From d1bed687231bb64cf7761da37431ba61bc32b6d8 Mon Sep 17 00:00:00 2001
From: Damjan Marion <damarion@cisco.com>
Date: Wed, 24 Apr 2019 15:20:35 +0200
Subject: crypto: improve key handling

Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
---
 src/vnet/lisp-cp/control.c | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

(limited to 'src/vnet/lisp-cp')

diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c
index 340217c661e..f8e9c1d5b44 100644
--- a/src/vnet/lisp-cp/control.c
+++ b/src/vnet/lisp-cp/control.c
@@ -2725,6 +2725,22 @@ build_map_register_record_list (lisp_cp_main_t * lcm)
   return recs;
 }
 
+static vnet_crypto_alg_t
+lisp_key_type_to_crypto_alg (lisp_key_type_t key_id)
+{
+  switch (key_id)
+    {
+    case HMAC_SHA_1_96:
+      return VNET_CRYPTO_ALG_HMAC_SHA1;
+    case HMAC_SHA_256_128:
+      return VNET_CRYPTO_ALG_HMAC_SHA256;
+    default:
+      clib_warning ("unsupported encryption key type: %d!", key_id);
+      break;
+    }
+  return VNET_CRYPTO_ALG_NONE;
+}
+
 static vnet_crypto_op_id_t
 lisp_key_type_to_crypto_op (lisp_key_type_t key_id)
 {
@@ -2750,17 +2766,23 @@ update_map_register_auth_data (map_register_hdr_t * map_reg_hdr,
   MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id);
   MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len);
   vnet_crypto_op_t _op, *op = &_op;
+  vnet_crypto_key_index_t ki;
 
   vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
-  op->key = key;
-  op->key_len = vec_len (key);
   op->len = msg_len;
   op->digest = MREG_DATA (map_reg_hdr);
   op->src = (u8 *) map_reg_hdr;
   op->digest_len = 0;
   op->iv = 0;
 
+  ki = vnet_crypto_key_add (lcm->vlib_main,
+			    lisp_key_type_to_crypto_alg (key_id), key,
+			    vec_len (key));
+
+  op->key_index = ki;
+
   vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+  vnet_crypto_key_del (lcm->vlib_main, ki);
 
   return 0;
 }
@@ -3926,6 +3948,7 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
   u16 auth_data_len;
   int result;
   vnet_crypto_op_t _op, *op = &_op;
+  vnet_crypto_key_index_t ki;
   u8 out[EVP_MAX_MD_SIZE] = { 0, };
 
   auth_data_len = auth_data_len_by_key_id (key_id);
@@ -3943,15 +3966,20 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
   clib_memset (MNOTIFY_DATA (h), 0, auth_data_len);
 
   vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
-  op->key = key;
-  op->key_len = vec_len (key);
   op->len = msg_len;
   op->digest = out;
   op->src = (u8 *) h;
   op->digest_len = 0;
   op->iv = 0;
 
+  ki = vnet_crypto_key_add (lcm->vlib_main,
+			    lisp_key_type_to_crypto_alg (key_id), key,
+			    vec_len (key));
+
+  op->key_index = ki;
+
   vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+  vnet_crypto_key_del (lcm->vlib_main, ki);
 
   result = memcmp (out, auth_data, auth_data_len);
 
-- 
cgit 1.2.3-korg