aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/crypto/crypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/crypto/crypto.h')
-rw-r--r--src/vnet/crypto/crypto.h289
1 files changed, 117 insertions, 172 deletions
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index daaff8e0333..ae959251603 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -21,42 +21,35 @@
#define VNET_CRYPTO_FRAME_SIZE 64
#define VNET_CRYPTO_FRAME_POOL_SIZE 1024
-/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
-#define foreach_crypto_cipher_alg \
- _(DES_CBC, "des-cbc", 7) \
- _(3DES_CBC, "3des-cbc", 24) \
- _(AES_128_CBC, "aes-128-cbc", 16) \
- _(AES_192_CBC, "aes-192-cbc", 24) \
- _(AES_256_CBC, "aes-256-cbc", 32) \
- _(AES_128_CTR, "aes-128-ctr", 16) \
- _(AES_192_CTR, "aes-192-ctr", 24) \
- _(AES_256_CTR, "aes-256-ctr", 32)
-
-/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
+/* CRYPTO_ID, PRETTY_NAME, ARGS*/
+#define foreach_crypto_cipher_alg \
+ _ (DES_CBC, "des-cbc", .key_length = 7) \
+ _ (3DES_CBC, "3des-cbc", .key_length = 24) \
+ _ (AES_128_CBC, "aes-128-cbc", .key_length = 16) \
+ _ (AES_192_CBC, "aes-192-cbc", .key_length = 24) \
+ _ (AES_256_CBC, "aes-256-cbc", .key_length = 32) \
+ _ (AES_128_CTR, "aes-128-ctr", .key_length = 16) \
+ _ (AES_192_CTR, "aes-192-ctr", .key_length = 24) \
+ _ (AES_256_CTR, "aes-256-ctr", .key_length = 32)
+
+/* CRYPTO_ID, PRETTY_NAME, ARGS */
#define foreach_crypto_aead_alg \
- _ (AES_128_GCM, "aes-128-gcm", 16) \
- _ (AES_192_GCM, "aes-192-gcm", 24) \
- _ (AES_256_GCM, "aes-256-gcm", 32) \
- _ (AES_128_NULL_GMAC, "aes-128-null-gmac", 16) \
- _ (AES_192_NULL_GMAC, "aes-192-null-gmac", 24) \
- _ (AES_256_NULL_GMAC, "aes-256-null-gmac", 32) \
- _ (CHACHA20_POLY1305, "chacha20-poly1305", 32)
+ _ (AES_128_GCM, "aes-128-gcm", .is_aead = 1, .key_length = 16) \
+ _ (AES_192_GCM, "aes-192-gcm", .is_aead = 1, .key_length = 24) \
+ _ (AES_256_GCM, "aes-256-gcm", .is_aead = 1, .key_length = 32) \
+ _ (AES_128_NULL_GMAC, "aes-128-null-gmac", .is_aead = 1, .key_length = 16) \
+ _ (AES_192_NULL_GMAC, "aes-192-null-gmac", .is_aead = 1, .key_length = 24) \
+ _ (AES_256_NULL_GMAC, "aes-256-null-gmac", .is_aead = 1, .key_length = 32) \
+ _ (CHACHA20_POLY1305, "chacha20-poly1305", .is_aead = 1, .key_length = 32)
#define foreach_crypto_hash_alg \
+ _ (MD5, "md5") \
_ (SHA1, "sha-1") \
_ (SHA224, "sha-224") \
_ (SHA256, "sha-256") \
_ (SHA384, "sha-384") \
_ (SHA512, "sha-512")
-#define foreach_crypto_hmac_alg \
- _(MD5, "md5") \
- _(SHA1, "sha-1") \
- _(SHA224, "sha-224") \
- _(SHA256, "sha-256") \
- _(SHA384, "sha-384") \
- _(SHA512, "sha-512")
-
#define foreach_crypto_op_type \
_ (ENCRYPT, "encrypt") \
_ (DECRYPT, "decrypt") \
@@ -98,7 +91,7 @@ typedef enum
_ (AES_256_NULL_GMAC, "aes-256-null-gmac-aad12", 32, 16, 12) \
_ (CHACHA20_POLY1305, "chacha20-poly1305-aad8", 32, 16, 8) \
_ (CHACHA20_POLY1305, "chacha20-poly1305-aad12", 32, 16, 12) \
- _ (CHACHA20_POLY1305, "chacha20-poly1305", 32, 16, 0)
+ _ (CHACHA20_POLY1305, "chacha20-poly1305-aad0", 32, 16, 0)
/* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */
#define foreach_crypto_link_async_alg \
@@ -130,10 +123,6 @@ typedef enum
_ (AES_192_CTR, SHA1, "aes-192-ctr-hmac-sha-1", 24, 12) \
_ (AES_256_CTR, SHA1, "aes-256-ctr-hmac-sha-1", 32, 12)
-#define foreach_crypto_async_op_type \
- _(ENCRYPT, "async-encrypt") \
- _(DECRYPT, "async-decrypt")
-
typedef enum
{
VNET_CRYPTO_KEY_OP_ADD,
@@ -152,72 +141,35 @@ typedef enum
typedef enum
{
VNET_CRYPTO_ALG_NONE = 0,
-#define _(n, s, l) VNET_CRYPTO_ALG_##n,
+#define _(n, s, ...) VNET_CRYPTO_ALG_##n,
foreach_crypto_cipher_alg foreach_crypto_aead_alg
#undef _
-#define _(n, s) VNET_CRYPTO_ALG_HMAC_##n,
- foreach_crypto_hmac_alg
-#undef _
-#define _(n, s) VNET_CRYPTO_ALG_HASH_##n,
- foreach_crypto_hash_alg
-#undef _
- VNET_CRYPTO_N_ALGS,
-} vnet_crypto_alg_t;
-
-typedef enum
-{
-#define _(n, s) VNET_CRYPTO_ASYNC_OP_TYPE_##n,
- foreach_crypto_async_op_type
+#define _(n, s) VNET_CRYPTO_ALG_HASH_##n, VNET_CRYPTO_ALG_HMAC_##n,
+ foreach_crypto_hash_alg
#undef _
- VNET_CRYPTO_ASYNC_OP_N_TYPES,
-} vnet_crypto_async_op_type_t;
-
-typedef enum
-{
- VNET_CRYPTO_ASYNC_ALG_NONE = 0,
#define _(n, s, k, t, a) \
VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a,
- foreach_crypto_aead_async_alg
+ foreach_crypto_aead_async_alg
#undef _
#define _(c, h, s, k ,d) \
VNET_CRYPTO_ALG_##c##_##h##_TAG##d,
- foreach_crypto_link_async_alg
-#undef _
- VNET_CRYPTO_N_ASYNC_ALGS,
-} vnet_crypto_async_alg_t;
-
-typedef enum
-{
- VNET_CRYPTO_ASYNC_OP_NONE = 0,
-#define _(n, s, k, t, a) \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
- VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC,
- foreach_crypto_aead_async_alg
-#undef _
-#define _(c, h, s, k ,d) \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
- VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC,
- foreach_crypto_link_async_alg
+ foreach_crypto_link_async_alg
#undef _
- VNET_CRYPTO_ASYNC_OP_N_IDS,
-} vnet_crypto_async_op_id_t;
+ VNET_CRYPTO_N_ALGS,
+} vnet_crypto_alg_t;
typedef struct
{
u32 index;
u16 length;
u8 is_link : 1;
+ vnet_crypto_alg_t alg : 8;
union
{
struct
{
- vnet_crypto_alg_t alg:8;
- };
- struct
- {
u32 index_crypto;
u32 index_integ;
- vnet_crypto_async_alg_t async_alg:8;
};
};
u8 data[];
@@ -226,29 +178,31 @@ typedef struct
typedef enum
{
VNET_CRYPTO_OP_NONE = 0,
-#define _(n, s, l) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
+#define _(n, s, ...) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
foreach_crypto_cipher_alg foreach_crypto_aead_alg
#undef _
-#define _(n, s) VNET_CRYPTO_OP_##n##_HMAC,
- foreach_crypto_hmac_alg
+#define _(n, s) VNET_CRYPTO_OP_##n##_HASH, VNET_CRYPTO_OP_##n##_HMAC,
+ foreach_crypto_hash_alg
#undef _
-#define _(n, s) VNET_CRYPTO_OP_##n##_HASH,
- foreach_crypto_hash_alg
+#define _(n, s, k, t, a) \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
+ VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC,
+ foreach_crypto_aead_async_alg
#undef _
- VNET_CRYPTO_N_OP_IDS,
-} vnet_crypto_op_id_t;
-
-typedef enum
-{
- CRYPTO_OP_SIMPLE,
- CRYPTO_OP_CHAINED,
- CRYPTO_OP_BOTH,
-} crypto_op_class_type_t;
+#define _(c, h, s, k, d) \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
+ VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC,
+ foreach_crypto_link_async_alg
+#undef _
+ VNET_CRYPTO_N_OP_IDS,
+} __clib_packed vnet_crypto_op_id_t;
typedef struct
{
char *name;
+ u16 key_length;
u8 is_aead : 1;
+ u8 variable_key_length : 1;
vnet_crypto_op_id_t op_by_type[VNET_CRYPTO_OP_N_TYPES];
} vnet_crypto_alg_data_t;
@@ -263,7 +217,7 @@ typedef struct
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
uword user_data;
- vnet_crypto_op_id_t op:16;
+ vnet_crypto_op_id_t op;
vnet_crypto_op_status_t status:8;
u8 flags;
#define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 0)
@@ -308,26 +262,19 @@ typedef struct
STATIC_ASSERT_SIZEOF (vnet_crypto_op_t, CLIB_CACHE_LINE_BYTES);
-typedef struct
-{
- vnet_crypto_op_type_t type;
- vnet_crypto_alg_t alg;
- u32 active_engine_index_simple;
- u32 active_engine_index_chained;
-} vnet_crypto_op_data_t;
+#define foreach_crypto_handler_type \
+ _ (SIMPLE, "simple") \
+ _ (CHAINED, "chained") \
+ _ (ASYNC, "async")
-typedef struct
+typedef enum
{
- vnet_crypto_async_op_type_t type;
- vnet_crypto_async_alg_t alg;
- u32 active_engine_index_async;
-} vnet_crypto_async_op_data_t;
+#define _(n, s) VNET_CRYPTO_HANDLER_TYPE_##n,
+ foreach_crypto_handler_type
+#undef _
+ VNET_CRYPTO_HANDLER_N_TYPES
-typedef struct
-{
- char *name;
- vnet_crypto_async_op_id_t op_by_type[VNET_CRYPTO_ASYNC_OP_N_TYPES];
-} vnet_crypto_async_alg_data_t;
+} vnet_crypto_handler_type_t;
typedef struct
{
@@ -365,7 +312,7 @@ typedef struct
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
vnet_crypto_async_frame_state_t state;
- vnet_crypto_async_op_id_t op:8;
+ vnet_crypto_op_id_t op : 8;
u16 n_elts;
vnet_crypto_async_frame_elt_t elts[VNET_CRYPTO_FRAME_SIZE];
u32 buffer_indices[VNET_CRYPTO_FRAME_SIZE];
@@ -383,21 +330,20 @@ typedef struct
typedef u32 vnet_crypto_key_index_t;
-typedef u32 (vnet_crypto_chained_ops_handler_t) (vlib_main_t * vm,
- vnet_crypto_op_t * ops[],
- vnet_crypto_op_chunk_t *
- chunks, u32 n_ops);
+typedef u32 (vnet_crypto_chained_op_fn_t) (vlib_main_t *vm,
+ vnet_crypto_op_t *ops[],
+ vnet_crypto_op_chunk_t *chunks,
+ u32 n_ops);
-typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm,
- vnet_crypto_op_t * ops[], u32 n_ops);
+typedef u32 (vnet_crypto_simple_op_fn_t) (vlib_main_t *vm,
+ vnet_crypto_op_t *ops[], u32 n_ops);
-typedef void (vnet_crypto_key_handler_t) (vnet_crypto_key_op_t kop,
- vnet_crypto_key_index_t idx);
+typedef void (vnet_crypto_key_fn_t) (vnet_crypto_key_op_t kop,
+ vnet_crypto_key_index_t idx);
/** async crypto function handlers **/
-typedef int
- (vnet_crypto_frame_enqueue_t) (vlib_main_t * vm,
- vnet_crypto_async_frame_t * frame);
+typedef int (vnet_crypto_frame_enq_fn_t) (vlib_main_t *vm,
+ vnet_crypto_async_frame_t *frame);
typedef vnet_crypto_async_frame_t *
(vnet_crypto_frame_dequeue_t) (vlib_main_t * vm, u32 * nb_elts_processed,
u32 * enqueue_thread_idx);
@@ -406,32 +352,29 @@ u32
vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
char *desc);
-void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
+void vnet_crypto_register_ops_handler (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * oph);
+ vnet_crypto_simple_op_fn_t *oph);
-void vnet_crypto_register_chained_ops_handler (vlib_main_t * vm,
- u32 engine_index,
- vnet_crypto_op_id_t opt,
- vnet_crypto_chained_ops_handler_t
- * oph);
+void
+vnet_crypto_register_chained_ops_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_chained_op_fn_t *oph);
-void vnet_crypto_register_ops_handlers (vlib_main_t * vm, u32 engine_index,
+void vnet_crypto_register_ops_handlers (vlib_main_t *vm, u32 engine_index,
vnet_crypto_op_id_t opt,
- vnet_crypto_ops_handler_t * fn,
- vnet_crypto_chained_ops_handler_t *
- cfn);
+ vnet_crypto_simple_op_fn_t *fn,
+ vnet_crypto_chained_op_fn_t *cfn);
-void vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
- vnet_crypto_key_handler_t * keyh);
+void vnet_crypto_register_key_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_key_fn_t *keyh);
/** async crypto register functions */
u32 vnet_crypto_register_post_node (vlib_main_t * vm, char *post_node_name);
-void
-vnet_crypto_register_enqueue_handler (vlib_main_t *vm, u32 engine_index,
- vnet_crypto_async_op_id_t opt,
- vnet_crypto_frame_enqueue_t *enq_fn);
+void vnet_crypto_register_enqueue_handler (vlib_main_t *vm, u32 engine_index,
+ vnet_crypto_op_id_t opt,
+ vnet_crypto_frame_enq_fn_t *enq_fn);
void
vnet_crypto_register_dequeue_handler (vlib_main_t *vm, u32 engine_index,
@@ -439,14 +382,16 @@ vnet_crypto_register_dequeue_handler (vlib_main_t *vm, u32 engine_index,
typedef struct
{
+ void *handlers[VNET_CRYPTO_HANDLER_N_TYPES];
+} vnet_crypto_engine_op_t;
+
+typedef struct
+{
char *name;
char *desc;
int priority;
- vnet_crypto_key_handler_t *key_op_handler;
- vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_chained_ops_handler_t
- * chained_ops_handlers[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_frame_enqueue_t *enqueue_handlers[VNET_CRYPTO_ASYNC_OP_N_IDS];
+ vnet_crypto_engine_op_t ops[VNET_CRYPTO_N_OP_IDS];
+ vnet_crypto_key_fn_t *key_op_handler;
vnet_crypto_frame_dequeue_t *dequeue_handler;
} vnet_crypto_engine_t;
@@ -458,20 +403,22 @@ typedef struct
typedef struct
{
- vnet_crypto_alg_data_t *algs;
+ vnet_crypto_op_type_t type;
+ vnet_crypto_alg_t alg;
+ u8 active_engine_index[VNET_CRYPTO_HANDLER_N_TYPES];
+ void *handlers[VNET_CRYPTO_HANDLER_N_TYPES];
+} vnet_crypto_op_data_t;
+
+typedef struct
+{
+ vnet_crypto_alg_data_t algs[VNET_CRYPTO_N_ALGS];
vnet_crypto_thread_t *threads;
- vnet_crypto_ops_handler_t **ops_handlers;
- vnet_crypto_chained_ops_handler_t **chained_ops_handlers;
- vnet_crypto_frame_enqueue_t **enqueue_handlers;
vnet_crypto_frame_dequeue_t **dequeue_handlers;
vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS];
- vnet_crypto_async_op_data_t async_opt_data[VNET_CRYPTO_ASYNC_OP_N_IDS];
vnet_crypto_engine_t *engines;
vnet_crypto_key_t **keys;
uword *engine_index_by_name;
uword *alg_index_by_name;
- uword *async_alg_index_by_name;
- vnet_crypto_async_alg_data_t *async_algs;
vnet_crypto_async_next_node_t *next_nodes;
u32 crypto_node_index;
} vnet_crypto_main_t;
@@ -485,8 +432,17 @@ u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
u32 n_ops);
void vnet_crypto_set_async_dispatch (u8 mode, u8 adaptive);
-int vnet_crypto_set_handler2 (char *ops_handler_name, char *engine,
- crypto_op_class_type_t oct);
+
+typedef struct
+{
+ char *handler_name;
+ char *engine;
+ u8 set_simple : 1;
+ u8 set_chained : 1;
+ u8 set_async : 1;
+} vnet_crypto_set_handlers_args_t;
+
+int vnet_crypto_set_handlers (vnet_crypto_set_handlers_args_t *);
int vnet_crypto_is_set_handler (vnet_crypto_alg_t alg);
u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg,
@@ -502,12 +458,8 @@ u32 vnet_crypto_key_add_linked (vlib_main_t * vm,
vnet_crypto_key_index_t index_crypto,
vnet_crypto_key_index_t index_integ);
-int vnet_crypto_set_async_handler2 (char *alg_name, char *engine);
-
-int vnet_crypto_is_set_async_handler (vnet_crypto_async_op_id_t opt);
-
-vnet_crypto_async_alg_t vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
- vnet_crypto_alg_t integ_alg);
+vnet_crypto_alg_t vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
+ vnet_crypto_alg_t integ_alg);
format_function_t format_vnet_crypto_alg;
format_function_t format_vnet_crypto_engine;
@@ -516,10 +468,6 @@ format_function_t format_vnet_crypto_op_type;
format_function_t format_vnet_crypto_op_status;
unformat_function_t unformat_vnet_crypto_alg;
-format_function_t format_vnet_crypto_async_op;
-format_function_t format_vnet_crypto_async_alg;
-format_function_t format_vnet_crypto_async_op_type;
-
static_always_inline void
vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type)
{
@@ -547,16 +495,10 @@ vnet_crypto_get_key (vnet_crypto_key_index_t index)
return cm->keys[index];
}
-static_always_inline int
-vnet_crypto_set_handler (char *alg_name, char *engine)
-{
- return vnet_crypto_set_handler2 (alg_name, engine, CRYPTO_OP_BOTH);
-}
-
/** async crypto inline functions **/
static_always_inline vnet_crypto_async_frame_t *
-vnet_crypto_async_get_frame (vlib_main_t * vm, vnet_crypto_async_op_id_t opt)
+vnet_crypto_async_get_frame (vlib_main_t *vm, vnet_crypto_op_id_t opt)
{
vnet_crypto_main_t *cm = &crypto_main;
vnet_crypto_thread_t *ct = cm->threads + vm->thread_index;
@@ -591,19 +533,22 @@ vnet_crypto_async_submit_open_frame (vlib_main_t * vm,
{
vnet_crypto_main_t *cm = &crypto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
+ vnet_crypto_op_id_t op = frame->op;
+ vnet_crypto_frame_enq_fn_t *fn =
+ cm->opt_data[op].handlers[VNET_CRYPTO_HANDLER_TYPE_ASYNC];
u32 i;
vlib_node_t *n;
frame->state = VNET_CRYPTO_FRAME_STATE_PENDING;
frame->enqueue_thread_index = vm->thread_index;
- if (PREDICT_FALSE (cm->enqueue_handlers == NULL))
+ if (PREDICT_FALSE (fn == 0))
{
frame->state = VNET_CRYPTO_FRAME_STATE_ELT_ERROR;
return -1;
}
- int ret = (cm->enqueue_handlers[frame->op]) (vm, frame);
+ int ret = fn (vm, frame);
if (PREDICT_TRUE (ret == 0))
{
@@ -655,7 +600,7 @@ vnet_crypto_async_add_to_frame (vlib_main_t *vm, vnet_crypto_async_frame_t *f,
static_always_inline void
vnet_crypto_async_reset_frame (vnet_crypto_async_frame_t * f)
{
- vnet_crypto_async_op_id_t opt;
+ vnet_crypto_op_id_t opt;
ASSERT (f != 0);
ASSERT ((f->state == VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED
|| f->state == VNET_CRYPTO_FRAME_STATE_ELT_ERROR));