From 005d1e4d4822454363c4a0fa3a1d8b33a14ba6e8 Mon Sep 17 00:00:00 2001 From: Alexander Chernavin Date: Mon, 1 Feb 2021 05:17:24 -0500 Subject: crypto: support async handlers for 3des and md5 With this change, add support for 3DES and MD5 in IPsec async mode. After changes in foreach_crypto_link_async_alg, the last combination in the list (aes-256-cbc-hmac-sha-512) started to fail during decription. That was also fixed by proper vector size validation. Type: improvement Signed-off-by: Alexander Chernavin Change-Id: I660657bdab62ea9cf031c3e43d99f2317e5f74d7 --- src/vnet/crypto/crypto.c | 6 +++--- src/vnet/crypto/crypto.h | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index b98d219d385..74f945e8382 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -283,9 +283,9 @@ vnet_crypto_register_async_handler (vlib_main_t * vm, u32 engine_index, vnet_crypto_main_t *cm = &crypto_main; vnet_crypto_engine_t *ae, *e = vec_elt_at_index (cm->engines, engine_index); vnet_crypto_async_op_data_t *otd = cm->async_opt_data + opt; - vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1, + vec_validate_aligned (cm->enqueue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS, CLIB_CACHE_LINE_BYTES); - vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS - 1, + vec_validate_aligned (cm->dequeue_handlers, VNET_CRYPTO_ASYNC_OP_N_IDS, CLIB_CACHE_LINE_BYTES); /* both enqueue hdl and dequeue hdl should present */ @@ -721,7 +721,7 @@ vnet_crypto_init (vlib_main_t * vm) CLIB_CACHE_LINE_BYTES); vec_validate (cm->algs, VNET_CRYPTO_N_ALGS); vec_validate (cm->async_algs, VNET_CRYPTO_N_ASYNC_ALGS); - clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS - 1); + clib_bitmap_validate (cm->async_active_ids, VNET_CRYPTO_ASYNC_OP_N_IDS); #define _(n, s, l) \ vnet_crypto_init_cipher_data (VNET_CRYPTO_ALG_##n, \ diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 7db591fcf86..a44c8910555 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -86,18 +86,27 @@ typedef enum /* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */ #define foreach_crypto_link_async_alg \ + _ (3DES_CBC, MD5, "3des-cbc-hmac-md5", 24, 12) \ + _ (AES_128_CBC, MD5, "aes-128-cbc-hmac-md5", 16, 12) \ + _ (AES_192_CBC, MD5, "aes-192-cbc-hmac-md5", 24, 12) \ + _ (AES_256_CBC, MD5, "aes-256-cbc-hmac-md5", 32, 12) \ + _ (3DES_CBC, SHA1, "3des-cbc-hmac-sha-1", 24, 12) \ _ (AES_128_CBC, SHA1, "aes-128-cbc-hmac-sha-1", 16, 12) \ _ (AES_192_CBC, SHA1, "aes-192-cbc-hmac-sha-1", 24, 12) \ _ (AES_256_CBC, SHA1, "aes-256-cbc-hmac-sha-1", 32, 12) \ + _ (3DES_CBC, SHA224, "3des-cbc-hmac-sha-224", 24, 14) \ _ (AES_128_CBC, SHA224, "aes-128-cbc-hmac-sha-224", 16, 14) \ _ (AES_192_CBC, SHA224, "aes-192-cbc-hmac-sha-224", 24, 14) \ _ (AES_256_CBC, SHA224, "aes-256-cbc-hmac-sha-224", 32, 14) \ + _ (3DES_CBC, SHA256, "3des-cbc-hmac-sha-256", 24, 16) \ _ (AES_128_CBC, SHA256, "aes-128-cbc-hmac-sha-256", 16, 16) \ _ (AES_192_CBC, SHA256, "aes-192-cbc-hmac-sha-256", 24, 16) \ _ (AES_256_CBC, SHA256, "aes-256-cbc-hmac-sha-256", 32, 16) \ + _ (3DES_CBC, SHA384, "3des-cbc-hmac-sha-384", 24, 24) \ _ (AES_128_CBC, SHA384, "aes-128-cbc-hmac-sha-384", 16, 24) \ _ (AES_192_CBC, SHA384, "aes-192-cbc-hmac-sha-384", 24, 24) \ _ (AES_256_CBC, SHA384, "aes-256-cbc-hmac-sha-384", 32, 24) \ + _ (3DES_CBC, SHA512, "3des-cbc-hmac-sha-512", 24, 32) \ _ (AES_128_CBC, SHA512, "aes-128-cbc-hmac-sha-512", 16, 32) \ _ (AES_192_CBC, SHA512, "aes-192-cbc-hmac-sha-512", 24, 32) \ _ (AES_256_CBC, SHA512, "aes-256-cbc-hmac-sha-512", 32, 32) \ -- cgit 1.2.3-korg