build: Allow ipsec-mb plugin to build with libipsec_mb 0.55

The 0.55 version of libipsec_mb does not support the chacha functions
used in the plugin.

The missing symobls are:
ipsecmb_ops_chacha_poly
ipsecmb_ops_chacha_poly_chained
IMB_CIPHER_DIRECTION

Check for ipsecmb_ops_chacha_poly() and conditionalise the chacha code
in the plugin on this.

ipsec_mb 0.55 is the version currently found in Debian Stable (bullseye)

Type: make
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I88c962ac4f99a58b5cd61fb9b75f692e27d4ec30

diff --git a/src/plugins/crypto_ipsecmb/CMakeLists.txt b/src/plugins/crypto_ipsecmb/CMakeLists.txt
index 981a045..fd9c972 100644 (file)
--- a/src/plugins/crypto_ipsecmb/CMakeLists.txt
+++ b/src/plugins/crypto_ipsecmb/CMakeLists.txt
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+include (CheckFunctionExists)
+
 if(NOT CMAKE_SYSTEM_PROCESSOR MATCHES "amd64.*|x86_64.*|AMD64.*")
   return()
 endif()
@@ -33,6 +35,14 @@ if(IPSECMB_INCLUDE_DIR AND IPSECMB_LIB)
                ${IPSECMB_LINK_FLAGS}
                )
 
+       check_function_exists(ipsecmb_ops_chacha_poly HAVE_IPSECMB_CHACHA_POLY)
+
+       if (HAVE_IPSECMB_CHACHA_POLY)
+               add_definitions(-DHAVE_IPSECMB_CHACHA_POLY)
+       else()
+               message(STATUS "Intel IPSecMB CHACHA support not found. Disabled")
+       endif()
+
        target_compile_options(crypto_ipsecmb_plugin PRIVATE "-march=silvermont" "-maes")
        message(STATUS "Intel IPSecMB found: ${IPSECMB_INCLUDE_DIR}")
 else()

diff --git a/src/plugins/crypto_ipsecmb/ipsecmb.c b/src/plugins/crypto_ipsecmb/ipsecmb.c
index ad5f7bf..93654da 100644 (file)
--- a/src/plugins/crypto_ipsecmb/ipsecmb.c
+++ b/src/plugins/crypto_ipsecmb/ipsecmb.c
@@ -426,6 +426,7 @@ ipsecmb_ops_gcm_cipher_dec_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[],  \
 foreach_ipsecmb_gcm_cipher_op;
 #undef _
 
+#ifdef HAVE_IPSECMB_CHACHA_POLY
 always_inline void
 ipsecmb_retire_aead_job (JOB_AES_HMAC *job, u32 *n_fail)
 {
@@ -662,6 +663,7 @@ ipsec_mb_ops_chacha_poly_dec_chained (vlib_main_t *vm, vnet_crypto_op_t *ops[],
   return ipsecmb_ops_chacha_poly_chained (vm, ops, chunks, n_ops,
                                          IMB_DIR_DECRYPT);
 }
+#endif
 
 clib_error_t *
 crypto_ipsecmb_iv_init (ipsecmb_main_t * imbm)
@@ -850,6 +852,7 @@ crypto_ipsecmb_init (vlib_main_t * vm)
   foreach_ipsecmb_gcm_cipher_op;
 #undef _
 
+#ifdef HAVE_IPSECMB_CHACHA_POLY
   vnet_crypto_register_ops_handler (vm, eidx,
                                    VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC,
                                    ipsecmb_ops_chacha_poly_enc);
@@ -864,6 +867,7 @@ crypto_ipsecmb_init (vlib_main_t * vm)
     ipsec_mb_ops_chacha_poly_dec_chained);
   ad = imbm->alg_data + VNET_CRYPTO_ALG_CHACHA20_POLY1305;
   ad->data_size = 0;
+#endif
 
   vnet_crypto_register_key_handler (vm, eidx, crypto_ipsecmb_key_handler);
   return (NULL);