summaryrefslogtreecommitdiffstats
path: root/src/plugins/ipsecmb/ipsecmb.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/ipsecmb/ipsecmb.c')
-rw-r--r--src/plugins/ipsecmb/ipsecmb.c322
1 files changed, 0 insertions, 322 deletions
diff --git a/src/plugins/ipsecmb/ipsecmb.c b/src/plugins/ipsecmb/ipsecmb.c
deleted file mode 100644
index 17b8fb8ce3d..00000000000
--- a/src/plugins/ipsecmb/ipsecmb.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * init.c : ipsecmb common code
- *
- * Copyright (c) 2015 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <vnet/plugin/plugin.h>
-#include <vpp/app/version.h>
-#include <ipsecmb/ipsecmb.h>
-ipsecmb_main_t ipsecmb_main;
-
-int
-sa_expand_keys (u32 sa_index)
-{
- ipsecmb_main_t *imbm = &ipsecmb_main;
- ipsec_sa_t *sa = pool_elt_at_index (ipsec_main.sad, sa_index);
- ipsecmb_sa_t *samb = pool_elt_at_index (imbm->sad, sa_index);
- if (sa->crypto_key_len > 0)
- {
- const keyexp_t keyexp_fn = imbm->crypto_algs[sa->crypto_alg].keyexp_fn;
- keyexp_fn (sa->crypto_key, samb->aes_enc_key_expanded,
- samb->aes_dec_key_expanded);
- }
- if (sa->integ_key_len > 0)
- {
- const u8 block_size = imbm->integ_algs[sa->integ_alg].block_size;
- const hash_one_block_t hash_one_block_fn =
- imbm->integ_algs[sa->integ_alg].hash_one_block_fn;
- u8 buf[block_size];
- int i = 0;
- if (sa->integ_key_len > block_size)
- {
- return VNET_API_ERROR_SYSCALL_ERROR_1; // FIXME use correct value
- }
- memset (buf, 0x36, sizeof (buf));
- for (i = 0; i < sa->integ_key_len; i++)
- {
- buf[i] ^= sa->integ_key[i];
- }
- hash_one_block_fn (buf, samb->ipad_hash);
-
- memset (buf, 0x5c, sizeof (buf));
- for (i = 0; i < sa->integ_key_len; i++)
- {
- buf[i] ^= sa->integ_key[i];
- }
- hash_one_block_fn (buf, samb->opad_hash);
- }
- return 0;
-}
-
-static clib_error_t *
-ipsecmb_add_del_sa_session (u32 sa_index, u8 is_add)
-{
- ipsecmb_main_t *imbm = &ipsecmb_main;
- if (is_add)
- {
- ipsecmb_sa_t *samb = NULL;
- pool_get (imbm->sad, samb);
- ASSERT (samb == pool_elt_at_index (imbm->sad, sa_index));
- sa_expand_keys (sa_index);
- }
- else
- {
- pool_put_index (imbm->sad, sa_index);
- }
- return 0;
-}
-
-clib_error_t *
-ipsecmb_check_esp_support (ipsec_sa_t * sa)
-{
- switch (sa->crypto_alg)
- {
- case IPSEC_CRYPTO_ALG_NONE:
- break;
- case IPSEC_CRYPTO_ALG_DES_CBC:
- case IPSEC_CRYPTO_ALG_3DES_CBC:
- return clib_error_return (0, "unsupported (3)des crypto-alg");
- case IPSEC_CRYPTO_ALG_AES_CBC_128:
- case IPSEC_CRYPTO_ALG_AES_CBC_192:
- case IPSEC_CRYPTO_ALG_AES_CBC_256:
- break;
- case IPSEC_CRYPTO_ALG_AES_CTR_128:
- case IPSEC_CRYPTO_ALG_AES_CTR_192:
- case IPSEC_CRYPTO_ALG_AES_CTR_256:
- return clib_error_return (0, "unsupported aes-ctr crypto-alg");
- case IPSEC_CRYPTO_ALG_AES_GCM_128:
- case IPSEC_CRYPTO_ALG_AES_GCM_192:
- case IPSEC_CRYPTO_ALG_AES_GCM_256:
- return clib_error_return (0, "unsupported aes-gcm crypto-alg");
- case IPSEC_CRYPTO_N_ALG:
- return clib_error_return (0, "invalid crypto-alg");
- }
-
- switch (sa->integ_alg)
- {
- case IPSEC_INTEG_ALG_NONE:
- return clib_error_return (0, "unsupported none integ-alg");
- case IPSEC_INTEG_ALG_MD5_96:
- return clib_error_return (0, "unsupported md5 integ-alg");
- case IPSEC_INTEG_ALG_SHA1_96:
- case IPSEC_INTEG_ALG_SHA_256_96:
- case IPSEC_INTEG_ALG_SHA_256_128:
- case IPSEC_INTEG_ALG_SHA_384_192:
- case IPSEC_INTEG_ALG_SHA_512_256:
- break;
- case IPSEC_INTEG_N_ALG:
- return clib_error_return (0, "invalid integ-alg");
- }
- return 0;
-}
-
-clib_error_t *
-ipsecmb_check_ah_support (ipsec_sa_t * sa)
-{
- switch (sa->integ_alg)
- {
- case IPSEC_INTEG_ALG_NONE:
- return clib_error_return (0, "unsupported none integ-alg");
- case IPSEC_INTEG_ALG_MD5_96:
- return clib_error_return (0, "unsupported md5 integ-alg");
- case IPSEC_INTEG_ALG_SHA1_96:
- case IPSEC_INTEG_ALG_SHA_256_96:
- case IPSEC_INTEG_ALG_SHA_256_128:
- case IPSEC_INTEG_ALG_SHA_384_192:
- case IPSEC_INTEG_ALG_SHA_512_256:
- break;
- case IPSEC_INTEG_N_ALG:
- return clib_error_return (0, "invalid integ-alg");
- }
- return 0;
-}
-
-static clib_error_t *
-ipsecmb_init (vlib_main_t * vm)
-{
- ipsecmb_main_t *imbm = &ipsecmb_main;
- imbm->dev_urandom_fd = open ("/dev/urandom", O_RDONLY);
- if (!imbm->dev_urandom_fd)
- {
- return clib_error_return_unix_fatal (0,
- "Can't open /dev/urandom for read");
- }
-
- vlib_thread_main_t *tm = vlib_get_thread_main ();
-
- imbm->crypto_algs = NULL;
- imbm->integ_algs = NULL;
-
- vec_validate (imbm->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
- vec_validate (imbm->integ_algs, IPSEC_INTEG_N_ALG - 1);
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].block_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].block_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].block_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].block_size = 8;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].block_size = 8;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].iv_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].iv_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].iv_size = 16;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].iv_size = 8;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].iv_size = 8;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].cipher_mode = CBC;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].cipher_mode = CBC;
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].cipher_mode = CBC;
-
- ipsecmb_integ_alg_t *i;
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA1_96];
- i->hash_alg = SHA1;
- i->block_size = SHA1_BLOCK_SIZE;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
- i->hash_alg = SHA_256;
- i->block_size = SHA_256_BLOCK_SIZE;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
- i->hash_alg = SHA_256;
- i->block_size = SHA_256_BLOCK_SIZE;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
- i->hash_alg = SHA_384;
- i->block_size = SHA_384_BLOCK_SIZE;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
- i->hash_alg = SHA_512;
- i->block_size = SHA_512_BLOCK_SIZE;
-
- vec_validate (imbm->mb_mgr, tm->n_vlib_mains - 1);
- MB_MGR **mgr;
-#define __set_funcs(arch) \
- do \
- { \
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].keyexp_fn = \
- aes_keyexp_128_##arch; \
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].keyexp_fn = \
- aes_keyexp_192_##arch; \
- imbm->crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].keyexp_fn = \
- aes_keyexp_256_##arch; \
- imbm->integ_algs[IPSEC_INTEG_ALG_SHA1_96].hash_one_block_fn = \
- sha1_one_block_##arch; \
- imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_96].hash_one_block_fn = \
- sha256_one_block_##arch; \
- imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_128].hash_one_block_fn = \
- sha256_one_block_##arch; \
- imbm->integ_algs[IPSEC_INTEG_ALG_SHA_384_192].hash_one_block_fn = \
- sha384_one_block_##arch; \
- imbm->integ_algs[IPSEC_INTEG_ALG_SHA_512_256].hash_one_block_fn = \
- sha512_one_block_##arch; \
- } \
- while (0);
-
- if (clib_cpu_supports_avx512f ())
- {
- __set_funcs (avx512);
- vec_foreach (mgr, imbm->mb_mgr)
- {
- *mgr = alloc_mb_mgr (0);
- init_mb_mgr_avx512 (*mgr);
- }
- }
- else if (clib_cpu_supports_avx2 ())
- {
- __set_funcs (avx2);
- vec_foreach (mgr, imbm->mb_mgr)
- {
- *mgr = alloc_mb_mgr (0);
- init_mb_mgr_avx2 (*mgr);
- }
- }
- else
- {
- __set_funcs (sse);
- vec_foreach (mgr, imbm->mb_mgr)
- {
- *mgr = alloc_mb_mgr (0);
- init_mb_mgr_sse (*mgr);
- }
- }
-#undef __set_funcs
-
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA1_96];
- i->hash_output_length = 12;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
- i->hash_output_length = 12;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
- i->hash_output_length = 16;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
- i->hash_output_length = 24;
-
- i = &imbm->integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
- i->hash_output_length = 32;
-
- vec_validate (imbm->per_thread_data, tm->n_vlib_mains - 1);
-
- return 0;
-}
-
-VLIB_INIT_FUNCTION (ipsecmb_init);
-
-static uword
-ipsecmb_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
-{
- ipsec_main_t *im = &ipsec_main;
- ipsec_register_ah_backend (vm, im, "ipsecmb backend",
- "ah4-encrypt-ipsecmb",
- "ah4-decrypt-ipsecmb",
- "ah6-encrypt-ipsecmb",
- "ah6-decrypt-ipsecmb",
- ipsecmb_check_ah_support,
- ipsecmb_add_del_sa_session);
-
- ipsec_register_esp_backend (vm, im, "ipsecmb backend",
- "esp4-encrypt-ipsecmb",
- "esp4-decrypt-ipsecmb",
- "esp6-encrypt-ipsecmb",
- "esp6-decrypt-ipsecmb",
- ipsecmb_check_esp_support,
- ipsecmb_add_del_sa_session);
-
- return 0;
-}
-
-/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (ipsecmb_process_node, static) = {
- .function = ipsecmb_process,
- .type = VLIB_NODE_TYPE_PROCESS,
- .name = "ipsecmb-process",
- .process_log2_n_stack_bytes = 17,
-};
-
-/* *INDENT-OFF* */
-VLIB_PLUGIN_REGISTER () = {
- .version = VPP_BUILD_VER,
- .description = "IPsecMB plugin",
- .default_disabled = 1,
-};
-/* *INDENT-ON* */
-
-/*
- * fd.io coding-style-patch-verification: ON
- *
- * Local Variables:
- * eval: (c-set-style "gnu")
- * End:
- */