diff options
author | Damjan Marion <damarion@cisco.com> | 2019-04-25 18:15:52 +0200 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-25 18:04:02 +0000 |
commit | b5c305495257f5861241dc7f99357f9c1d51ae4b (patch) | |
tree | db14a9f84529a8840d28d1340c57088824c90796 /src | |
parent | 4cb83811e3aa10ae780294a0e40ff901714baff9 (diff) |
crypto_ipsecmb: CBC IV size is always equal to block size
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/crypto_ipsecmb/ipsecmb.c | 40 |
1 files changed, 13 insertions, 27 deletions
diff --git a/src/plugins/crypto_ipsecmb/ipsecmb.c b/src/plugins/crypto_ipsecmb/ipsecmb.c index 17cc90b544b..60b5bb96704 100644 --- a/src/plugins/crypto_ipsecmb/ipsecmb.c +++ b/src/plugins/crypto_ipsecmb/ipsecmb.c @@ -70,12 +70,12 @@ static ipsecmb_main_t ipsecmb_main = { }; _(SHA512, SHA_512, sha512, 128, 64, 64) /* - * (Alg, key-len-bits, iv-len-bytes) + * (Alg, key-len-bits) */ #define foreach_ipsecmb_cbc_cipher_op \ - _(AES_128_CBC, 128, 16) \ - _(AES_192_CBC, 192, 16) \ - _(AES_256_CBC, 256, 16) + _(AES_128_CBC, 128) \ + _(AES_192_CBC, 192) \ + _(AES_256_CBC, 256) /* * (Alg, key-len-bytes, iv-len-bytes) @@ -189,9 +189,8 @@ ipsecmb_retire_cipher_job (JOB_AES_HMAC * job, u32 * n_fail) } static_always_inline u32 -ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm, - vnet_crypto_op_t * ops[], - u32 n_ops, u32 key_len, u32 iv_len, +ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm, vnet_crypto_op_t * ops[], + u32 n_ops, u32 key_len, JOB_CIPHER_DIRECTION direction) { ipsecmb_main_t *imbm = &ipsecmb_main; @@ -200,9 +199,6 @@ ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm, JOB_AES_HMAC *job; u32 i, n_fail = 0; - /* - * queue all the jobs first ... - */ for (i = 0; i < n_ops; i++) { ipsecmb_aes_cbc_key_data_t *kd; @@ -233,7 +229,7 @@ ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm, job->aes_enc_key_expanded = kd->enc_key_exp; job->aes_dec_key_expanded = kd->dec_key_exp; job->iv = op->iv; - job->iv_len_in_bytes = iv_len; + job->iv_len_in_bytes = AES_BLOCK_SIZE; job->user_data = op; @@ -243,34 +239,24 @@ ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm, ipsecmb_retire_cipher_job (job, &n_fail); } - /* - * .. then flush (i.e. complete) them - * We will have queued enough to satisfy the 'multi' buffer - */ while ((job = IMB_FLUSH_JOB (ptd->mgr))) - { - ipsecmb_retire_cipher_job (job, &n_fail); - } + ipsecmb_retire_cipher_job (job, &n_fail); return n_ops - n_fail; } -#define _(a, b, c) \ +#define _(a, b) \ static_always_inline u32 \ ipsecmb_ops_cbc_cipher_enc_##a (vlib_main_t * vm, \ vnet_crypto_op_t * ops[], \ u32 n_ops) \ -{ return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, c, ENCRYPT); } \ - -foreach_ipsecmb_cbc_cipher_op; -#undef _ - -#define _(a, b, c) \ +{ return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, ENCRYPT); } \ + \ static_always_inline u32 \ ipsecmb_ops_cbc_cipher_dec_##a (vlib_main_t * vm, \ vnet_crypto_op_t * ops[], \ u32 n_ops) \ -{ return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, c, DECRYPT); } \ +{ return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, DECRYPT); } \ foreach_ipsecmb_cbc_cipher_op; #undef _ @@ -564,7 +550,7 @@ crypto_ipsecmb_init (vlib_main_t * vm) foreach_ipsecmb_hmac_op; #undef _ -#define _(a, b, c) \ +#define _(a, b) \ vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \ ipsecmb_ops_cbc_cipher_enc_##a); \ vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \ |