_(INTEG_ERROR, "Integrity check failed") \
_(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \
_(REPLAY, "SA replayed packet") \
+ _(RUNT, "undersized packet") \
_(CHAINED_BUFFER, "chained buffers (packet dropped)") \
_(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \
_(NO_TAIL_SPACE, "no enough buffer tail space (dropped)")
{
current_sa_index = vnet_buffer (b[0])->ipsec.sad_index;
sa0 = pool_elt_at_index (im->sad, current_sa_index);
- cpd.icv_sz = sa0->integ_trunc_size;
+ cpd.icv_sz = sa0->integ_icv_size;
cpd.iv_sz = sa0->crypto_iv_size;
cpd.flags = sa0->flags;
cpd.sa_index = current_sa_index;
payload = b[0]->data + pd->current_data;
/* we need 4 extra bytes for HMAC calculation when ESN are used */
- if ((sa0->flags & IPSEC_SA_FLAG_USE_ESN) && pd->icv_sz &&
+ if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz &&
(pd->current_data + pd->current_length + 4 > buffer_data_size))
{
b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE];
goto next;
}
+ if (pd->current_length < cpd.icv_sz + esp_sz + cpd.iv_sz)
+ {
+ b[0]->error = node->errors[ESP_DECRYPT_ERROR_RUNT];
+ next[0] = ESP_DECRYPT_NEXT_DROP;
+ goto next;
+ }
+
len = pd->current_length - cpd.icv_sz;
current_sa_pkts += 1;
current_sa_bytes += pd->current_length;
- if (PREDICT_TRUE (cpd.icv_sz > 0))
+ if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE))
{
vnet_crypto_op_t *op;
vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES);
- vnet_crypto_op_init (op, sa0->integ_op_type);
- op->key = sa0->integ_key.data;
- op->key_len = sa0->integ_key.len;
+ vnet_crypto_op_init (op, sa0->integ_op_id);
+ op->key_index = sa0->integ_key_index;
op->src = payload;
- op->hmac_trunc_len = cpd.icv_sz;
op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
op->user_data = b - bufs;
- op->dst = payload + len;
+ op->digest = payload + len;
+ op->digest_len = cpd.icv_sz;
op->len = len;
- if (PREDICT_TRUE (sa0->flags & IPSEC_SA_FLAG_USE_ESN))
+ if (ipsec_sa_is_set_USE_ESN (sa0))
{
/* shift ICV for 4 bytes to insert ESN */
u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
clib_memcpy_fast (payload + len, &sa0->seq_hi, sz);
clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE);
op->len += sz;
- op->dst += sz;
+ op->digest += sz;
}
}
payload += esp_sz;
len -= esp_sz;
- if (sa0->crypto_enc_op_type != VNET_CRYPTO_OP_NONE)
+ if (sa0->crypto_enc_op_id != VNET_CRYPTO_OP_NONE)
{
vnet_crypto_op_t *op;
vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
- vnet_crypto_op_init (op, sa0->crypto_dec_op_type);
- op->key = sa0->crypto_key.data;
+ vnet_crypto_op_init (op, sa0->crypto_dec_op_id);
+ op->key_index = sa0->crypto_key_index;
op->iv = payload;
+
+ if (ipsec_sa_is_set_IS_AEAD (sa0))
+ {
+ esp_header_t *esp0;
+ esp_aead_t *aad;
+ u8 *scratch;
+
+ /*
+ * construct the AAD and the nonce (Salt || IV) in a scratch
+ * space in front of the IP header.
+ */
+ scratch = payload - esp_sz;
+ esp0 = (esp_header_t *) (scratch);
+
+ scratch -= (sizeof (*aad) + pd->hdr_sz);
+ op->aad = scratch;
+
+ esp_aad_fill (op, esp0, sa0);
+
+ /*
+ * we don't need to refer to the ESP header anymore so we
+ * can overwrite it with the salt and use the IV where it is
+ * to form the nonce = (Salt + IV)
+ */
+ op->iv -= sizeof (sa0->salt);
+ clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt));
+
+ op->tag = payload + len;
+ op->tag_len = 16;
+ }
op->src = op->dst = payload += cpd.iv_sz;
- op->len = len;
+ op->len = len - cpd.iv_sz;
op->user_data = b - bufs;
}
op++;
}
}
-
if ((n = vec_len (ptd->crypto_ops)))
{
vnet_crypto_op_t *op = ptd->crypto_ops;
ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops));
if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
{
- u32 bi = op->user_data;
- u32 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
+ u32 err, bi;
+
+ bi = op->user_data;
+
+ if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
+ err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED;
+ else
+ err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
+
bufs[bi]->error = node->errors[err];
nexts[bi] = ESP_DECRYPT_NEXT_DROP;
n--;
sa0 = vec_elt_at_index (im->sad, pd->sa_index);
u8 *payload = b[0]->data + pd->current_data;
- ipsec_sa_anti_replay_advance (sa0, &((esp_header_t *) payload)->seq);
+ ipsec_sa_anti_replay_advance (sa0, ((esp_header_t *) payload)->seq);
esp_footer_t *f = (esp_footer_t *) (b[0]->data + pd->current_data +
pd->current_length - sizeof (*f) -
{
next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
b[0]->current_data = pd->current_data + adv;
- b[0]->current_length = pd->current_length + adv - tail;
+ b[0]->current_length = pd->current_length - adv - tail;
}
else if (f->next_header == IP_PROTOCOL_IPV6)
{
next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
b[0]->current_data = pd->current_data + adv;
- b[0]->current_length = pd->current_length + adv - tail;
+ b[0]->current_length = pd->current_length - adv - tail;
}
else
{
}
}
- if (vnet_buffer (b[0])->ipsec.flags & IPSEC_FLAG_IPSEC_GRE_TUNNEL)
+ if (PREDICT_FALSE (ipsec_sa_is_set_IS_GRE (sa0)))
next[0] = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
trace:
Code Review / vpp.git / blobdiff