X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_decrypt.c;h=d2365fce2d84d758b15e5d1a61518caaeb913eba;hb=47feb1146ec3b0e1cf2ebd83cd5211e1df261194;hp=7737d186865f3d98d50f8f8ebfdbf0885dc3cca8;hpb=7c22ff72aa54d15484fdc70e0c1b8a9ec5e880e0;p=vpp.git diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 7737d186865..d2365fce2d8 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -177,7 +177,7 @@ esp_decrypt_inline (vlib_main_t * vm, payload = b[0]->data + pd->current_data; /* we need 4 extra bytes for HMAC calculation when ESN are used */ - if ((sa0->flags & IPSEC_SA_FLAG_USE_ESN) && pd->icv_sz && + if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz && (pd->current_data + pd->current_length + 4 > buffer_data_size)) { b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE]; @@ -197,21 +197,21 @@ esp_decrypt_inline (vlib_main_t * vm, current_sa_pkts += 1; current_sa_bytes += pd->current_length; - if (PREDICT_TRUE (cpd.icv_sz > 0)) + if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE)) { vnet_crypto_op_t *op; vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES); - vnet_crypto_op_init (op, sa0->integ_op_type); + vnet_crypto_op_init (op, sa0->integ_op_id); op->key = sa0->integ_key.data; op->key_len = sa0->integ_key.len; op->src = payload; - op->hmac_trunc_len = cpd.icv_sz; op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK; op->user_data = b - bufs; - op->dst = payload + len; + op->digest = payload + len; + op->digest_len = cpd.icv_sz; op->len = len; - if (PREDICT_TRUE (sa0->flags & IPSEC_SA_FLAG_USE_ESN)) + if (ipsec_sa_is_set_USE_ESN (sa0)) { /* shift ICV for 4 bytes to insert ESN */ u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi); @@ -219,22 +219,55 @@ esp_decrypt_inline (vlib_main_t * vm, clib_memcpy_fast (payload + len, &sa0->seq_hi, sz); clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE); op->len += sz; - op->dst += sz; + op->digest += sz; } } payload += esp_sz; len -= esp_sz; - if (sa0->crypto_enc_op_type != VNET_CRYPTO_OP_NONE) + if (sa0->crypto_enc_op_id != VNET_CRYPTO_OP_NONE) { vnet_crypto_op_t *op; vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES); - vnet_crypto_op_init (op, sa0->crypto_dec_op_type); + vnet_crypto_op_init (op, sa0->crypto_dec_op_id); op->key = sa0->crypto_key.data; op->iv = payload; + + if (ipsec_sa_is_set_IS_AEAD (sa0)) + { + esp_header_t *esp0; + esp_aead_t *aad; + u8 *scratch; + u32 salt; + + /* + * construct the AAD and the nonce (Salt || IV) in a scratch + * space in front of the IP header. + */ + scratch = payload - esp_sz; + esp0 = (esp_header_t *) (scratch); + + scratch -= (sizeof (*aad) + pd->hdr_sz); + op->aad = scratch; + + esp_aad_fill (op, esp0, sa0); + + /* + * we don't need to refer to the ESP header anymore so we + * can overwrite it with the salt and use the IV where it is + * to form the nonce = (Salt + IV) + */ + salt = clib_host_to_net_u32 (sa0->salt); + op->iv -= sizeof (sa0->salt); + clib_memcpy_fast (op->iv, &salt, sizeof (sa0->salt)); + op->iv_len = cpd.iv_sz + sizeof (sa0->salt); + + op->tag = payload + len; + op->tag_len = 16; + } op->src = op->dst = payload += cpd.iv_sz; - op->len = len; + op->len = len - cpd.iv_sz; op->user_data = b - bufs; } @@ -271,7 +304,6 @@ esp_decrypt_inline (vlib_main_t * vm, op++; } } - if ((n = vec_len (ptd->crypto_ops))) { vnet_crypto_op_t *op = ptd->crypto_ops; @@ -281,8 +313,15 @@ esp_decrypt_inline (vlib_main_t * vm, ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops)); if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED) { - u32 bi = op->user_data; - u32 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR; + u32 err, bi; + + bi = op->user_data; + + if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC) + err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED; + else + err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR; + bufs[bi]->error = node->errors[err]; nexts[bi] = ESP_DECRYPT_NEXT_DROP; n--;