X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_decrypt.c;h=dfc86d47ace8ea0efd660633b7b018f55ead18ae;hb=e8915fc707a03260c05624425f9548d796c089fb;hp=de951d1dc85794fe77976178a97fb065eb357d62;hpb=92e93844826fc080ea7f3495ba3e06de3f4d03f1;p=vpp.git diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index de951d1dc85..dfc86d47ace 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -44,6 +44,7 @@ typedef enum _(INTEG_ERROR, "Integrity check failed") \ _(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \ _(REPLAY, "SA replayed packet") \ + _(RUNT, "undersized packet") \ _(CHAINED_BUFFER, "chained buffers (packet dropped)") \ _(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \ _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") @@ -177,7 +178,7 @@ esp_decrypt_inline (vlib_main_t * vm, payload = b[0]->data + pd->current_data; /* we need 4 extra bytes for HMAC calculation when ESN are used */ - if ((sa0->flags & IPSEC_SA_FLAG_USE_ESN) && pd->icv_sz && + if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz && (pd->current_data + pd->current_length + 4 > buffer_data_size)) { b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE]; @@ -193,25 +194,31 @@ esp_decrypt_inline (vlib_main_t * vm, goto next; } + if (pd->current_length < cpd.icv_sz + esp_sz + cpd.iv_sz) + { + b[0]->error = node->errors[ESP_DECRYPT_ERROR_RUNT]; + next[0] = ESP_DECRYPT_NEXT_DROP; + goto next; + } + len = pd->current_length - cpd.icv_sz; current_sa_pkts += 1; current_sa_bytes += pd->current_length; - if (PREDICT_TRUE (cpd.icv_sz > 0)) + if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE)) { vnet_crypto_op_t *op; vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES); vnet_crypto_op_init (op, sa0->integ_op_id); - op->key = sa0->integ_key.data; - op->key_len = sa0->integ_key.len; + op->key_index = sa0->integ_key_index; op->src = payload; op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK; op->user_data = b - bufs; op->digest = payload + len; op->digest_len = cpd.icv_sz; op->len = len; - if (PREDICT_TRUE (sa0->flags & IPSEC_SA_FLAG_USE_ESN)) + if (ipsec_sa_is_set_USE_ESN (sa0)) { /* shift ICV for 4 bytes to insert ESN */ u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi); @@ -219,7 +226,7 @@ esp_decrypt_inline (vlib_main_t * vm, clib_memcpy_fast (payload + len, &sa0->seq_hi, sz); clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE); op->len += sz; - op->dst += sz; + op->digest += sz; } } @@ -231,12 +238,41 @@ esp_decrypt_inline (vlib_main_t * vm, vnet_crypto_op_t *op; vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES); vnet_crypto_op_init (op, sa0->crypto_dec_op_id); - op->key = sa0->crypto_key.data; - op->key_len = sa0->crypto_key.len; + op->key_index = sa0->crypto_key_index; op->iv = payload; - op->iv_len = cpd.iv_sz; + + if (ipsec_sa_is_set_IS_AEAD (sa0)) + { + esp_header_t *esp0; + esp_aead_t *aad; + u8 *scratch; + + /* + * construct the AAD and the nonce (Salt || IV) in a scratch + * space in front of the IP header. + */ + scratch = payload - esp_sz; + esp0 = (esp_header_t *) (scratch); + + scratch -= (sizeof (*aad) + pd->hdr_sz); + op->aad = scratch; + + esp_aad_fill (op, esp0, sa0); + + /* + * we don't need to refer to the ESP header anymore so we + * can overwrite it with the salt and use the IV where it is + * to form the nonce = (Salt + IV) + */ + op->iv -= sizeof (sa0->salt); + clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt)); + op->iv_len = cpd.iv_sz + sizeof (sa0->salt); + + op->tag = payload + len; + op->tag_len = 16; + } op->src = op->dst = payload += cpd.iv_sz; - op->len = len; + op->len = len - cpd.iv_sz; op->user_data = b - bufs; } @@ -287,7 +323,7 @@ esp_decrypt_inline (vlib_main_t * vm, bi = op->user_data; if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC) - err = ESP_DECRYPT_ERROR_INTEG_ERROR; + err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED; else err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;