From c6c4394dbd4a128d07d0a0a72c4db7d132f4474e Mon Sep 17 00:00:00 2001 From: Filip Tehlar Date: Thu, 21 Mar 2019 05:56:59 -0700 Subject: lisp: use crypto lib instead of openssl directly Change-Id: I9667ed16939dede55b24959045737742d1c7c449 Signed-off-by: Filip Tehlar --- src/vnet/lisp-cp/control.c | 68 +++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 25 deletions(-) (limited to 'src/vnet/lisp-cp') diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c index 6369e4e82e3..bce44288d08 100644 --- a/src/vnet/lisp-cp/control.c +++ b/src/vnet/lisp-cp/control.c @@ -26,7 +26,7 @@ #include #include -#include +#include #define MAX_VALUE_U24 0xffffff @@ -76,22 +76,6 @@ auth_data_len_by_key_id (lisp_key_type_t key_id) return (u16) ~ 0; } -static const EVP_MD * -get_encrypt_fcn (lisp_key_type_t key_id) -{ - switch (key_id) - { - case HMAC_SHA_1_96: - return EVP_sha1 (); - case HMAC_SHA_256_128: - return EVP_sha256 (); - default: - clib_warning ("unsupported encryption key type: %d!", key_id); - break; - } - return 0; -} - static int queue_map_request (gid_address_t * seid, gid_address_t * deid, u8 smr_invoked, u8 is_resend); @@ -2741,18 +2725,42 @@ build_map_register_record_list (lisp_cp_main_t * lcm) return recs; } +static vnet_crypto_op_type_t +lisp_key_type_to_crypto_op (lisp_key_type_t key_id) +{ + switch (key_id) + { + case HMAC_SHA_1_96: + return VNET_CRYPTO_OP_SHA1_HMAC; + case HMAC_SHA_256_128: + return VNET_CRYPTO_OP_SHA256_HMAC; + default: + clib_warning ("unsupported encryption key type: %d!", key_id); + break; + } + return VNET_CRYPTO_OP_NONE; +} + static int update_map_register_auth_data (map_register_hdr_t * map_reg_hdr, lisp_key_type_t key_id, u8 * key, u16 auth_data_len, u32 msg_len) { + lisp_cp_main_t *lcm = vnet_lisp_cp_get_main (); MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id); MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len); + vnet_crypto_op_t _op, *op = &_op; - unsigned char *result = HMAC (get_encrypt_fcn (key_id), key, vec_len (key), - (unsigned char *) map_reg_hdr, msg_len, NULL, - NULL); - clib_memcpy (MREG_DATA (map_reg_hdr), result, auth_data_len); + vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id)); + op->key = key; + op->key_len = vec_len (key); + op->len = msg_len; + op->dst = MREG_DATA (map_reg_hdr); + op->src = (u8 *) map_reg_hdr; + op->hmac_trunc_len = 0; + op->iv = 0; + + vnet_crypto_process_ops (lcm->vlib_main, op, 1); return 0; } @@ -3913,9 +3921,12 @@ static int is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len, lisp_key_type_t key_id, u8 * key) { + lisp_cp_main_t *lcm = vnet_lisp_cp_get_main (); u8 *auth_data = 0; u16 auth_data_len; int result; + vnet_crypto_op_t _op, *op = &_op; + u8 out[EVP_MAX_MD_SIZE] = { 0, }; auth_data_len = auth_data_len_by_key_id (key_id); if ((u16) ~ 0 == auth_data_len) @@ -3931,11 +3942,18 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len, /* clear auth data */ clib_memset (MNOTIFY_DATA (h), 0, auth_data_len); - /* get hash of the message */ - unsigned char *code = HMAC (get_encrypt_fcn (key_id), key, vec_len (key), - (unsigned char *) h, msg_len, NULL, NULL); + vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id)); + op->key = key; + op->key_len = vec_len (key); + op->len = msg_len; + op->dst = out; + op->src = (u8 *) h; + op->hmac_trunc_len = 0; + op->iv = 0; + + vnet_crypto_process_ops (lcm->vlib_main, op, 1); - result = memcmp (code, auth_data, auth_data_len); + result = memcmp (out, auth_data, auth_data_len); vec_free (auth_data); -- cgit 1.2.3-korg