summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/crypto_engines/native/crypto_native.h4
-rw-r--r--src/plugins/crypto_sw_scheduler/main.c2
-rw-r--r--src/plugins/dpdk/cryptodev/cryptodev.c4
-rw-r--r--src/plugins/unittest/crypto_test.c51
-rw-r--r--src/vnet/CMakeLists.txt1
-rw-r--r--src/vnet/crypto/cli.c319
-rw-r--r--src/vnet/crypto/crypto.c410
-rw-r--r--src/vnet/crypto/crypto.h289
-rw-r--r--src/vnet/crypto/crypto_api.c29
-rw-r--r--src/vnet/crypto/engine.h6
-rw-r--r--src/vnet/crypto/format.c6
-rw-r--r--src/vnet/crypto/main.c108
-rw-r--r--src/vnet/crypto/node.c9
-rw-r--r--src/vnet/ipsec/esp_decrypt.c4
-rw-r--r--src/vnet/ipsec/esp_encrypt.c4
-rw-r--r--src/vnet/ipsec/ipsec_sa.c4
16 files changed, 440 insertions, 810 deletions
diff --git a/src/crypto_engines/native/crypto_native.h b/src/crypto_engines/native/crypto_native.h
index 0fcb6a99524..9e2a6b42e52 100644
--- a/src/crypto_engines/native/crypto_native.h
+++ b/src/crypto_engines/native/crypto_native.h
@@ -25,8 +25,8 @@ typedef struct crypto_native_op_handler
{
struct crypto_native_op_handler *next;
vnet_crypto_op_id_t op_id;
- vnet_crypto_ops_handler_t *fn;
- vnet_crypto_chained_ops_handler_t *cfn;
+ vnet_crypto_simple_op_fn_t *fn;
+ vnet_crypto_chained_op_fn_t *cfn;
crypto_native_variant_probe_t *probe;
int priority;
} crypto_native_op_handler_t;
diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c
index 81f13912b6b..dc97ce937d9 100644
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@@ -401,7 +401,7 @@ crypto_sw_scheduler_process_link (vlib_main_t *vm,
}
static_always_inline int
-convert_async_crypto_id (vnet_crypto_async_op_id_t async_op_id, u32 *crypto_op,
+convert_async_crypto_id (vnet_crypto_op_id_t async_op_id, u32 *crypto_op,
u32 *auth_op_or_aad_len, u16 *digest_len, u8 *is_enc)
{
switch (async_op_id)
diff --git a/src/plugins/dpdk/cryptodev/cryptodev.c b/src/plugins/dpdk/cryptodev/cryptodev.c
index 4f533406fca..c60f9c886ff 100644
--- a/src/plugins/dpdk/cryptodev/cryptodev.c
+++ b/src/plugins/dpdk/cryptodev/cryptodev.c
@@ -111,7 +111,7 @@ prepare_linked_xform (struct rte_crypto_sym_xform *xforms,
xform_auth->type = RTE_CRYPTO_SYM_XFORM_AUTH;
xforms->next = xforms + 1;
- switch (key->async_alg)
+ switch (key->alg)
{
#define _(a, b, c, d, e) \
case VNET_CRYPTO_ALG_##a##_##d##_TAG##e: \
@@ -251,7 +251,7 @@ cryptodev_check_supported_vnet_alg (vnet_crypto_key_t *key)
if (key->is_link)
{
- switch (key->async_alg)
+ switch (key->alg)
{
#define _(a, b, c, d, e) \
case VNET_CRYPTO_ALG_##a##_##d##_TAG##e: \
diff --git a/src/plugins/unittest/crypto_test.c b/src/plugins/unittest/crypto_test.c
index eb3f9d05166..0254e1a29b8 100644
--- a/src/plugins/unittest/crypto_test.c
+++ b/src/plugins/unittest/crypto_test.c
@@ -220,9 +220,10 @@ restore_engines (u32 * engs)
if (engs[i] != ~0)
{
- ce = vec_elt_at_index (cm->engines, engs[i]);
- od->active_engine_index_simple = engs[i];
- cm->ops_handlers[i] = ce->ops_handlers[i];
+ vnet_crypto_handler_type_t t = VNET_CRYPTO_HANDLER_TYPE_SIMPLE;
+ ce = vec_elt_at_index (cm->engines, engs[i]);
+ od->active_engine_index[t] = engs[i];
+ cm->opt_data[i].handlers[t] = ce->ops[i].handlers[t];
}
}
@@ -247,12 +248,13 @@ save_current_engines (u32 * engs)
for (i = 1; i < VNET_CRYPTO_N_OP_IDS; i++)
{
vnet_crypto_op_data_t *od = &cm->opt_data[i];
- if (od->active_engine_index_simple != ~0)
+ if (od->active_engine_index[VNET_CRYPTO_HANDLER_TYPE_SIMPLE])
{
/* save engine index */
- engs[i] = od->active_engine_index_simple;
- od->active_engine_index_simple = ce - cm->engines;
- cm->ops_handlers[i] = ce->ops_handlers[i];
+ vnet_crypto_handler_type_t t = VNET_CRYPTO_HANDLER_TYPE_SIMPLE;
+ engs[i] = od->active_engine_index[t];
+ od->active_engine_index[t] = ce - cm->engines;
+ cm->opt_data[i].handlers[t] = ce->ops[i].handlers[t];
}
}
@@ -289,7 +291,7 @@ test_crypto_incremental (vlib_main_t * vm, crypto_test_main_t * tm,
{
r = rv[i];
int t;
- ad = vec_elt_at_index (cm->algs, r->alg);
+ ad = cm->algs + r->alg;
for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
{
vnet_crypto_op_id_t id = ad->op_by_type[t];
@@ -345,7 +347,7 @@ test_crypto_incremental (vlib_main_t * vm, crypto_test_main_t * tm,
{
r = rv[i];
int t;
- ad = vec_elt_at_index (cm->algs, r->alg);
+ ad = cm->algs + r->alg;
for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
{
vnet_crypto_op_id_t id = ad->op_by_type[t];
@@ -442,7 +444,7 @@ test_crypto_static (vlib_main_t * vm, crypto_test_main_t * tm,
{
r = rv[i];
int t;
- ad = vec_elt_at_index (cm->algs, r->alg);
+ ad = cm->algs + r->alg;
for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
{
vnet_crypto_op_id_t id = ad->op_by_type[t];
@@ -648,29 +650,8 @@ test_crypto_static (vlib_main_t * vm, crypto_test_main_t * tm,
static u32
test_crypto_get_key_sz (vnet_crypto_alg_t alg)
{
- switch (alg)
- {
-#define _(n, s, l) \
- case VNET_CRYPTO_ALG_##n: \
- return l;
- foreach_crypto_cipher_alg
- foreach_crypto_aead_alg
-#undef _
- case VNET_CRYPTO_ALG_HMAC_MD5:
- case VNET_CRYPTO_ALG_HMAC_SHA1:
- return 20;
- case VNET_CRYPTO_ALG_HMAC_SHA224:
- return 28;
- case VNET_CRYPTO_ALG_HMAC_SHA256:
- return 32;
- case VNET_CRYPTO_ALG_HMAC_SHA384:
- return 48;
- case VNET_CRYPTO_ALG_HMAC_SHA512:
- return 64;
- default:
- return 0;
- }
- return 0;
+ vnet_crypto_main_t *cm = &crypto_main;
+ return cm->algs[alg].key_length;
}
static clib_error_t *
@@ -702,7 +683,7 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
else
vec_add1 (static_tests, r);
- ad = vec_elt_at_index (cm->algs, r->alg);
+ ad = cm->algs + r->alg;
for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
{
@@ -836,7 +817,7 @@ test_crypto_perf (vlib_main_t * vm, crypto_test_main_t * tm)
u32 n_buffers, n_alloc = 0, warmup_rounds, rounds;
u32 *buffer_indices = 0;
vnet_crypto_op_t *ops1 = 0, *ops2 = 0, *op1, *op2;
- vnet_crypto_alg_data_t *ad = vec_elt_at_index (cm->algs, tm->alg);
+ vnet_crypto_alg_data_t *ad = cm->algs + tm->alg;
vnet_crypto_key_index_t key_index = ~0;
u8 key[64];
int buffer_size = vlib_buffer_get_default_data_size (vm);
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt
index 36cbb7e634b..b6227d45a2a 100644
--- a/src/vnet/CMakeLists.txt
+++ b/src/vnet/CMakeLists.txt
@@ -524,6 +524,7 @@ list(APPEND VNET_SOURCES
crypto/cli.c
crypto/crypto.c
crypto/format.c
+ crypto/main.c
crypto/node.c
crypto/crypto_api.c
)
diff --git a/src/vnet/crypto/cli.c b/src/vnet/crypto/cli.c
index 2ca66f228c3..4cfa1bb1abc 100644
--- a/src/vnet/crypto/cli.c
+++ b/src/vnet/crypto/cli.c
@@ -1,19 +1,7 @@
-/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2025 Cisco Systems, Inc.
*/
-#include <stdbool.h>
#include <vlib/vlib.h>
#include <vnet/crypto/crypto.h>
@@ -38,7 +26,8 @@ show_crypto_engines_command_fn (vlib_main_t * vm,
vlib_cli_output (vm, "%-20s%-8s%s", "Name", "Prio", "Description");
vec_foreach (p, cm->engines)
{
- vlib_cli_output (vm, "%-20s%-8u%s", p->name, p->priority, p->desc);
+ if (p->name)
+ vlib_cli_output (vm, "%-20s%-8u%s", p->name, p->priority, p->desc);
}
return 0;
}
@@ -50,100 +39,53 @@ VLIB_CLI_COMMAND (show_crypto_engines_command, static) =
.function = show_crypto_engines_command_fn,
};
-static u8 *
-format_vnet_crypto_engine_candidates (u8 * s, va_list * args)
-{
- vnet_crypto_engine_t *e;
- vnet_crypto_main_t *cm = &crypto_main;
- u32 id = va_arg (*args, u32);
- u32 ei = va_arg (*args, u32);
- int is_chained = va_arg (*args, int);
- int is_async = va_arg (*args, int);
-
- if (is_async)
- {
- vec_foreach (e, cm->engines)
- {
- if (e->enqueue_handlers[id] && e->dequeue_handler)
- {
- s = format (s, "%U", format_vnet_crypto_engine, e - cm->engines);
- if (ei == e - cm->engines)
- s = format (s, "%c ", '*');
- else
- s = format (s, " ");
- }
- }
-
- return s;
- }
- else
- {
- vec_foreach (e, cm->engines)
- {
- void * h = is_chained ? (void *) e->chained_ops_handlers[id]
- : (void *) e->ops_handlers[id];
-
- if (h)
- {
- s = format (s, "%U", format_vnet_crypto_engine, e - cm->engines);
- if (ei == e - cm->engines)
- s = format (s, "%c ", '*');
- else
- s = format (s, " ");
- }
- }
- return s;
- }
-}
-
-static u8 *
-format_vnet_crypto_handlers (u8 * s, va_list * args)
-{
- vnet_crypto_alg_t alg = va_arg (*args, vnet_crypto_alg_t);
- vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_alg_data_t *d = vec_elt_at_index (cm->algs, alg);
- u32 indent = format_get_indent (s);
- int i, first = 1;
-
- for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
- {
- vnet_crypto_op_data_t *od;
- vnet_crypto_op_id_t id = d->op_by_type[i];
-
- if (id == 0)
- continue;
-
- od = cm->opt_data + id;
- if (first == 0)
- s = format (s, "\n%U", format_white_space, indent);
- s = format (s, "%-16U", format_vnet_crypto_op_type, od->type);
-
- s = format (s, "%-28U", format_vnet_crypto_engine_candidates, id,
- od->active_engine_index_simple, 0, 0);
- s = format (s, "%U", format_vnet_crypto_engine_candidates, id,
- od->active_engine_index_chained, 1, 0);
- first = 0;
- }
- return s;
-}
-
-
static clib_error_t *
show_crypto_handlers_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
+ vnet_crypto_main_t *cm = &crypto_main;
unformat_input_t _line_input, *line_input = &_line_input;
- int i;
+ u8 *s = 0;
+ char *handler_type_str[] = {
+#define _(n, s) [VNET_CRYPTO_HANDLER_TYPE_##n] = s,
+ foreach_crypto_handler_type
+ };
if (unformat_user (input, unformat_line_input, line_input))
unformat_free (line_input);
- vlib_cli_output (vm, "%-16s%-16s%-28s%s", "Algo", "Type", "Simple",
- "Chained");
+ FOREACH_ARRAY_ELT (a, cm->algs)
+ {
+ if (a == cm->algs)
+ continue;
- for (i = 0; i < VNET_CRYPTO_N_ALGS; i++)
- vlib_cli_output (vm, "%-20U%U", format_vnet_crypto_alg, i,
- format_vnet_crypto_handlers, i);
+ vlib_cli_output (vm, "\n%s:", a->name);
+ for (u32 i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
+ if (a->op_by_type[i] != VNET_CRYPTO_OP_NONE)
+ {
+ vlib_cli_output (vm, " %U:", format_vnet_crypto_op_type, i);
+ vnet_crypto_op_id_t id = a->op_by_type[i];
+ vnet_crypto_op_data_t *od = cm->opt_data + id;
+ vnet_crypto_engine_t *e;
+
+ for (u32 i = 0; i < VNET_CRYPTO_HANDLER_N_TYPES; i++)
+ {
+ vec_foreach (e, cm->engines)
+ {
+ if (e->ops[id].handlers[i])
+ {
+ s = format (s, " %s", e->name);
+ if (e->ops[id].handlers[i] == od->handlers[i])
+ s = format (s, "*");
+ }
+ }
+
+ vlib_cli_output (vm, " %s:%v", handler_type_str[i], s);
+ vec_reset_length (s);
+ }
+ }
+ }
+ vec_free (s);
return 0;
}
@@ -163,10 +105,10 @@ set_crypto_handler_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
vnet_crypto_main_t *cm = &crypto_main;
int rc = 0;
- char **args = 0, *s, **arg, *engine = 0;
+ char **args = 0, *s, **arg;
int all = 0;
clib_error_t *error = 0;
- crypto_op_class_type_t oct = CRYPTO_OP_BOTH;
+ vnet_crypto_set_handlers_args_t ha = {};
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -176,11 +118,13 @@ set_crypto_handler_command_fn (vlib_main_t * vm,
if (unformat (line_input, "all"))
all = 1;
else if (unformat (line_input, "simple"))
- oct = CRYPTO_OP_SIMPLE;
+ ha.set_simple = 1;
else if (unformat (line_input, "chained"))
- oct = CRYPTO_OP_CHAINED;
+ ha.set_chained = 1;
else if (unformat (line_input, "both"))
- oct = CRYPTO_OP_BOTH;
+ ha.set_simple = ha.set_chained = 1;
+ else if (unformat (line_input, "async"))
+ ha.set_async = 1;
else if (unformat (line_input, "%s", &s))
vec_add1 (args, s);
else
@@ -196,7 +140,7 @@ set_crypto_handler_command_fn (vlib_main_t * vm,
goto done;
}
- engine = vec_elt_at_index (args, vec_len (args) - 1)[0];
+ ha.engine = vec_elt_at_index (args, vec_len (args) - 1)[0];
vec_del1 (args, vec_len (args) - 1);
if (all)
@@ -207,7 +151,8 @@ set_crypto_handler_command_fn (vlib_main_t * vm,
hash_foreach_mem (key, value, cm->alg_index_by_name,
({
(void) value;
- rc += vnet_crypto_set_handler2 (key, engine, oct);
+ ha.handler_name = key;
+ rc += vnet_crypto_set_handlers (&ha);
}));
if (rc)
@@ -217,88 +162,29 @@ set_crypto_handler_command_fn (vlib_main_t * vm,
{
vec_foreach (arg, args)
{
- rc = vnet_crypto_set_handler2 (arg[0], engine, oct);
- if (rc)
- {
- vlib_cli_output (vm, "failed to set engine %s for %s!",
- engine, arg[0]);
- }
+ ha.handler_name = arg[0];
+ rc = vnet_crypto_set_handlers (&ha);
+ if (rc)
+ vlib_cli_output (vm, "failed to set engine %s for %s!", ha.engine,
+ arg[0]);
}
}
done:
- vec_free (engine);
+ vec_free (ha.engine);
vec_foreach (arg, args) vec_free (arg[0]);
vec_free (args);
unformat_free (line_input);
return error;
}
-VLIB_CLI_COMMAND (set_crypto_handler_command, static) =
-{
+VLIB_CLI_COMMAND (set_crypto_handler_command, static) = {
.path = "set crypto handler",
.short_help = "set crypto handler cipher [cipher2 cipher3 ...] engine"
- " [simple|chained]",
+ " [simple|chained|async]",
.function = set_crypto_handler_command_fn,
};
-static u8 *
-format_vnet_crypto_async_handlers (u8 * s, va_list * args)
-{
- vnet_crypto_async_alg_t alg = va_arg (*args, vnet_crypto_async_alg_t);
- vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_async_alg_data_t *d = vec_elt_at_index (cm->async_algs, alg);
- u32 indent = format_get_indent (s);
- int i, first = 1;
-
- for (i = 0; i < VNET_CRYPTO_ASYNC_OP_N_TYPES; i++)
- {
- vnet_crypto_async_op_data_t *od;
- vnet_crypto_async_op_id_t id = d->op_by_type[i];
-
- if (id == 0)
- continue;
-
- od = cm->async_opt_data + id;
- if (first == 0)
- s = format (s, "\n%U", format_white_space, indent);
- s = format (s, "%-16U", format_vnet_crypto_async_op_type, od->type);
-
- s = format (s, "%U", format_vnet_crypto_engine_candidates, id,
- od->active_engine_index_async, 0, 1);
- first = 0;
- }
- return s;
-}
-
-static clib_error_t *
-show_crypto_async_handlers_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- int i;
-
- if (unformat_user (input, unformat_line_input, line_input))
- unformat_free (line_input);
-
- vlib_cli_output (vm, "%-28s%-16s%s", "Algo", "Type", "Handler");
-
- for (i = 0; i < VNET_CRYPTO_N_ASYNC_ALGS; i++)
- vlib_cli_output (vm, "%-28U%U", format_vnet_crypto_async_alg, i,
- format_vnet_crypto_async_handlers, i);
-
- return 0;
-}
-
-VLIB_CLI_COMMAND (show_crypto_async_handlers_command, static) =
-{
- .path = "show crypto async handlers",
- .short_help = "show crypto async handlers",
- .function = show_crypto_async_handlers_command_fn,
-};
-
-
static clib_error_t *
show_crypto_async_status_command_fn (vlib_main_t * vm,
unformat_input_t * input,
@@ -334,85 +220,6 @@ VLIB_CLI_COMMAND (show_crypto_async_status_command, static) =
};
static clib_error_t *
-set_crypto_async_handler_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- vnet_crypto_main_t *cm = &crypto_main;
- int rc = 0;
- char **args = 0, *s, **arg, *engine = 0;
- int all = 0;
- clib_error_t *error = 0;
-
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "all"))
- all = 1;
- else if (unformat (line_input, "%s", &s))
- vec_add1 (args, s);
- else
- {
- error = clib_error_return (0, "invalid params");
- goto done;
- }
- }
-
- if ((vec_len (args) < 2 && !all) || (vec_len (args) == 0 && all))
- {
- error = clib_error_return (0, "missing cipher or engine!");
- goto done;
- }
-
- engine = vec_elt_at_index (args, vec_len (args) - 1)[0];
- vec_del1 (args, vec_len (args) - 1);
-
- if (all)
- {
- char *key;
- u8 *value;
-
- hash_foreach_mem (key, value, cm->async_alg_index_by_name,
- ({
- (void) value;
- rc += vnet_crypto_set_async_handler2 (key, engine);
- }));
-
- if (rc)
- vlib_cli_output (vm, "failed to set crypto engine!");
- }
- else
- {
- vec_foreach (arg, args)
- {
- rc = vnet_crypto_set_async_handler2 (arg[0], engine);
- if (rc)
- {
- vlib_cli_output (vm, "failed to set engine %s for %s!",
- engine, arg[0]);
- }
- }
- }
-
-done:
- vec_free (engine);
- vec_foreach (arg, args) vec_free (arg[0]);
- vec_free (args);
- unformat_free (line_input);
- return error;
-}
-
-VLIB_CLI_COMMAND (set_crypto_async_handler_command, static) =
-{
- .path = "set crypto async handler",
- .short_help = "set crypto async handler type [type2 type3 ...] engine",
- .function = set_crypto_async_handler_command_fn,
-};
-
-static clib_error_t *
set_crypto_async_dispatch_command_fn (vlib_main_t *vm, unformat_input_t *input,
vlib_cli_command_t *cmd)
{
@@ -450,11 +257,3 @@ VLIB_CLI_COMMAND (set_crypto_async_dispatch_mode_command, static) = {
.short_help = "set crypto async dispatch mode <polling|interrupt|adaptive>",
.function = set_crypto_async_dispatch_command_fn,
};
-
-/*
- * fd.io coding-style-patch-verification: ON
- *
- * Local Variables:
- * eval: (c-set-style "gnu")
- * End:
- */
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index 396b8d4ca6a..35e7768375d 100644
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -1,16 +1,5 @@
-/*
- * Copyright (c) 2018 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2025 Cisco Systems, Inc.
*/
#include <stdbool.h>
@@ -22,8 +11,6 @@
#include <dlfcn.h>
#include <dirent.h>
-vnet_crypto_main_t crypto_main;
-
VLIB_REGISTER_LOG_CLASS (crypto_main_log, static) = {
.class_name = "crypto",
.subclass_name = "main",
@@ -52,26 +39,31 @@ vnet_crypto_process_ops_call_handler (vlib_main_t * vm,
vnet_crypto_op_chunk_t * chunks,
u32 n_ops)
{
+ vnet_crypto_op_data_t *od = cm->opt_data + opt;
u32 rv = 0;
if (n_ops == 0)
return 0;
if (chunks)
{
+ vnet_crypto_chained_op_fn_t *fn =
+ od->handlers[VNET_CRYPTO_HANDLER_TYPE_CHAINED];
- if (cm->chained_ops_handlers[opt] == 0)
+ if (fn == 0)
crypto_set_op_status (ops, n_ops,
VNET_CRYPTO_OP_STATUS_FAIL_NO_HANDLER);
else
- rv = (cm->chained_ops_handlers[opt]) (vm, ops, chunks, n_ops);
+ rv = fn (vm, ops, chunks, n_ops);
}
else
{
- if (cm->ops_handlers[opt] == 0)
+ vnet_crypto_simple_op_fn_t *fn =
+ od->handlers[VNET_CRYPTO_HANDLER_TYPE_SIMPLE];
+ if (fn == 0)
crypto_set_op_status (ops, n_ops,
VNET_CRYPTO_OP_STATUS_FAIL_NO_HANDLER);
else
- rv = (cm->ops_handlers[opt]) (vm, ops, n_ops);
+ rv = fn (vm, ops, n_ops);
}
return rv;
}
@@ -141,48 +133,34 @@ vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
}
static_always_inline void
-crypto_set_active_engine (vnet_crypto_op_data_t * od,
- vnet_crypto_op_id_t id, u32 ei,
- crypto_op_class_type_t oct)
+crypto_set_active_engine (vnet_crypto_op_data_t *od, vnet_crypto_op_id_t id,
+ u32 ei, vnet_crypto_handler_type_t t)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *ce = vec_elt_at_index (cm->engines, ei);
- if (oct == CRYPTO_OP_BOTH || oct == CRYPTO_OP_CHAINED)
+ if (ce->ops[id].handlers[t])
{
- if (ce->chained_ops_handlers[id])
- {
- od->active_engine_index_chained = ei;
- cm->chained_ops_handlers[id] = ce->chained_ops_handlers[id];
- }
- }
-
- if (oct == CRYPTO_OP_BOTH || oct == CRYPTO_OP_SIMPLE)
- {
- if (ce->ops_handlers[id])
- {
- od->active_engine_index_simple = ei;
- cm->ops_handlers[id] = ce->ops_handlers[id];
- }
+ od->active_engine_index[t] = ei;
+ cm->opt_data[id].handlers[t] = ce->ops[id].handlers[t];
}
}
int
-vnet_crypto_set_handler2 (char *alg_name, char *engine,
- crypto_op_class_type_t oct)
+vnet_crypto_set_handlers (vnet_crypto_set_handlers_args_t *a)
{
uword *p;
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_alg_data_t *ad;
int i;
- p = hash_get_mem (cm->alg_index_by_name, alg_name);
+ p = hash_get_mem (cm->alg_index_by_name, a->handler_name);
if (!p)
return -1;
- ad = vec_elt_at_index (cm->algs, p[0]);
+ ad = cm->algs + p[0];
- p = hash_get_mem (cm->engine_index_by_name, engine);
+ p = hash_get_mem (cm->engine_index_by_name, a->engine);
if (!p)
return -1;
@@ -194,7 +172,15 @@ vnet_crypto_set_handler2 (char *alg_name, char *engine,
continue;
od = cm->opt_data + id;
- crypto_set_active_engine (od, id, p[0], oct);
+ if (a->set_async)
+ crypto_set_active_engine (od, id, p[0],
+ VNET_CRYPTO_HANDLER_TYPE_ASYNC);
+ if (a->set_simple)
+ crypto_set_active_engine (od, id, p[0],
+ VNET_CRYPTO_HANDLER_TYPE_SIMPLE);
+ if (a->set_chained)
+ crypto_set_active_engine (od, id, p[0],
+ VNET_CRYPTO_HANDLER_TYPE_CHAINED);
}
return 0;
@@ -207,117 +193,109 @@ vnet_crypto_is_set_handler (vnet_crypto_alg_t alg)
vnet_crypto_op_id_t opt = 0;
int i;
- if (alg >= vec_len (cm->algs))
+ if (alg >= ARRAY_LEN (cm->algs))
return 0;
for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
if ((opt = cm->algs[alg].op_by_type[i]) != 0)
break;
- if (opt >= vec_len (cm->ops_handlers))
- return 0;
-
- return NULL != cm->ops_handlers[opt];
+ return NULL != cm->opt_data[opt].handlers[VNET_CRYPTO_HANDLER_TYPE_SIMPLE];
}
void
-vnet_crypto_register_ops_handler_inline (vlib_main_t * vm, u32 engine_index,
+vnet_crypto_register_ops_handler_inline (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * fn,
- vnet_crypto_chained_ops_handler_t *
- cfn)
+ vnet_crypto_simple_op_fn_t *fn,
+ vnet_crypto_chained_op_fn_t *cfn)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *ae, *e = vec_elt_at_index (cm->engines, engine_index);
vnet_crypto_op_data_t *otd = cm->opt_data + opt;
- vec_validate_aligned (cm->ops_handlers, VNET_CRYPTO_N_OP_IDS - 1,
- CLIB_CACHE_LINE_BYTES);
- vec_validate_aligned (cm->chained_ops_handlers, VNET_CRYPTO_N_OP_IDS - 1,
- CLIB_CACHE_LINE_BYTES);
if (fn)
{
- e->ops_handlers[opt] = fn;
- if (otd->active_engine_index_simple == ~0)
+ vnet_crypto_handler_type_t t = VNET_CRYPTO_HANDLER_TYPE_SIMPLE;
+ e->ops[opt].handlers[t] = fn;
+ if (!otd->active_engine_index[t])
{
- otd->active_engine_index_simple = engine_index;
- cm->ops_handlers[opt] = fn;
+ otd->active_engine_index[t] = engine_index;
+ cm->opt_data[opt].handlers[t] = fn;
}
- ae = vec_elt_at_index (cm->engines, otd->active_engine_index_simple);
+ ae = vec_elt_at_index (cm->engines, otd->active_engine_index[t]);
if (ae->priority < e->priority)
- crypto_set_active_engine (otd, opt, engine_index, CRYPTO_OP_SIMPLE);
+ crypto_set_active_engine (otd, opt, engine_index, t);
}
if (cfn)
{
- e->chained_ops_handlers[opt] = cfn;
- if (otd->active_engine_index_chained == ~0)
+ vnet_crypto_handler_type_t t = VNET_CRYPTO_HANDLER_TYPE_CHAINED;
+ e->ops[opt].handlers[t] = cfn;
+ if (otd->active_engine_index[t])
{
- otd->active_engine_index_chained = engine_index;
- cm->chained_ops_handlers[opt] = cfn;
+ otd->active_engine_index[t] = engine_index;
+ cm->opt_data[opt].handlers[t] = cfn;
}
- ae = vec_elt_at_index (cm->engines, otd->active_engine_index_chained);
+ ae = vec_elt_at_index (cm->engines, otd->active_engine_index[t]);
if (ae->priority < e->priority)
- crypto_set_active_engine (otd, opt, engine_index, CRYPTO_OP_CHAINED);
+ crypto_set_active_engine (otd, opt, engine_index, t);
}
return;
}
void
-vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
+vnet_crypto_register_ops_handler (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * fn)
+ vnet_crypto_simple_op_fn_t *fn)
{
vnet_crypto_register_ops_handler_inline (vm, engine_index, opt, fn, 0);
}
void
-vnet_crypto_register_chained_ops_handler (vlib_main_t * vm, u32 engine_index,
+vnet_crypto_register_chained_ops_handler (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_chained_ops_handler_t *
- fn)
+ vnet_crypto_chained_op_fn_t *fn)
{
vnet_crypto_register_ops_handler_inline (vm, engine_index, opt, 0, fn);
}
void
-vnet_crypto_register_ops_handlers (vlib_main_t * vm, u32 engine_index,
+vnet_crypto_register_ops_handlers (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * fn,
- vnet_crypto_chained_ops_handler_t * cfn)
+ vnet_crypto_simple_op_fn_t *fn,
+ vnet_crypto_chained_op_fn_t *cfn)
{
vnet_crypto_register_ops_handler_inline (vm, engine_index, opt, fn, cfn);
}
void
vnet_crypto_register_enqueue_handler (vlib_main_t *vm, u32 engine_index,
- vnet_crypto_async_op_id_t opt,
- vnet_crypto_frame_enqueue_t *enqueue_hdl)
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_frame_enq_fn_t *enqueue_hdl)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *ae, *e = vec_elt_at_index (cm->engines, engine_index);
- vnet_crypto_async_op_data_t *otd = cm->async_opt_data + opt;
- vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS,
- CLIB_CACHE_LINE_BYTES);
+ vnet_crypto_op_data_t *otd = cm->opt_data + opt;
+ vnet_crypto_handler_type_t t = VNET_CRYPTO_HANDLER_TYPE_ASYNC;
if (!enqueue_hdl)
return;
- e->enqueue_handlers[opt] = enqueue_hdl;
- if (otd->active_engine_index_async == ~0)
+ e->ops[opt].handlers[t] = enqueue_hdl;
+ if (!otd->active_engine_index[t])
{
- otd->active_engine_index_async = engine_index;
- cm->enqueue_handlers[opt] = enqueue_hdl;
+ otd->active_engine_index[t] = engine_index;
+ otd->handlers[t] = enqueue_hdl;
}
- ae = vec_elt_at_index (cm->engines, otd->active_engine_index_async);
+ ae = vec_elt_at_index (cm->engines, otd->active_engine_index[t]);
if (ae->priority <= e->priority)
{
- otd->active_engine_index_async = engine_index;
- cm->enqueue_handlers[opt] = enqueue_hdl;
+ otd->active_engine_index[t] = engine_index;
+ otd->handlers[t] = enqueue_hdl;
}
return;
@@ -340,21 +318,23 @@ static void
vnet_crypto_update_cm_dequeue_handlers (void)
{
vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_async_op_data_t *otd;
+ vnet_crypto_op_data_t *otd;
vnet_crypto_engine_t *e;
u32 *active_engines = 0, *ei, last_ei = ~0, i;
vec_reset_length (cm->dequeue_handlers);
- for (i = 0; i < VNET_CRYPTO_ASYNC_OP_N_IDS; i++)
+ for (i = 0; i < VNET_CRYPTO_N_OP_IDS; i++)
{
- otd = cm->async_opt_data + i;
- if (otd->active_engine_index_async == ~0)
+ otd = cm->opt_data + i;
+ if (!otd->active_engine_index[VNET_CRYPTO_HANDLER_TYPE_ASYNC])
continue;
- e = cm->engines + otd->active_engine_index_async;
+ e =
+ cm->engines + otd->active_engine_index[VNET_CRYPTO_HANDLER_TYPE_ASYNC];
if (!e->dequeue_handler)
continue;
- vec_add1 (active_engines, otd->active_engine_index_async);
+ vec_add1 (active_engines,
+ otd->active_engine_index[VNET_CRYPTO_HANDLER_TYPE_ASYNC]);
}
vec_sort_with_function (active_engines, engine_index_cmp);
@@ -392,8 +372,8 @@ vnet_crypto_register_dequeue_handler (vlib_main_t *vm, u32 engine_index,
}
void
-vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
- vnet_crypto_key_handler_t * key_handler)
+vnet_crypto_register_key_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_key_fn_t *key_handler)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *e = vec_elt_at_index (cm->engines, engine_index);
@@ -401,40 +381,6 @@ vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
return;
}
-static int
-vnet_crypto_key_len_check (vnet_crypto_alg_t alg, u16 length)
-{
- switch (alg)
- {
- case VNET_CRYPTO_N_ALGS:
- return 0;
- case VNET_CRYPTO_ALG_NONE:
- return 1;
-
-#define _(n, s, l) \
- case VNET_CRYPTO_ALG_##n: \
- if ((l) == length) \
- return 1; \
- break;
- foreach_crypto_cipher_alg foreach_crypto_aead_alg
-#undef _
- /* HMAC allows any key length */
-#define _(n, s) \
- case VNET_CRYPTO_ALG_HMAC_##n: \
- return 1;
- foreach_crypto_hmac_alg
-#undef _
-
-#define _(n, s) \
- case VNET_CRYPTO_ALG_HASH_##n: \
- return 1;
- foreach_crypto_hash_alg
-#undef _
- }
-
- return 0;
-}
-
u32
vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data,
u16 length)
@@ -443,13 +389,24 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data,
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *engine;
vnet_crypto_key_t *key, **kp;
+ vnet_crypto_alg_data_t *ad = cm->algs + alg;
u32 alloc_sz = sizeof (vnet_crypto_key_t) + round_pow2 (length, 16);
-
u8 need_barrier_sync = 0;
- if (!vnet_crypto_key_len_check (alg, length))
+ ASSERT (alg != 0);
+
+ if (length == 0)
return ~0;
+ if (ad->variable_key_length == 0)
+ {
+ if (ad->key_length == 0)
+ return ~0;
+
+ if (ad->key_length != length)
+ return ~0;
+ }
+
need_barrier_sync = pool_get_will_expand (cm->keys);
/* If the cm->keys will expand, stop the parade. */
if (need_barrier_sync)
@@ -503,7 +460,7 @@ vnet_crypto_key_update (vlib_main_t *vm, vnet_crypto_key_index_t index)
engine->key_op_handler (VNET_CRYPTO_KEY_OP_MODIFY, index);
}
-vnet_crypto_async_alg_t
+vnet_crypto_alg_t
vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
vnet_crypto_alg_t integ_alg)
{
@@ -525,7 +482,7 @@ vnet_crypto_key_add_linked (vlib_main_t * vm,
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_engine_t *engine;
vnet_crypto_key_t *key_crypto, *key_integ, *key, **kp;
- vnet_crypto_async_alg_t linked_alg;
+ vnet_crypto_alg_t linked_alg;
key_crypto = cm->keys[index_crypto];
key_integ = cm->keys[index_integ];
@@ -553,7 +510,7 @@ vnet_crypto_key_add_linked (vlib_main_t * vm,
.is_link = 1,
.index_crypto = index_crypto,
.index_integ = index_integ,
- .async_alg = linked_alg,
+ .alg = linked_alg,
};
vec_foreach (engine, cm->engines)
@@ -563,54 +520,6 @@ vnet_crypto_key_add_linked (vlib_main_t * vm,
return index;
}
-static_always_inline void
-crypto_set_active_async_engine (vnet_crypto_async_op_data_t * od,
- vnet_crypto_async_op_id_t id, u32 ei)
-{
- vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_engine_t *ce = vec_elt_at_index (cm->engines, ei);
-
- if (ce->enqueue_handlers[id] && ce->dequeue_handler)
- {
- od->active_engine_index_async = ei;
- cm->enqueue_handlers[id] = ce->enqueue_handlers[id];
- }
-}
-
-int
-vnet_crypto_set_async_handler2 (char *alg_name, char *engine)
-{
- uword *p;
- vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_async_alg_data_t *ad;
- int i;
-
- p = hash_get_mem (cm->async_alg_index_by_name, alg_name);
- if (!p)
- return -1;
-
- ad = vec_elt_at_index (cm->async_algs, p[0]);
-
- p = hash_get_mem (cm->engine_index_by_name, engine);
- if (!p)
- return -1;
-
- for (i = 0; i < VNET_CRYPTO_ASYNC_OP_N_TYPES; i++)
- {
- vnet_crypto_async_op_data_t *od;
- vnet_crypto_async_op_id_t id = ad->op_by_type[i];
- if (id == 0)
- continue;
-
- od = cm->async_opt_data + id;
- crypto_set_active_async_engine (od, id, p[0]);
- }
-
- vnet_crypto_update_cm_dequeue_handlers ();
-
- return 0;
-}
-
u32
vnet_crypto_register_post_node (vlib_main_t * vm, char *post_node_name)
{
@@ -656,84 +565,6 @@ vnet_crypto_set_async_dispatch (u8 mode, u8 adaptive)
}
}
-int
-vnet_crypto_is_set_async_handler (vnet_crypto_async_op_id_t op)
-{
- vnet_crypto_main_t *cm = &crypto_main;
-
- return (op < vec_len (cm->enqueue_handlers) &&
- NULL != cm->enqueue_handlers[op]);
-}
-
-static void
-vnet_crypto_init_cipher_data (vnet_crypto_alg_t alg, vnet_crypto_op_id_t eid,
- vnet_crypto_op_id_t did, char *name, u8 is_aead)
-{
- vnet_crypto_main_t *cm = &crypto_main;
-
- cm->algs[alg].name = name;
- cm->algs[alg].is_aead = is_aead;
- cm->opt_data[eid].alg = cm->opt_data[did].alg = alg;
- cm->opt_data[eid].active_engine_index_simple = ~0;
- cm->opt_data[did].active_engine_index_simple = ~0;
- cm->opt_data[eid].active_engine_index_chained = ~0;
- cm->opt_data[did].active_engine_index_chained = ~0;
- cm->opt_data[eid].type = VNET_CRYPTO_OP_TYPE_ENCRYPT;
- cm->opt_data[did].type = VNET_CRYPTO_OP_TYPE_DECRYPT;
- cm->algs[alg].op_by_type[VNET_CRYPTO_OP_TYPE_ENCRYPT] = eid;
- cm->algs[alg].op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT] = did;
- hash_set_mem (cm->alg_index_by_name, name, alg);
-}
-
-static void
-vnet_crypto_init_hash_data (vnet_crypto_alg_t alg, vnet_crypto_op_id_t id,
- char *name)
-{
- vnet_crypto_main_t *cm = &crypto_main;
- cm->algs[alg].name = name;
- cm->algs[alg].op_by_type[VNET_CRYPTO_OP_TYPE_HASH] = id;
- cm->opt_data[id].alg = alg;
- cm->opt_data[id].active_engine_index_simple = ~0;
- cm->opt_data[id].active_engine_index_chained = ~0;
- cm->opt_data[id].type = VNET_CRYPTO_OP_TYPE_HASH;
- hash_set_mem (cm->alg_index_by_name, name, alg);
-}
-
-static void
-vnet_crypto_init_hmac_data (vnet_crypto_alg_t alg,
- vnet_crypto_op_id_t id, char *name)
-{
- vnet_crypto_main_t *cm = &crypto_main;
- cm->algs[alg].name = name;
- cm->algs[alg].op_by_type[VNET_CRYPTO_OP_TYPE_HMAC] = id;
- cm->opt_data[id].alg = alg;
- cm->opt_data[id].active_engine_index_simple = ~0;
- cm->opt_data[id].active_engine_index_chained = ~0;
- cm->opt_data[id].type = VNET_CRYPTO_OP_TYPE_HMAC;
- hash_set_mem (cm->alg_index_by_name, name, alg);
-}
-
-static void
-vnet_crypto_init_async_data (vnet_crypto_async_alg_t alg,
- vnet_crypto_async_op_id_t eid,
- vnet_crypto_async_op_id_t did, char *name)
-{
- vnet_crypto_main_t *cm = &crypto_main;
-
- cm->async_algs[alg].name = name;
- cm->async_algs[alg].op_by_type[VNET_CRYPTO_ASYNC_OP_TYPE_ENCRYPT] = eid;
- cm->async_algs[alg].op_by_type[VNET_CRYPTO_ASYNC_OP_TYPE_DECRYPT] = did;
- cm->async_opt_data[eid].type = VNET_CRYPTO_ASYNC_OP_TYPE_ENCRYPT;
- cm->async_opt_data[eid].alg = alg;
- cm->async_opt_data[eid].active_engine_index_async = ~0;
- cm->async_opt_data[eid].active_engine_index_async = ~0;
- cm->async_opt_data[did].type = VNET_CRYPTO_ASYNC_OP_TYPE_DECRYPT;
- cm->async_opt_data[did].alg = alg;
- cm->async_opt_data[did].active_engine_index_async = ~0;
- cm->async_opt_data[did].active_engine_index_async = ~0;
- hash_set_mem (cm->async_alg_index_by_name, name, alg);
-}
-
static void
vnet_crypto_load_engines (vlib_main_t *vm)
{
@@ -851,54 +682,21 @@ vnet_crypto_init (vlib_main_t * vm)
vnet_crypto_main_t *cm = &crypto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
vnet_crypto_thread_t *ct = 0;
+ vnet_crypto_engine_t *p;
+ vec_add2 (cm->engines, p, 1);
cm->engine_index_by_name = hash_create_string ( /* size */ 0,
sizeof (uword));
cm->alg_index_by_name = hash_create_string (0, sizeof (uword));
- cm->async_alg_index_by_name = hash_create_string (0, sizeof (uword));
vec_validate_aligned (cm->threads, tm->n_vlib_mains, CLIB_CACHE_LINE_BYTES);
vec_foreach (ct, cm->threads)
pool_init_fixed (ct->frame_pool, VNET_CRYPTO_FRAME_POOL_SIZE);
- vec_validate (cm->algs, VNET_CRYPTO_N_ALGS);
- vec_validate (cm->async_algs, VNET_CRYPTO_N_ASYNC_ALGS);
-
-#define _(n, s, l) \
- vnet_crypto_init_cipher_data (VNET_CRYPTO_ALG_##n, \
- VNET_CRYPTO_OP_##n##_ENC, \
- VNET_CRYPTO_OP_##n##_DEC, s, 0);
- foreach_crypto_cipher_alg;
-#undef _
-#define _(n, s, l) \
- vnet_crypto_init_cipher_data (VNET_CRYPTO_ALG_##n, \
- VNET_CRYPTO_OP_##n##_ENC, \
- VNET_CRYPTO_OP_##n##_DEC, s, 1);
- foreach_crypto_aead_alg;
-#undef _
-#define _(n, s) \
- vnet_crypto_init_hmac_data (VNET_CRYPTO_ALG_HMAC_##n, \
- VNET_CRYPTO_OP_##n##_HMAC, "hmac-" s);
- foreach_crypto_hmac_alg;
-#undef _
-#define _(n, s) \
- vnet_crypto_init_hash_data (VNET_CRYPTO_ALG_HASH_##n, \
- VNET_CRYPTO_OP_##n##_HASH, s);
- foreach_crypto_hash_alg;
-#undef _
-#define _(n, s, k, t, a) \
- vnet_crypto_init_async_data (VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a, \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC, \
- s);
- foreach_crypto_aead_async_alg
-#undef _
-#define _(c, h, s, k ,d) \
- vnet_crypto_init_async_data (VNET_CRYPTO_ALG_##c##_##h##_TAG##d, \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC, \
- s);
- foreach_crypto_link_async_alg
-#undef _
- cm->crypto_node_index =
+
+ FOREACH_ARRAY_ELT (e, cm->algs)
+ if (e->name)
+ hash_set_mem (cm->alg_index_by_name, e->name, e - cm->algs);
+
+ cm->crypto_node_index =
vlib_get_node_by_name (vm, (u8 *) "crypto-dispatch")->index;
vnet_crypto_load_engines (vm);
@@ -907,11 +705,3 @@ vnet_crypto_init (vlib_main_t * vm)
}
VLIB_INIT_FUNCTION (vnet_crypto_init);
-
-/*
- * fd.io coding-style-patch-verification: ON
- *
- * Local Variables:
- * eval: (c-set-style "gnu")
- * End:
- */
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index daaff8e0333..ae959251603 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -21,42 +21,35 @@
#define VNET_CRYPTO_FRAME_SIZE 64
#define VNET_CRYPTO_FRAME_POOL_SIZE 1024
-/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
-#define foreach_crypto_cipher_alg \
- _(DES_CBC, "des-cbc", 7) \
- _(3DES_CBC, "3des-cbc", 24) \
- _(AES_128_CBC, "aes-128-cbc", 16) \
- _(AES_192_CBC, "aes-192-cbc", 24) \
- _(AES_256_CBC, "aes-256-cbc", 32) \
- _(AES_128_CTR, "aes-128-ctr", 16) \
- _(AES_192_CTR, "aes-192-ctr", 24) \
- _(AES_256_CTR, "aes-256-ctr", 32)
-
-/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
+/* CRYPTO_ID, PRETTY_NAME, ARGS*/
+#define foreach_crypto_cipher_alg \
+ _ (DES_CBC, "des-cbc", .key_length = 7) \
+ _ (3DES_CBC, "3des-cbc", .key_length = 24) \
+ _ (AES_128_CBC, "aes-128-cbc", .key_length = 16) \
+ _ (AES_192_CBC, "aes-192-cbc", .key_length = 24) \
+ _ (AES_256_CBC, "aes-256-cbc", .key_length = 32) \
+ _ (AES_128_CTR, "aes-128-ctr", .key_length = 16) \
+ _ (AES_192_CTR, "aes-192-ctr", .key_length = 24) \
+ _ (AES_256_CTR, "aes-256-ctr", .key_length = 32)
+
+/* CRYPTO_ID, PRETTY_NAME, ARGS */
#define foreach_crypto_aead_alg \
- _ (AES_128_GCM, "aes-128-gcm", 16) \
- _ (AES_192_GCM, "aes-192-gcm", 24) \
- _ (AES_256_GCM, "aes-256-gcm", 32) \
- _ (AES_128_NULL_GMAC, "aes-128-null-gmac", 16) \
- _ (AES_192_NULL_GMAC, "aes-192-null-gmac", 24) \
- _ (AES_256_NULL_GMAC, "aes-256-null-gmac", 32) \
- _ (CHACHA20_POLY1305, "chacha20-poly1305", 32)
+ _ (AES_128_GCM, "aes-128-gcm", .is_aead = 1, .key_length = 16) \
+ _ (AES_192_GCM, "aes-192-gcm", .is_aead = 1, .key_length = 24) \
+ _ (AES_256_GCM, "aes-256-gcm", .is_aead = 1, .key_length = 32) \
+ _ (AES_128_NULL_GMAC, "aes-128-null-gmac", .is_aead = 1, .key_length = 16) \
+ _ (AES_192_NULL_GMAC, "aes-192-null-gmac", .is_aead = 1, .key_length = 24) \
+ _ (AES_256_NULL_GMAC, "aes-256-null-gmac", .is_aead = 1, .key_length = 32) \
+ _ (CHACHA20_POLY1305, "chacha20-poly1305", .is_aead = 1, .key_length = 32)
#define foreach_crypto_hash_alg \
+ _ (MD5, "md5") \
_ (SHA1, "sha-1") \
_ (SHA224, "sha-224") \
_ (SHA256, "sha-256") \
_ (SHA384, "sha-384") \
_ (SHA512, "sha-512")
-#define foreach_crypto_hmac_alg \
- _(MD5, "md5") \
- _(SHA1, "sha-1") \
- _(SHA224, "sha-224") \
- _(SHA256, "sha-256") \
- _(SHA384, "sha-384") \
- _(SHA512, "sha-512")
-
#define foreach_crypto_op_type \
_ (ENCRYPT, "encrypt") \
_ (DECRYPT, "decrypt") \
@@ -98,7 +91,7 @@ typedef enum
_ (AES_256_NULL_GMAC, "aes-256-null-gmac-aad12", 32, 16, 12) \
_ (CHACHA20_POLY1305, "chacha20-poly1305-aad8", 32, 16, 8) \
_ (CHACHA20_POLY1305, "chacha20-poly1305-aad12", 32, 16, 12) \
- _ (CHACHA20_POLY1305, "chacha20-poly1305", 32, 16, 0)
+ _ (CHACHA20_POLY1305, "chacha20-poly1305-aad0", 32, 16, 0)
/* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */
#define foreach_crypto_link_async_alg \
@@ -130,10 +123,6 @@ typedef enum
_ (AES_192_CTR, SHA1, "aes-192-ctr-hmac-sha-1", 24, 12) \
_ (AES_256_CTR, SHA1, "aes-256-ctr-hmac-sha-1", 32, 12)
-#define foreach_crypto_async_op_type \
- _(ENCRYPT, "async-encrypt") \
- _(DECRYPT, "async-decrypt")
-
typedef enum
{
VNET_CRYPTO_KEY_OP_ADD,
@@ -152,72 +141,35 @@ typedef enum
typedef enum
{
VNET_CRYPTO_ALG_NONE = 0,
-#define _(n, s, l) VNET_CRYPTO_ALG_##n,
+#define _(n, s, ...) VNET_CRYPTO_ALG_##n,
foreach_crypto_cipher_alg foreach_crypto_aead_alg
#undef _
-#define _(n, s) VNET_CRYPTO_ALG_HMAC_##n,
- foreach_crypto_hmac_alg
-#undef _
-#define _(n, s) VNET_CRYPTO_ALG_HASH_##n,
- foreach_crypto_hash_alg
-#undef _
- VNET_CRYPTO_N_ALGS,
-} vnet_crypto_alg_t;
-
-typedef enum
-{
-#define _(n, s) VNET_CRYPTO_ASYNC_OP_TYPE_##n,
- foreach_crypto_async_op_type
+#define _(n, s) VNET_CRYPTO_ALG_HASH_##n, VNET_CRYPTO_ALG_HMAC_##n,
+ foreach_crypto_hash_alg
#undef _
- VNET_CRYPTO_ASYNC_OP_N_TYPES,
-} vnet_crypto_async_op_type_t;
-
-typedef enum
-{
- VNET_CRYPTO_ASYNC_ALG_NONE = 0,
#define _(n, s, k, t, a) \
VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a,
- foreach_crypto_aead_async_alg
+ foreach_crypto_aead_async_alg
#undef _
#define _(c, h, s, k ,d) \
VNET_CRYPTO_ALG_##c##_##h##_TAG##d,
- foreach_crypto_link_async_alg
-#undef _
- VNET_CRYPTO_N_ASYNC_ALGS,
-} vnet_crypto_async_alg_t;
-
-typedef enum
-{
- VNET_CRYPTO_ASYNC_OP_NONE = 0,
-#define _(n, s, k, t, a) \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC,
- foreach_crypto_aead_async_alg
-#undef _
-#define _(c, h, s, k ,d) \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC,
- foreach_crypto_link_async_alg
+ foreach_crypto_link_async_alg
#undef _
- VNET_CRYPTO_ASYNC_OP_N_IDS,
-} vnet_crypto_async_op_id_t;
+ VNET_CRYPTO_N_ALGS,
+} vnet_crypto_alg_t;
typedef struct
{
u32 index;
u16 length;
u8 is_link : 1;
+ vnet_crypto_alg_t alg : 8;
union
{
struct
{
- vnet_crypto_alg_t alg:8;
- };
- struct
- {
u32 index_crypto;
u32 index_integ;
- vnet_crypto_async_alg_t async_alg:8;
};
};
u8 data[];
@@ -226,29 +178,31 @@ typedef struct
typedef enum
{
VNET_CRYPTO_OP_NONE = 0,
-#define _(n, s, l) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
+#define _(n, s, ...) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
foreach_crypto_cipher_alg foreach_crypto_aead_alg
#undef _
-#define _(n, s) VNET_CRYPTO_OP_##n##_HMAC,
- foreach_crypto_hmac_alg
+#define _(n, s) VNET_CRYPTO_OP_##n##_HASH, VNET_CRYPTO_OP_##n##_HMAC,
+ foreach_crypto_hash_alg
#undef _
-#define _(n, s) VNET_CRYPTO_OP_##n##_HASH,
- foreach_crypto_hash_alg
+#define _(n, s, k, t, a) \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC,
+ foreach_crypto_aead_async_alg
#undef _
- VNET_CRYPTO_N_OP_IDS,
-} vnet_crypto_op_id_t;
-
-typedef enum
-{
- CRYPTO_OP_SIMPLE,
- CRYPTO_OP_CHAINED,
- CRYPTO_OP_BOTH,
-} crypto_op_class_type_t;
+#define _(c, h, s, k, d) \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC,
+ foreach_crypto_link_async_alg
+#undef _
+ VNET_CRYPTO_N_OP_IDS,
+} __clib_packed vnet_crypto_op_id_t;
typedef struct
{
char *name;
+ u16 key_length;
u8 is_aead : 1;
+ u8 variable_key_length : 1;
vnet_crypto_op_id_t op_by_type[VNET_CRYPTO_OP_N_TYPES];
} vnet_crypto_alg_data_t;
@@ -263,7 +217,7 @@ typedef struct
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
uword user_data;
- vnet_crypto_op_id_t op:16;
+ vnet_crypto_op_id_t op;
vnet_crypto_op_status_t status:8;
u8 flags;
#define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 0)
@@ -308,26 +262,19 @@ typedef struct
STATIC_ASSERT_SIZEOF (vnet_crypto_op_t, CLIB_CACHE_LINE_BYTES);
-typedef struct
-{
- vnet_crypto_op_type_t type;
- vnet_crypto_alg_t alg;
- u32 active_engine_index_simple;
- u32 active_engine_index_chained;
-} vnet_crypto_op_data_t;
+#define foreach_crypto_handler_type \
+ _ (SIMPLE, "simple") \
+ _ (CHAINED, "chained") \
+ _ (ASYNC, "async")
-typedef struct
+typedef enum
{
- vnet_crypto_async_op_type_t type;
- vnet_crypto_async_alg_t alg;
- u32 active_engine_index_async;
-} vnet_crypto_async_op_data_t;
+#define _(n, s) VNET_CRYPTO_HANDLER_TYPE_##n,
+ foreach_crypto_handler_type
+#undef _
+ VNET_CRYPTO_HANDLER_N_TYPES
-typedef struct
-{
- char *name;
- vnet_crypto_async_op_id_t op_by_type[VNET_CRYPTO_ASYNC_OP_N_TYPES];
-} vnet_crypto_async_alg_data_t;
+} vnet_crypto_handler_type_t;
typedef struct
{
@@ -365,7 +312,7 @@ typedef struct
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
vnet_crypto_async_frame_state_t state;
- vnet_crypto_async_op_id_t op:8;
+ vnet_crypto_op_id_t op : 8;
u16 n_elts;
vnet_crypto_async_frame_elt_t elts[VNET_CRYPTO_FRAME_SIZE];
u32 buffer_indices[VNET_CRYPTO_FRAME_SIZE];
@@ -383,21 +330,20 @@ typedef struct
typedef u32 vnet_crypto_key_index_t;
-typedef u32 (vnet_crypto_chained_ops_handler_t) (vlib_main_t * vm,
- vnet_crypto_op_t * ops[],
- vnet_crypto_op_chunk_t *
- chunks, u32 n_ops);
+typedef u32 (vnet_crypto_chained_op_fn_t) (vlib_main_t *vm,
+ vnet_crypto_op_t *ops[],
+ vnet_crypto_op_chunk_t *chunks,
+ u32 n_ops);
-typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm,
- vnet_crypto_op_t * ops[], u32 n_ops);
+typedef u32 (vnet_crypto_simple_op_fn_t) (vlib_main_t *vm,
+ vnet_crypto_op_t *ops[], u32 n_ops);
-typedef void (vnet_crypto_key_handler_t) (vnet_crypto_key_op_t kop,
- vnet_crypto_key_index_t idx);
+typedef void (vnet_crypto_key_fn_t) (vnet_crypto_key_op_t kop,
+ vnet_crypto_key_index_t idx);
/** async crypto function handlers **/
-typedef int
- (vnet_crypto_frame_enqueue_t) (vlib_main_t * vm,
- vnet_crypto_async_frame_t * frame);
+typedef int (vnet_crypto_frame_enq_fn_t) (vlib_main_t *vm,
+ vnet_crypto_async_frame_t *frame);
typedef vnet_crypto_async_frame_t *
(vnet_crypto_frame_dequeue_t) (vlib_main_t * vm, u32 * nb_elts_processed,
u32 * enqueue_thread_idx);
@@ -406,32 +352,29 @@ u32
vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
char *desc);
-void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
+void vnet_crypto_register_ops_handler (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * oph);
+ vnet_crypto_simple_op_fn_t *oph);
-void vnet_crypto_register_chained_ops_handler (vlib_main_t * vm,
- u32 engine_index,
- vnet_crypto_op_id_t opt,
- vnet_crypto_chained_ops_handler_t
- * oph);
+void
+vnet_crypto_register_chained_ops_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_chained_op_fn_t *oph);
-void vnet_crypto_register_ops_handlers (vlib_main_t * vm, u32 engine_index,
+void vnet_crypto_register_ops_handlers (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * fn,
- vnet_crypto_chained_ops_handler_t *
- cfn);
+ vnet_crypto_simple_op_fn_t *fn,
+ vnet_crypto_chained_op_fn_t *cfn);
-void vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
- vnet_crypto_key_handler_t * keyh);
+void vnet_crypto_register_key_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_key_fn_t *keyh);
/** async crypto register functions */
u32 vnet_crypto_register_post_node (vlib_main_t * vm, char *post_node_name);
-void
-vnet_crypto_register_enqueue_handler (vlib_main_t *vm, u32 engine_index,
- vnet_crypto_async_op_id_t opt,
- vnet_crypto_frame_enqueue_t *enq_fn);
+void vnet_crypto_register_enqueue_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_frame_enq_fn_t *enq_fn);
void
vnet_crypto_register_dequeue_handler (vlib_main_t *vm, u32 engine_index,
@@ -439,14 +382,16 @@ vnet_crypto_register_dequeue_handler (vlib_main_t *vm, u32 engine_index,
typedef struct
{
+ void *handlers[VNET_CRYPTO_HANDLER_N_TYPES];
+} vnet_crypto_engine_op_t;
+
+typedef struct
+{
char *name;
char *desc;
int priority;
- vnet_crypto_key_handler_t *key_op_handler;
- vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_chained_ops_handler_t
- * chained_ops_handlers[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_frame_enqueue_t *enqueue_handlers[VNET_CRYPTO_ASYNC_OP_N_IDS];
+ vnet_crypto_engine_op_t ops[VNET_CRYPTO_N_OP_IDS];
+ vnet_crypto_key_fn_t *key_op_handler;
vnet_crypto_frame_dequeue_t *dequeue_handler;
} vnet_crypto_engine_t;
@@ -458,20 +403,22 @@ typedef struct
typedef struct
{
- vnet_crypto_alg_data_t *algs;
+ vnet_crypto_op_type_t type;
+ vnet_crypto_alg_t alg;
+ u8 active_engine_index[VNET_CRYPTO_HANDLER_N_TYPES];
+ void *handlers[VNET_CRYPTO_HANDLER_N_TYPES];
+} vnet_crypto_op_data_t;
+
+typedef struct
+{
+ vnet_crypto_alg_data_t algs[VNET_CRYPTO_N_ALGS];
vnet_crypto_thread_t *threads;
- vnet_crypto_ops_handler_t **ops_handlers;
- vnet_crypto_chained_ops_handler_t **chained_ops_handlers;
- vnet_crypto_frame_enqueue_t **enqueue_handlers;
vnet_crypto_frame_dequeue_t **dequeue_handlers;
vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_async_op_data_t async_opt_data[VNET_CRYPTO_ASYNC_OP_N_IDS];
vnet_crypto_engine_t *engines;
vnet_crypto_key_t **keys;
uword *engine_index_by_name;
uword *alg_index_by_name;
- uword *async_alg_index_by_name;
- vnet_crypto_async_alg_data_t *async_algs;
vnet_crypto_async_next_node_t *next_nodes;
u32 crypto_node_index;
} vnet_crypto_main_t;
@@ -485,8 +432,17 @@ u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
u32 n_ops);
void vnet_crypto_set_async_dispatch (u8 mode, u8 adaptive);
-int vnet_crypto_set_handler2 (char *ops_handler_name, char *engine,
- crypto_op_class_type_t oct);
+
+typedef struct
+{
+ char *handler_name;
+ char *engine;
+ u8 set_simple : 1;
+ u8 set_chained : 1;
+ u8 set_async : 1;
+} vnet_crypto_set_handlers_args_t;
+
+int vnet_crypto_set_handlers (vnet_crypto_set_handlers_args_t *);
int vnet_crypto_is_set_handler (vnet_crypto_alg_t alg);
u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg,
@@ -502,12 +458,8 @@ u32 vnet_crypto_key_add_linked (vlib_main_t * vm,
vnet_crypto_key_index_t index_crypto,
vnet_crypto_key_index_t index_integ);
-int vnet_crypto_set_async_handler2 (char *alg_name, char *engine);
-
-int vnet_crypto_is_set_async_handler (vnet_crypto_async_op_id_t opt);
-
-vnet_crypto_async_alg_t vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
- vnet_crypto_alg_t integ_alg);
+vnet_crypto_alg_t vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
+ vnet_crypto_alg_t integ_alg);
format_function_t format_vnet_crypto_alg;
format_function_t format_vnet_crypto_engine;
@@ -516,10 +468,6 @@ format_function_t format_vnet_crypto_op_type;
format_function_t format_vnet_crypto_op_status;
unformat_function_t unformat_vnet_crypto_alg;
-format_function_t format_vnet_crypto_async_op;
-format_function_t format_vnet_crypto_async_alg;
-format_function_t format_vnet_crypto_async_op_type;
-
static_always_inline void
vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type)
{
@@ -547,16 +495,10 @@ vnet_crypto_get_key (vnet_crypto_key_index_t index)
return cm->keys[index];
}
-static_always_inline int
-vnet_crypto_set_handler (char *alg_name, char *engine)
-{
- return vnet_crypto_set_handler2 (alg_name, engine, CRYPTO_OP_BOTH);
-}
-
/** async crypto inline functions **/
static_always_inline vnet_crypto_async_frame_t *
-vnet_crypto_async_get_frame (vlib_main_t * vm, vnet_crypto_async_op_id_t opt)
+vnet_crypto_async_get_frame (vlib_main_t *vm, vnet_crypto_op_id_t opt)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_thread_t *ct = cm->threads + vm->thread_index;
@@ -591,19 +533,22 @@ vnet_crypto_async_submit_open_frame (vlib_main_t * vm,
{
vnet_crypto_main_t *cm = &crypto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
+ vnet_crypto_op_id_t op = frame->op;
+ vnet_crypto_frame_enq_fn_t *fn =
+ cm->opt_data[op].handlers[VNET_CRYPTO_HANDLER_TYPE_ASYNC];
u32 i;
vlib_node_t *n;
frame->state = VNET_CRYPTO_FRAME_STATE_PENDING;
frame->enqueue_thread_index = vm->thread_index;
- if (PREDICT_FALSE (cm->enqueue_handlers == NULL))
+ if (PREDICT_FALSE (fn == 0))
{
frame->state = VNET_CRYPTO_FRAME_STATE_ELT_ERROR;
return -1;
}
- int ret = (cm->enqueue_handlers[frame->op]) (vm, frame);
+ int ret = fn (vm, frame);
if (PREDICT_TRUE (ret == 0))
{
@@ -655,7 +600,7 @@ vnet_crypto_async_add_to_frame (vlib_main_t *vm, vnet_crypto_async_frame_t *f,
static_always_inline void
vnet_crypto_async_reset_frame (vnet_crypto_async_frame_t * f)
{
- vnet_crypto_async_op_id_t opt;
+ vnet_crypto_op_id_t opt;
ASSERT (f != 0);
ASSERT ((f->state == VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED
|| f->state == VNET_CRYPTO_FRAME_STATE_ELT_ERROR));
diff --git a/src/vnet/crypto/crypto_api.c b/src/vnet/crypto/crypto_api.c
index e701864a5ba..e7322cdd553 100644
--- a/src/vnet/crypto/crypto_api.c
+++ b/src/vnet/crypto/crypto_api.c
@@ -68,18 +68,23 @@ vl_api_crypto_set_handler_t_handler (vl_api_crypto_set_handler_t * mp)
{
vl_api_crypto_set_handler_reply_t *rmp;
int rv = 0;
- char *engine;
- char *alg_name;
- crypto_op_class_type_t oct;
-
- engine = (char *) mp->engine;
- alg_name = (char *) mp->alg_name;
- oct = (crypto_op_class_type_t) mp->oct;
-
- if (mp->is_async)
- rv = vnet_crypto_set_async_handler2 (alg_name, engine);
- else
- rv = vnet_crypto_set_handler2 (alg_name, engine, oct);
+
+ enum
+ {
+ CRYPTO_OP_SIMPLE,
+ CRYPTO_OP_CHAINED,
+ CRYPTO_OP_BOTH,
+ } oct = (typeof (oct)) mp->oct;
+
+ vnet_crypto_set_handlers_args_t args = {
+ .engine = (char *) mp->engine,
+ .handler_name = (char *) mp->alg_name,
+ .set_async = mp->is_async != 0,
+ .set_simple = oct == CRYPTO_OP_SIMPLE || oct == CRYPTO_OP_BOTH,
+ .set_chained = oct == CRYPTO_OP_CHAINED || oct == CRYPTO_OP_BOTH,
+ };
+
+ rv = vnet_crypto_set_handlers (&args);
REPLY_MACRO (VL_API_CRYPTO_SET_HANDLER_REPLY);
}
diff --git a/src/vnet/crypto/engine.h b/src/vnet/crypto/engine.h
index 993befb393a..517b6ec3457 100644
--- a/src/vnet/crypto/engine.h
+++ b/src/vnet/crypto/engine.h
@@ -12,8 +12,8 @@ typedef unsigned int u32;
typedef struct
{
vnet_crypto_op_id_t opt;
- vnet_crypto_ops_handler_t *fn;
- vnet_crypto_chained_ops_handler_t *cfn;
+ vnet_crypto_simple_op_fn_t *fn;
+ vnet_crypto_chained_op_fn_t *cfn;
} vnet_crypto_engine_op_handlers_t;
struct vnet_crypto_engine_registration;
@@ -31,7 +31,7 @@ typedef struct vnet_crypto_engine_registration
u32 num_threads;
void *per_thread_data;
vnet_crypto_engine_init_fn_t *init_fn;
- vnet_crypto_key_handler_t *key_handler;
+ vnet_crypto_key_fn_t *key_handler;
vnet_crypto_engine_op_handlers_t *op_handlers;
} vnet_crypto_engine_registration_t;
diff --git a/src/vnet/crypto/format.c b/src/vnet/crypto/format.c
index c503ac81663..cfcee2f4572 100644
--- a/src/vnet/crypto/format.c
+++ b/src/vnet/crypto/format.c
@@ -22,7 +22,7 @@ format_vnet_crypto_alg (u8 * s, va_list * args)
{
vnet_crypto_alg_t alg = va_arg (*args, vnet_crypto_alg_t);
vnet_crypto_main_t *cm = &crypto_main;
- vnet_crypto_alg_data_t *d = vec_elt_at_index (cm->algs, alg);
+ vnet_crypto_alg_data_t *d = cm->algs + alg;
return format (s, "%s", d->name);
}
@@ -105,6 +105,7 @@ format_vnet_crypto_engine (u8 * s, va_list * args)
return format (s, "%s", e->name);
}
+#if 0
u8 *
format_vnet_crypto_async_op_type (u8 * s, va_list * args)
{
@@ -125,7 +126,7 @@ format_vnet_crypto_async_op_type (u8 * s, va_list * args)
u8 *
format_vnet_crypto_async_alg (u8 * s, va_list * args)
{
- vnet_crypto_async_alg_t alg = va_arg (*args, vnet_crypto_async_alg_t);
+ vnet_crypto_alg_t alg = va_arg (*args, vnet_crypto_alg_t);
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_async_alg_data_t *d = vec_elt_at_index (cm->async_algs, alg);
return format (s, "%s", d->name);
@@ -141,6 +142,7 @@ format_vnet_crypto_async_op (u8 * s, va_list * args)
return format (s, "%U-%U", format_vnet_crypto_async_op_type, otd->type,
format_vnet_crypto_async_alg, otd->alg);
}
+#endif
/*
* fd.io coding-style-patch-verification: ON
diff --git a/src/vnet/crypto/main.c b/src/vnet/crypto/main.c
new file mode 100644
index 00000000000..4f00e9b5c62
--- /dev/null
+++ b/src/vnet/crypto/main.c
@@ -0,0 +1,108 @@
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2025 Cisco Systems, Inc.
+ */
+
+#include <vlib/vlib.h>
+#include <vnet/crypto/crypto.h>
+#include <vnet/crypto/engine.h>
+
+vnet_crypto_main_t crypto_main =
+{
+ .algs = {
+#define _(n, s, ...) \
+ [VNET_CRYPTO_ALG_##n] = { \
+ .name = (s), \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_ENCRYPT] = VNET_CRYPTO_OP_##n##_ENC, \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT] = VNET_CRYPTO_OP_##n##_DEC, \
+ __VA_ARGS__, \
+ },
+ foreach_crypto_cipher_alg foreach_crypto_aead_alg
+#undef _
+
+#define _(n, s) \
+ [VNET_CRYPTO_ALG_HASH_##n] = { \
+ .name = (s), \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_HASH] = VNET_CRYPTO_OP_##n##_HASH, \
+ }, \
+ [VNET_CRYPTO_ALG_HMAC_##n] = { \
+ .name = ("hmac-" s), \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_HMAC] = VNET_CRYPTO_OP_##n##_HMAC, \
+ .variable_key_length = 1, \
+ },
+ foreach_crypto_hash_alg
+#undef _
+
+#define _(n, s, k, t, a) \
+ [VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a] = { \
+ .name = (s), \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_ENCRYPT] = \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT] = \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC, \
+ },
+ foreach_crypto_aead_async_alg
+#undef _
+
+#define _(c, h, s, k, d) \
+ [VNET_CRYPTO_ALG_##c##_##h##_TAG##d] = { \
+ .name = (s), \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_ENCRYPT] = \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
+ .op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT] = \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC, \
+ },
+ foreach_crypto_link_async_alg
+#undef _
+
+ },
+ .opt_data = {
+#define _(n, s, ...) \
+ [VNET_CRYPTO_OP_##n##_ENC] = { \
+ .alg = VNET_CRYPTO_ALG_##n, \
+ .type = VNET_CRYPTO_OP_TYPE_ENCRYPT, \
+ }, \
+ [VNET_CRYPTO_OP_##n##_DEC] = { \
+ .alg = VNET_CRYPTO_ALG_##n, \
+ .type = VNET_CRYPTO_OP_TYPE_DECRYPT, \
+ },
+ foreach_crypto_cipher_alg foreach_crypto_aead_alg
+#undef _
+
+#define _(n, s) \
+ [VNET_CRYPTO_OP_##n##_HASH] = { \
+ .alg = VNET_CRYPTO_ALG_HASH_##n, \
+ .type = VNET_CRYPTO_OP_TYPE_HASH, \
+ }, \
+ [VNET_CRYPTO_OP_##n##_HMAC] = { \
+ .alg = VNET_CRYPTO_ALG_HMAC_##n, \
+ .type = VNET_CRYPTO_OP_TYPE_HMAC, \
+ },
+ foreach_crypto_hash_alg
+#undef _
+
+#define _(n, s, k, t, a) \
+ [VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC] = { \
+ .alg = VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a, \
+ .type = VNET_CRYPTO_OP_TYPE_ENCRYPT, \
+ }, \
+ [VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC] = { \
+ .alg = VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a, \
+ .type = VNET_CRYPTO_OP_TYPE_DECRYPT, \
+ },
+ foreach_crypto_aead_async_alg
+#undef _
+
+#define _(c, h, s, k, d) \
+ [VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC] = { \
+ .alg = VNET_CRYPTO_ALG_##c##_##h##_TAG##d, \
+ .type = VNET_CRYPTO_OP_TYPE_ENCRYPT, \
+ } , \
+ [VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC] = { \
+ .alg = VNET_CRYPTO_ALG_##c##_##h##_TAG##d, \
+ .type = VNET_CRYPTO_OP_TYPE_DECRYPT, \
+ },
+ foreach_crypto_link_async_alg
+#undef _
+
+ },
+};
diff --git a/src/vnet/crypto/node.c b/src/vnet/crypto/node.c
index ee7f344ce68..7d023f3ff9d 100644
--- a/src/vnet/crypto/node.c
+++ b/src/vnet/crypto/node.c
@@ -45,7 +45,7 @@ typedef enum
typedef struct
{
vnet_crypto_op_status_t op_status;
- vnet_crypto_async_op_id_t op;
+ vnet_crypto_op_id_t op;
} crypto_dispatch_trace_t;
static u8 *
@@ -55,15 +55,14 @@ format_crypto_dispatch_trace (u8 * s, va_list * args)
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
crypto_dispatch_trace_t *t = va_arg (*args, crypto_dispatch_trace_t *);
- s = format (s, "%U: %U", format_vnet_crypto_async_op, t->op,
+ s = format (s, "%U: %U", format_vnet_crypto_op, t->op,
format_vnet_crypto_op_status, t->op_status);
return s;
}
static void
-vnet_crypto_async_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
- vlib_buffer_t * b,
- vnet_crypto_async_op_id_t op_id,
+vnet_crypto_async_add_trace (vlib_main_t *vm, vlib_node_runtime_t *node,
+ vlib_buffer_t *b, vnet_crypto_op_id_t op_id,
vnet_crypto_op_status_t status)
{
crypto_dispatch_trace_t *tr = vlib_add_trace (vm, node, b, sizeof (*tr));
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 01b2d2971b0..6384bb927a8 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -1104,8 +1104,8 @@ esp_decrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
ipsec_sa_t *sa0 = 0;
bool anti_replay_result;
int is_async = im->async_mode;
- vnet_crypto_async_op_id_t async_op = ~0;
- vnet_crypto_async_frame_t *async_frames[VNET_CRYPTO_ASYNC_OP_N_IDS];
+ vnet_crypto_op_id_t async_op = ~0;
+ vnet_crypto_async_frame_t *async_frames[VNET_CRYPTO_N_OP_IDS];
esp_decrypt_error_t err;
vlib_get_buffers (vm, from, b, n_left);
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index f6d1ecaed24..4338cb01e5d 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -625,9 +625,9 @@ esp_encrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_buffer_t *lb;
vnet_crypto_op_t **crypto_ops = &ptd->crypto_ops;
vnet_crypto_op_t **integ_ops = &ptd->integ_ops;
- vnet_crypto_async_frame_t *async_frames[VNET_CRYPTO_ASYNC_OP_N_IDS];
+ vnet_crypto_async_frame_t *async_frames[VNET_CRYPTO_N_OP_IDS];
int is_async = im->async_mode;
- vnet_crypto_async_op_id_t async_op = ~0;
+ vnet_crypto_op_id_t async_op = ~0;
u16 drop_next =
(lt == VNET_LINK_IP6 ? ESP_ENCRYPT_NEXT_DROP6 :
(lt == VNET_LINK_IP4 ? ESP_ENCRYPT_NEXT_DROP4 :
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index dfa2bf6b23f..d37d89d5e3e 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -161,7 +161,7 @@ ipsec_sa_set_async_op_ids (ipsec_sa_t * sa)
{
if (ipsec_sa_is_set_USE_ESN (sa))
{
-#define _(n, s, k) \
+#define _(n, s, ...) \
if (sa->crypto_sync_enc_op_id == VNET_CRYPTO_OP_##n##_ENC) \
sa->crypto_async_enc_op_id = VNET_CRYPTO_OP_##n##_TAG16_AAD12_ENC; \
if (sa->crypto_sync_dec_op_id == VNET_CRYPTO_OP_##n##_DEC) \
@@ -171,7 +171,7 @@ ipsec_sa_set_async_op_ids (ipsec_sa_t * sa)
}
else
{
-#define _(n, s, k) \
+#define _(n, s, ...) \
if (sa->crypto_sync_enc_op_id == VNET_CRYPTO_OP_##n##_ENC) \
sa->crypto_async_enc_op_id = VNET_CRYPTO_OP_##n##_TAG16_AAD8_ENC; \
if (sa->crypto_sync_dec_op_id == VNET_CRYPTO_OP_##n##_DEC) \