#include <vnet/ethernet/packet.h>
#include <openssl/evp.h>
-#include <openssl/hmac.h>
+#include <vnet/crypto/crypto.h>
#define MAX_VALUE_U24 0xffffff
return (u16) ~ 0;
}
-static const EVP_MD *
-get_encrypt_fcn (lisp_key_type_t key_id)
-{
- switch (key_id)
- {
- case HMAC_SHA_1_96:
- return EVP_sha1 ();
- case HMAC_SHA_256_128:
- return EVP_sha256 ();
- default:
- clib_warning ("unsupported encryption key type: %d!", key_id);
- break;
- }
- return 0;
-}
-
static int
queue_map_request (gid_address_t * seid, gid_address_t * deid,
u8 smr_invoked, u8 is_resend);
{
prefix->fp_len = 32;
prefix->fp_proto = FIB_PROTOCOL_IP4;
- memset (&prefix->fp_addr.pad, 0, sizeof (prefix->fp_addr.pad));
+ clib_memset (&prefix->fp_addr.pad, 0, sizeof (prefix->fp_addr.pad));
memcpy (&prefix->fp_addr.ip4, &addr->ip, sizeof (prefix->fp_addr.ip4));
}
else
vnet_lisp_gpe_add_del_fwd_entry_args_t _a, *a = &_a;
fwd_entry_t *fe = 0;
uword *feip = 0;
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
feip = hash_get (lcm->fwd_entry_by_mapping_index, dst_map_index);
if (!feip)
lcl_addr))
continue;
- memset (&pair, 0, sizeof (pair));
+ clib_memset (&pair, 0, sizeof (pair));
ip_address_copy (&pair.rmt_loc,
&gid_address_ip (&rmt->address));
ip_address_copy (&pair.lcl_loc, lcl_addr);
u8 type, is_src_dst = 0;
int rv;
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
/* remove entry if it already exists */
feip = hash_get (lcm->fwd_entry_by_mapping_index, dst_map_index);
if (!rmts_stored_idxp)
{
pool_get (lcm->lcl_to_rmt_adjacencies, rmts);
- memset (rmts, 0, sizeof (*rmts));
+ clib_memset (rmts, 0, sizeof (*rmts));
rmts_idx = rmts - lcm->lcl_to_rmt_adjacencies;
hash_set (lcm->lcl_to_rmt_adjs_by_lcl_idx, src_map_index, rmts_idx);
}
{
fwd_entry_mt_arg_t a;
- memset (&a, 0, sizeof (a));
+ clib_memset (&a, 0, sizeof (a));
a.si = si;
a.di = di;
return -1;
}
- memset (ms, 0, sizeof (*ms));
+ clib_memset (ms, 0, sizeof (*ms));
ip_address_copy (&ms->address, addr);
vec_add1 (lcm->map_servers, ms[0]);
m->is_static = a->is_static;
m->key = vec_dup (a->key);
m->key_id = a->key_id;
+ m->authoritative = a->authoritative;
map_index = m - lcm->mapping_pool;
gid_dictionary_add_del (&lcm->mapping_index_by_gid, &a->eid, map_index,
gid_address_t *e;
remove_mapping_args_t a;
- memset (&a, 0, sizeof (a));
+ clib_memset (&a, 0, sizeof (a));
/* do this only in src/dst mode ... */
if (MR_MODE_SRC_DST != lcm->map_request_mode)
{
vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args;
- memset (adj_args, 0, sizeof (adj_args[0]));
+ clib_memset (adj_args, 0, sizeof (adj_args[0]));
gid_address_copy (&adj_args->reid, e);
adj_args->is_add = 0;
if (vnet_lisp_add_del_adjacency (adj_args))
if (is_updated)
is_updated[0] = 0;
- memset (ls_args, 0, sizeof (ls_args[0]));
+ clib_memset (ls_args, 0, sizeof (ls_args[0]));
ls_args->locators = rlocs;
mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &a->eid);
mapping_t *old_map;
u32 mi;
- memset (ls_args, 0, sizeof (ls_args[0]));
- memset (m_args, 0, sizeof (m_args[0]));
+ clib_memset (ls_args, 0, sizeof (ls_args[0]));
+ clib_memset (m_args, 0, sizeof (m_args[0]));
if (res_map_index)
res_map_index[0] = ~0;
locator_set_index = p[0];
pool_get (lcm->mapping_pool, m);
- memset (m, 0, sizeof *m);
+ clib_memset (m, 0, sizeof *m);
m->locator_set_index = locator_set_index;
m->local = 1;
m->nsh_set = 1;
return VNET_API_ERROR_LISP_DISABLED;
}
- memset (ls_args, 0, sizeof (*ls_args));
+ clib_memset (ls_args, 0, sizeof (*ls_args));
if (is_add)
{
/* Create dummy petr locator-set */
- memset (&loc, 0, sizeof (loc));
+ clib_memset (&loc, 0, sizeof (loc));
gid_address_from_ip (&loc.address, ip);
loc.priority = 1;
loc.state = loc.weight = 1;
uword *fei = 0, *rmts_idxp = 0;
u32 **rmts = 0, *remote_idxp = 0, *rmts_copy = 0;
vnet_lisp_add_del_adjacency_args_t _a, *a = &_a;
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
map = pool_elt_at_index (lcm->mapping_pool, mapping_index);
else
{
pool_get (lcm->locator_set_pool, ls);
- memset (ls, 0, sizeof (*ls));
+ clib_memset (ls, 0, sizeof (*ls));
ls_index = ls - lcm->locator_set_pool;
if (a->local)
return -1;
}
- memset (mr, 0, sizeof (*mr));
+ clib_memset (mr, 0, sizeof (*mr));
ip_address_copy (&mr->address, &a->address);
vec_add1 (lcm->map_resolvers, *mr);
ip_prefix_t *ippref = &gid_address_ippref (gid);
ip_address_t *rloc = &ip_prefix_addr (ippref);
- memset (gid, 0, sizeof (gid[0]));
+ clib_memset (gid, 0, sizeof (gid[0]));
gid_address_type (gid) = GID_ADDR_IP_PREFIX;
for (i = 0; i < vec_len (loc_set->locator_indices); i++)
{
&& GID_ADDR_SRC_DST != gid_address_type (deid))
{
gid_address_t sd;
- memset (&sd, 0, sizeof (sd));
+ clib_memset (&sd, 0, sizeof (sd));
build_src_dst (&sd, seid, deid);
lisp_msg_put_mreq (lcm, b, seid, &sd, rlocs, is_smr_invoked,
0 /* rloc probe */ , nonce_res);
return recs;
}
+static vnet_crypto_alg_t
+lisp_key_type_to_crypto_alg (lisp_key_type_t key_id)
+{
+ switch (key_id)
+ {
+ case HMAC_SHA_1_96:
+ return VNET_CRYPTO_ALG_HMAC_SHA1;
+ case HMAC_SHA_256_128:
+ return VNET_CRYPTO_ALG_HMAC_SHA256;
+ default:
+ clib_warning ("unsupported encryption key type: %d!", key_id);
+ break;
+ }
+ return VNET_CRYPTO_ALG_NONE;
+}
+
+static vnet_crypto_op_id_t
+lisp_key_type_to_crypto_op (lisp_key_type_t key_id)
+{
+ switch (key_id)
+ {
+ case HMAC_SHA_1_96:
+ return VNET_CRYPTO_OP_SHA1_HMAC;
+ case HMAC_SHA_256_128:
+ return VNET_CRYPTO_OP_SHA256_HMAC;
+ default:
+ clib_warning ("unsupported encryption key type: %d!", key_id);
+ break;
+ }
+ return VNET_CRYPTO_OP_NONE;
+}
+
static int
update_map_register_auth_data (map_register_hdr_t * map_reg_hdr,
lisp_key_type_t key_id, u8 * key,
u16 auth_data_len, u32 msg_len)
{
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id);
MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len);
+ vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
+
+ vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
+ op->len = msg_len;
+ op->digest = MREG_DATA (map_reg_hdr);
+ op->src = (u8 *) map_reg_hdr;
+ op->digest_len = 0;
+ op->iv = 0;
+
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
+
+ op->key_index = ki;
- unsigned char *result = HMAC (get_encrypt_fcn (key_id), key, vec_len (key),
- (unsigned char *) map_reg_hdr, msg_len, NULL,
- NULL);
- clib_memcpy (MREG_DATA (map_reg_hdr), result, auth_data_len);
+ vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
return 0;
}
map_registers_sent++;
pool_get (lcm->pending_map_registers_pool, pmr);
- memset (pmr, 0, sizeof (*pmr));
+ clib_memset (pmr, 0, sizeof (*pmr));
pmr->time_to_expire = PENDING_MREG_EXPIRATION_TIME;
hash_set (lcm->map_register_messages_by_nonce, nonce,
pmr - lcm->pending_map_registers_pool);
{
/* add map-request to pending requests table */
pool_get (lcm->pending_map_requests_pool, pmr);
- memset (pmr, 0, sizeof (*pmr));
+ clib_memset (pmr, 0, sizeof (*pmr));
gid_address_copy (&pmr->src, seid);
gid_address_copy (&pmr->dst, deid);
clib_fifo_add1 (pmr->nonces, nonce);
u32 vni = 0;
icmp6_neighbor_discovery_ethernet_link_layer_address_option_t *opt;
- memset (src, 0, sizeof (*src));
- memset (dst, 0, sizeof (*dst));
+ clib_memset (src, 0, sizeof (*src));
+ clib_memset (dst, 0, sizeof (*dst));
gid_address_type (dst) = GID_ADDR_NO_ADDRESS;
gid_address_type (src) = GID_ADDR_NO_ADDRESS;
if (clib_net_to_host_u16 (ah->opcode)
!= ETHERNET_ARP_OPCODE_request)
{
- memset (&gid_address_arp_ndp_ip (dst), 0,
- sizeof (ip_address_t));
+ clib_memset (&gid_address_arp_ndp_ip (dst), 0,
+ sizeof (ip_address_t));
ip_addr_version (&gid_address_arp_ndp_ip (dst)) = IP4;
gid_address_arp_ndp_bd (dst) = ~0;
return;
ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address)
|| (opt->header.n_data_u64s != 1))
{
- memset (&gid_address_arp_ndp_ip (dst), 0,
- sizeof (ip_address_t));
+ clib_memset (&gid_address_arp_ndp_ip (dst), 0,
+ sizeof (ip_address_t));
ip_addr_version (&gid_address_arp_ndp_ip (dst)) =
IP6;
gid_address_arp_ndp_bd (dst) = ~0;
+ sizeof (*eth0));
arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
- clib_memcpy (arp0->ip4_over_ethernet[0].ethernet,
- (u8 *) & mac0, 6);
+ mac_address_from_u64 (&arp0->ip4_over_ethernet[0].mac, mac0);
clib_memcpy (&arp0->ip4_over_ethernet[0].ip4,
&gid_address_arp_ip4 (&dst), 4);
lisp_cp_lookup_trace_t *tr = vlib_add_trace (vm, node, b0,
sizeof (*tr));
- memset (tr, 0, sizeof (*tr));
+ clib_memset (tr, 0, sizeof (*tr));
gid_address_copy (&tr->dst_eid, &dst);
ip_address_copy (&tr->map_resolver_ip,
&lcm->active_map_resolver);
{
mapping_t *m;
vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args;
- memset (adj_args, 0, sizeof (adj_args[0]));
+ clib_memset (adj_args, 0, sizeof (adj_args[0]));
m = pool_elt_at_index (lcm->mapping_pool, mi);
fe = pool_elt_at_index (lcm->fwd_entry_pool, fei[0]);
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
a->rmt_eid = fe->reid;
if (fe->is_src_dst)
a->lcl_eid = fe->leid;
{
/* mapping is in use, re-fetch */
map_request_args_t mr_args;
- memset (&mr_args, 0, sizeof (mr_args));
+ clib_memset (&mr_args, 0, sizeof (mr_args));
mr_args.seid = fe->leid;
mr_args.deid = fe->reid;
vec_foreach (m, a->mappings)
{
vnet_lisp_add_del_mapping_args_t _m_args, *m_args = &_m_args;
- memset (m_args, 0, sizeof (m_args[0]));
+ clib_memset (m_args, 0, sizeof (m_args[0]));
gid_address_copy (&m_args->eid, &m->eid);
m_args->action = m->action;
m_args->authoritative = m->authoritative;
{
/* try to program forwarding only if mapping saved or updated */
vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args;
- memset (adj_args, 0, sizeof (adj_args[0]));
+ clib_memset (adj_args, 0, sizeof (adj_args[0]));
gid_address_copy (&adj_args->leid, &pmr->src);
gid_address_copy (&adj_args->reid, &m->eid);
is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
lisp_key_type_t key_id, u8 * key)
{
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
u8 *auth_data = 0;
u16 auth_data_len;
int result;
+ vnet_crypto_op_t _op, *op = &_op;
+ vnet_crypto_key_index_t ki;
+ u8 out[EVP_MAX_MD_SIZE] = { 0, };
auth_data_len = auth_data_len_by_key_id (key_id);
if ((u16) ~ 0 == auth_data_len)
clib_memcpy (auth_data, MNOTIFY_DATA (h), auth_data_len);
/* clear auth data */
- memset (MNOTIFY_DATA (h), 0, auth_data_len);
+ clib_memset (MNOTIFY_DATA (h), 0, auth_data_len);
+
+ vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
+ op->len = msg_len;
+ op->digest = out;
+ op->src = (u8 *) h;
+ op->digest_len = 0;
+ op->iv = 0;
+
+ ki = vnet_crypto_key_add (lcm->vlib_main,
+ lisp_key_type_to_crypto_alg (key_id), key,
+ vec_len (key));
- /* get hash of the message */
- unsigned char *code = HMAC (get_encrypt_fcn (key_id), key, vec_len (key),
- (unsigned char *) h, msg_len, NULL, NULL);
+ op->key_index = ki;
- result = memcmp (code, auth_data, auth_data_len);
+ vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+ vnet_crypto_key_del (lcm->vlib_main, ki);
+
+ result = memcmp (out, auth_data, auth_data_len);
vec_free (auth_data);
mapping_t m;
locator_t *loc;
- memset (&m, 0, sizeof (m));
+ clib_memset (&m, 0, sizeof (m));
/* parse record eid */
for (i = 0; i < count; i++)
map_records_arg_t *a;
a = map_record_args_get ();
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
mnotif_hdr = vlib_buffer_get_current (b);
vlib_buffer_pull (b, sizeof (*mnotif_hdr));
- memset (&deid, 0, sizeof (deid));
+ clib_memset (&deid, 0, sizeof (deid));
a->nonce = MNOTIFY_NONCE (mnotif_hdr);
key_id = clib_net_to_host_u16 (MNOTIFY_KEY_ID (mnotif_hdr));
vec_add1 (records, m[0]);
add_locators (lcm, &records[0], m->locator_set_index, probed_loc);
- memset (&src, 0, sizeof (src));
+ clib_memset (&src, 0, sizeof (src));
if (!ip_fib_get_first_egress_ip_for_dst (lcm, dst, &src))
{
/* parse eid records and send SMR-invoked map-requests */
for (i = 0; i < MREQ_REC_COUNT (mreq_hdr); i++)
{
- memset (&dst, 0, sizeof (dst));
+ clib_memset (&dst, 0, sizeof (dst));
len = lisp_msg_parse_eid_rec (b, &dst);
if (len == ~0)
{
goto done;
}
rloc_probe_recv++;
- memset (&m, 0, sizeof (m));
+ clib_memset (&m, 0, sizeof (m));
u32 mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &dst);
// TODO: select best locator; for now use the first one
map_records_arg_t *a;
a = map_record_args_get ();
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
locator_t *locators;
for (i = 0; i < MREP_REC_COUNT (mrep_hdr); i++)
{
- memset (&m, 0, sizeof (m));
+ clib_memset (&m, 0, sizeof (m));
locators = 0;
h = vlib_buffer_get_current (b);
lcm->flags = 0;
lcm->pitr_map_index = ~0;
lcm->petr_map_index = ~0;
- memset (&lcm->active_map_resolver, 0, sizeof (lcm->active_map_resolver));
- memset (&lcm->active_map_server, 0, sizeof (lcm->active_map_server));
+ clib_memset (&lcm->active_map_resolver, 0,
+ sizeof (lcm->active_map_resolver));
+ clib_memset (&lcm->active_map_server, 0, sizeof (lcm->active_map_server));
gid_dictionary_init (&lcm->mapping_index_by_gid);
lcm->do_map_resolver_election = 1;
hash_set (lcm->table_id_by_vni, 0, 0);
hash_set (lcm->vni_by_table_id, 0, 0);
- lisp_cp_register_dst_port (vm);
-
u64 now = clib_cpu_time_now ();
timing_wheel_init (&lcm->wheel, now, vm->clib_time.clocks_per_second);
lcm->nsh_map_index = ~0;
const lisp_gpe_tunnel_t *lgt;
fwd_entry_t *fe;
- memset (stat, 0, sizeof (*stat));
- memset (&fwd_key, 0, sizeof (fwd_key));
+ clib_memset (stat, 0, sizeof (*stat));
+ clib_memset (&fwd_key, 0, sizeof (fwd_key));
fe = pool_elt_at_index (lcm->fwd_entry_pool, key->fwd_entry_index);
ASSERT (fe != 0);