#include <vnet/ethernet/packet.h>
#include <openssl/evp.h>
-#include <openssl/hmac.h>
+#include <vnet/crypto/crypto.h>
#define MAX_VALUE_U24 0xffffff
return (u16) ~ 0;
}
-static const EVP_MD *
-get_encrypt_fcn (lisp_key_type_t key_id)
-{
- switch (key_id)
- {
- case HMAC_SHA_1_96:
- return EVP_sha1 ();
- case HMAC_SHA_256_128:
- return EVP_sha256 ();
- default:
- clib_warning ("unsupported encryption key type: %d!", key_id);
- break;
- }
- return 0;
-}
-
static int
queue_map_request (gid_address_t * seid, gid_address_t * deid,
u8 smr_invoked, u8 is_resend);
}
}
+ if (is_enable)
+ vnet_lisp_create_retry_process (lcm);
+
/* update global flag */
lcm->is_enabled = is_enable;
return recs;
}
+static vnet_crypto_alg_t
+lisp_key_type_to_crypto_alg (lisp_key_type_t key_id)
+{
+ switch (key_id)
+ {
+ case HMAC_SHA_1_96:
+ return VNET_CRYPTO_ALG_HMAC_SHA1;
+ case HMAC_SHA_256_128:
+ return VNET_CRYPTO_ALG_HMAC_SHA256;
+ default:
+ clib_warning ("unsupported encryption key type: %d!", key_id);
+ break;
+ }
+ return VNET_CRYPTO_ALG_NONE;
+}
+
+static vnet_crypto_op_id_t
+lisp_key_type_to_crypto_op (lisp_key_type_t key_id)
+{
+ switch (key_id)
+ {
+ case HMAC_SHA_1_96:
+ return VNET_CRYPTO_OP_SHA1_HMAC;
+ case HMAC_SHA_256_128:
+ return VNET_CRYPTO_OP_SHA256_HMAC;
+ default:
+ clib_warning ("unsupported encryption key type: %d!", key_id);
+ break;
+ }
+ return VNET_CRYPTO_OP_NONE;
+}
+
static int
update_map_register_auth_data (map_register_hdr_t * map_reg_hdr,
lisp_key_type_t key_id, u8 * key,
u16 auth_data_len, u32 msg_len)
{
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id);
MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len);
+ vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
+
+ vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
+ op->len = msg_len;
+ op->digest = MREG_DATA (map_reg_hdr);
+ op->src = (u8 *) map_reg_hdr;
+ op->digest_len = 0;
+ op->iv = 0;
+
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
+
+ op->key_index = ki;
- unsigned char *result = HMAC (get_encrypt_fcn (key_id), key, vec_len (key),
- (unsigned char *) map_reg_hdr, msg_len, NULL,
- NULL);
- clib_memcpy (MREG_DATA (map_reg_hdr), result, auth_data_len);
+ vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
return 0;
}
+ sizeof (*eth0));
arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
- clib_memcpy (arp0->ip4_over_ethernet[0].ethernet,
- (u8 *) & mac0, 6);
+ mac_address_from_u64 (&arp0->ip4_over_ethernet[0].mac, mac0);
clib_memcpy (&arp0->ip4_over_ethernet[0].ip4,
&gid_address_arp_ip4 (&dst), 4);
is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
lisp_key_type_t key_id, u8 * key)
{
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
u8 *auth_data = 0;
u16 auth_data_len;
int result;
+ vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
+ u8 out[EVP_MAX_MD_SIZE] = { 0, };
auth_data_len = auth_data_len_by_key_id (key_id);
if ((u16) ~ 0 == auth_data_len)
/* clear auth data */
clib_memset (MNOTIFY_DATA (h), 0, auth_data_len);
- /* get hash of the message */
- unsigned char *code = HMAC (get_encrypt_fcn (key_id), key, vec_len (key),
- (unsigned char *) h, msg_len, NULL, NULL);
+ vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
+ op->len = msg_len;
+ op->digest = out;
+ op->src = (u8 *) h;
+ op->digest_len = 0;
+ op->iv = 0;
+
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
+
+ op->key_index = ki;
+
+ vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
- result = memcmp (code, auth_data, auth_data_len);
+ result = memcmp (out, auth_data, auth_data_len);
vec_free (auth_data);
a->is_rloc_probe = MREP_RLOC_PROBE (mrep_hdr);
if (!vlib_buffer_has_space (b, sizeof (*mrep_hdr)))
{
- clib_mem_free (a);
+ map_records_arg_free (a);
return 0;
}
vlib_buffer_pull (b, sizeof (*mrep_hdr));
return lcm->flags & LISP_FLAG_STATS_ENABLED;
}
-/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (lisp_retry_service_node,static) = {
- .function = send_map_resolver_service,
- .type = VLIB_NODE_TYPE_PROCESS,
- .name = "lisp-retry-service",
- .process_log2_n_stack_bytes = 16,
-};
-/* *INDENT-ON* */
+void
+vnet_lisp_create_retry_process (lisp_cp_main_t * lcm)
+{
+ if (lcm->retry_service_index)
+ return;
+
+ lcm->retry_service_index = vlib_process_create (vlib_get_main (),
+ "lisp-retry-service",
+ send_map_resolver_service,
+ 16 /* stack_bytes */ );
+}
u32
vnet_lisp_set_transport_protocol (u8 protocol)