summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c12
-rw-r--r--src/vnet/ipsec/ipsec.c18
-rw-r--r--src/vnet/ipsec/ipsec.h2
-rw-r--r--src/vnet/ipsec/ipsec_sa.c4
-rw-r--r--src/vnet/ipsec/ipsec_sa.h2
5 files changed, 19 insertions, 19 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 8b722ef541f..c0773e2963f 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -112,7 +112,7 @@ format_esp_post_encrypt_trace (u8 * s, va_list * args)
/* pad packet in input buffer */
static_always_inline u8 *
esp_add_footer_and_icv (vlib_main_t * vm, vlib_buffer_t ** last,
- u8 block_size, u8 icv_sz,
+ u8 esp_align, u8 icv_sz,
u16 * next, vlib_node_runtime_t * node,
u16 buffer_data_size, uword total_len)
{
@@ -122,7 +122,7 @@ esp_add_footer_and_icv (vlib_main_t * vm, vlib_buffer_t ** last,
};
u16 min_length = total_len + sizeof (esp_footer_t);
- u16 new_length = round_pow2 (min_length, block_size);
+ u16 new_length = round_pow2 (min_length, esp_align);
u8 pad_bytes = new_length - min_length;
esp_footer_t *f = (esp_footer_t *) (vlib_buffer_get_current (last[0]) +
last[0]->current_length + pad_bytes);
@@ -587,7 +587,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
u16 buffer_data_size = vlib_buffer_get_default_data_size (vm);
u32 current_sa_index = ~0, current_sa_packets = 0;
u32 current_sa_bytes = 0, spi = 0;
- u8 block_sz = 0, iv_sz = 0, icv_sz = 0;
+ u8 esp_align = 4, iv_sz = 0, icv_sz = 0;
ipsec_sa_t *sa0 = 0;
vlib_buffer_t *lb;
vnet_crypto_op_t **crypto_ops = &ptd->crypto_ops;
@@ -648,7 +648,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
sa0 = pool_elt_at_index (im->sad, sa_index0);
current_sa_index = sa_index0;
spi = clib_net_to_host_u32 (sa0->spi);
- block_sz = sa0->crypto_block_size;
+ esp_align = sa0->esp_block_align;
icv_sz = sa0->integ_icv_size;
iv_sz = sa0->crypto_iv_size;
@@ -713,7 +713,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
if (ipsec_sa_is_set_IS_TUNNEL (sa0))
{
payload = vlib_buffer_get_current (b[0]);
- next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, block_sz, icv_sz,
+ next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, esp_align, icv_sz,
next, node,
buffer_data_size,
vlib_buffer_length_in_chain
@@ -789,7 +789,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_buffer_advance (b[0], ip_len);
payload = vlib_buffer_get_current (b[0]);
- next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, block_sz, icv_sz,
+ next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, esp_align, icv_sz,
next, node,
buffer_data_size,
vlib_buffer_length_in_chain
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 0ef90673596..55f69f584c9 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -450,44 +450,44 @@ ipsec_init (vlib_main_t * vm)
a->dec_op_id = VNET_CRYPTO_OP_NONE;
a->alg = VNET_CRYPTO_ALG_NONE;
a->iv_size = 0;
- a->block_size = 1;
+ a->block_align = 1;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
a->alg = VNET_CRYPTO_ALG_DES_CBC;
- a->iv_size = a->block_size = 8;
+ a->iv_size = a->block_align = 8;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_3DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC;
a->alg = VNET_CRYPTO_ALG_3DES_CBC;
- a->iv_size = a->block_size = 8;
+ a->iv_size = a->block_align = 8;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128;
a->enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC;
a->alg = VNET_CRYPTO_ALG_AES_128_CBC;
- a->iv_size = a->block_size = 16;
+ a->iv_size = a->block_align = 16;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192;
a->enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC;
a->alg = VNET_CRYPTO_ALG_AES_192_CBC;
- a->iv_size = a->block_size = 16;
+ a->iv_size = a->block_align = 16;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256;
a->enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC;
a->alg = VNET_CRYPTO_ALG_AES_256_CBC;
- a->iv_size = a->block_size = 16;
+ a->iv_size = a->block_align = 16;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128;
a->enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
a->dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
a->alg = VNET_CRYPTO_ALG_AES_128_GCM;
a->iv_size = 8;
- a->block_size = 16;
+ a->block_align = 1;
a->icv_size = 16;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
@@ -495,7 +495,7 @@ ipsec_init (vlib_main_t * vm)
a->dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
a->alg = VNET_CRYPTO_ALG_AES_192_GCM;
a->iv_size = 8;
- a->block_size = 16;
+ a->block_align = 1;
a->icv_size = 16;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
@@ -503,7 +503,7 @@ ipsec_init (vlib_main_t * vm)
a->dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
a->alg = VNET_CRYPTO_ALG_AES_256_GCM;
a->iv_size = 8;
- a->block_size = 16;
+ a->block_align = 1;
a->icv_size = 16;
vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index 603bc33ba4d..3d84ad3f6ad 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -78,7 +78,7 @@ typedef struct
vnet_crypto_op_id_t dec_op_id;
vnet_crypto_alg_t alg;
u8 iv_size;
- u8 block_size;
+ u8 block_align;
u8 icv_size;
} ipsec_main_crypto_alg_t;
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index e5f01bff0d9..2ff3bee1b3f 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -99,12 +99,12 @@ ipsec_sa_set_crypto_alg (ipsec_sa_t * sa, ipsec_crypto_alg_t crypto_alg)
ipsec_main_t *im = &ipsec_main;
sa->crypto_alg = crypto_alg;
sa->crypto_iv_size = im->crypto_algs[crypto_alg].iv_size;
- sa->crypto_block_size = im->crypto_algs[crypto_alg].block_size;
+ sa->esp_block_align = clib_max (4, im->crypto_algs[crypto_alg].block_align);
sa->sync_op_data.crypto_enc_op_id = im->crypto_algs[crypto_alg].enc_op_id;
sa->sync_op_data.crypto_dec_op_id = im->crypto_algs[crypto_alg].dec_op_id;
sa->crypto_calg = im->crypto_algs[crypto_alg].alg;
ASSERT (sa->crypto_iv_size <= ESP_MAX_IV_SIZE);
- ASSERT (sa->crypto_block_size <= ESP_MAX_BLOCK_SIZE);
+ ASSERT (sa->esp_block_align <= ESP_MAX_BLOCK_SIZE);
if (IPSEC_CRYPTO_ALG_IS_GCM (crypto_alg))
{
sa->integ_icv_size = im->crypto_algs[crypto_alg].icv_size;
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 5950d6f53b3..5d65238b736 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -113,7 +113,7 @@ typedef struct
ipsec_sa_flags_t flags;
u8 crypto_iv_size;
- u8 crypto_block_size;
+ u8 esp_block_align;
u8 integ_icv_size;
u32 encrypt_thread_index;
u32 decrypt_thread_index;