vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES); vnet_crypto_op_init (op, sa0->crypto_dec_op_id); op->key = sa0->crypto_key.data; + op->key_len = sa0->crypto_key.len; op->iv = payload; + op->iv_len = cpd.iv_sz; op->src = op->dst = payload += cpd.iv_sz; op->len = len; op->user_data = b - bufs; @@ -280,8 +282,15 @@ esp_decrypt_inline (vlib_main_t * vm, ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops)); if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED) { - u32 bi = op->user_data; - u32 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR; + u32 err, bi; + + bi = op->user_data; + + if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC) + err = ESP_DECRYPT_ERROR_INTEG_ERROR; + else + err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR; + bufs[bi]->error = node->errors[err]; nexts[bi] = ESP_DECRYPT_NEXT_DROP; n--; diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index bb1effda68b..c8018594bd1 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -431,8 +431,10 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES); vnet_crypto_op_init (op, sa0->crypto_enc_op_id); op->iv = payload - iv_sz; + op->iv_len = iv_sz; op->src = op->dst = payload; op->key = sa0->crypto_key.data; + op->key_len = sa0->crypto_key.len; op->len = payload_len - icv_sz; op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV; op->user_data = b - bufs; |