X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_decrypt.c;h=e74c1bb908a2e6b9b27dc48a8dc308b9ad085729;hb=80f6fd53f;hp=3e09d9d74c223d34363da1f251e21d4b9d3d6f70;hpb=b4fff3a39715c3e405b92442026bfddc3be37b27;p=vpp.git

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 3e09d9d74c2..e74c1bb908a 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -157,7 +157,7 @@ esp_decrypt_inline (vlib_main_t * vm,
 	{
 	  current_sa_index = vnet_buffer (b[0])->ipsec.sad_index;
 	  sa0 = pool_elt_at_index (im->sad, current_sa_index);
-	  cpd.icv_sz = sa0->integ_trunc_size;
+	  cpd.icv_sz = sa0->integ_icv_size;
 	  cpd.iv_sz = sa0->crypto_iv_size;
 	  cpd.flags = sa0->flags;
 	  cpd.sa_index = current_sa_index;
@@ -177,7 +177,7 @@ esp_decrypt_inline (vlib_main_t * vm,
       payload = b[0]->data + pd->current_data;
 
       /* we need 4 extra bytes for HMAC calculation when ESN are used */
-      if ((sa0->flags & IPSEC_SA_FLAG_USE_ESN) && pd->icv_sz &&
+      if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz &&
 	  (pd->current_data + pd->current_length + 4 > buffer_data_size))
 	{
 	  b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE];
@@ -197,21 +197,21 @@ esp_decrypt_inline (vlib_main_t * vm,
       current_sa_pkts += 1;
       current_sa_bytes += pd->current_length;
 
-      if (PREDICT_TRUE (cpd.icv_sz > 0))
+      if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE))
 	{
 	  vnet_crypto_op_t *op;
 	  vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES);
 
-	  vnet_crypto_op_init (op, sa0->integ_op_type);
+	  vnet_crypto_op_init (op, sa0->integ_op_id);
 	  op->key = sa0->integ_key.data;
 	  op->key_len = sa0->integ_key.len;
 	  op->src = payload;
-	  op->hmac_trunc_len = cpd.icv_sz;
 	  op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
 	  op->user_data = b - bufs;
-	  op->dst = payload + len;
+	  op->digest = payload + len;
+	  op->digest_len = cpd.icv_sz;
 	  op->len = len;
-	  if (PREDICT_TRUE (sa0->flags & IPSEC_SA_FLAG_USE_ESN))
+	  if (ipsec_sa_is_set_USE_ESN (sa0))
 	    {
 	      /* shift ICV for 4 bytes to insert ESN */
 	      u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
@@ -219,22 +219,53 @@ esp_decrypt_inline (vlib_main_t * vm,
 	      clib_memcpy_fast (payload + len, &sa0->seq_hi, sz);
 	      clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE);
 	      op->len += sz;
-	      op->dst += sz;
+	      op->digest += sz;
 	    }
 	}
 
       payload += esp_sz;
       len -= esp_sz;
 
-      if (sa0->crypto_enc_op_type != VNET_CRYPTO_OP_NONE)
+      if (sa0->crypto_enc_op_id != VNET_CRYPTO_OP_NONE)
 	{
 	  vnet_crypto_op_t *op;
 	  vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
-	  vnet_crypto_op_init (op, sa0->crypto_dec_op_type);
+	  vnet_crypto_op_init (op, sa0->crypto_dec_op_id);
 	  op->key = sa0->crypto_key.data;
 	  op->iv = payload;
+
+	  if (ipsec_sa_is_set_IS_AEAD (sa0))
+	    {
+	      esp_header_t *esp0;
+	      esp_aead_t *aad;
+	      u8 *scratch;
+
+	      /*
+	       * construct the AAD and the nonce (Salt || IV) in a scratch
+	       * space in front of the IP header.
+	       */
+	      scratch = payload - esp_sz;
+	      esp0 = (esp_header_t *) (scratch);
+
+	      scratch -= (sizeof (*aad) + pd->hdr_sz);
+	      op->aad = scratch;
+
+	      esp_aad_fill (op, esp0, sa0);
+
+	      /*
+	       * we don't need to refer to the ESP header anymore so we
+	       * can overwrite it with the salt and use the IV where it is
+	       * to form the nonce = (Salt + IV)
+	       */
+	      op->iv -= sizeof (sa0->salt);
+	      clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt));
+	      op->iv_len = cpd.iv_sz + sizeof (sa0->salt);
+
+	      op->tag = payload + len;
+	      op->tag_len = 16;
+	    }
 	  op->src = op->dst = payload += cpd.iv_sz;
-	  op->len = len;
+	  op->len = len - cpd.iv_sz;
 	  op->user_data = b - bufs;
 	}
 
@@ -271,7 +302,6 @@ esp_decrypt_inline (vlib_main_t * vm,
 	  op++;
 	}
     }
-
   if ((n = vec_len (ptd->crypto_ops)))
     {
       vnet_crypto_op_t *op = ptd->crypto_ops;
@@ -281,8 +311,15 @@ esp_decrypt_inline (vlib_main_t * vm,
 	  ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops));
 	  if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
 	    {
-	      u32 bi = op->user_data;
-	      u32 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
+	      u32 err, bi;
+
+	      bi = op->user_data;
+
+	      if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
+		err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED;
+	      else
+		err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
+
 	      bufs[bi]->error = node->errors[err];
 	      nexts[bi] = ESP_DECRYPT_NEXT_DROP;
 	      n--;
@@ -396,7 +433,7 @@ esp_decrypt_inline (vlib_main_t * vm,
 	    }
 	}
 
-      if (vnet_buffer (b[0])->ipsec.flags & IPSEC_FLAG_IPSEC_GRE_TUNNEL)
+      if (PREDICT_FALSE (ipsec_sa_is_set_IS_GRE (sa0)))
 	next[0] = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
     trace: