}
always_inline void
-esp_decrypt_aes_cbc (ipsec_crypto_alg_t alg,
- u8 * in, u8 * out, size_t in_len, u8 * key, u8 * iv)
+esp_decrypt_cbc (ipsec_crypto_alg_t alg,
+ u8 * in, u8 * out, size_t in_len, u8 * key, u8 * iv)
{
- esp_main_t *em = &esp_main;
- u32 cpu_index = os_get_cpu_number ();
- EVP_CIPHER_CTX *ctx = &(em->per_thread_data[cpu_index].decrypt_ctx);
+ ipsec_proto_main_t *em = &ipsec_proto_main;
+ u32 thread_index = vlib_get_thread_index ();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_CIPHER_CTX *ctx = em->per_thread_data[thread_index].decrypt_ctx;
+#else
+ EVP_CIPHER_CTX *ctx = &(em->per_thread_data[thread_index].decrypt_ctx);
+#endif
const EVP_CIPHER *cipher = NULL;
int out_len;
ASSERT (alg < IPSEC_CRYPTO_N_ALG);
- if (PREDICT_FALSE (em->esp_crypto_algs[alg].type == 0))
+ if (PREDICT_FALSE (em->ipsec_proto_main_crypto_algs[alg].type == 0))
return;
- if (PREDICT_FALSE (alg != em->per_thread_data[cpu_index].last_decrypt_alg))
+ if (PREDICT_FALSE
+ (alg != em->per_thread_data[thread_index].last_decrypt_alg))
{
- cipher = em->esp_crypto_algs[alg].type;
- em->per_thread_data[cpu_index].last_decrypt_alg = alg;
+ cipher = em->ipsec_proto_main_crypto_algs[alg].type;
+ em->per_thread_data[thread_index].last_decrypt_alg = alg;
}
EVP_DecryptInit_ex (ctx, cipher, NULL, key, iv);
{
u32 n_left_from, *from, next_index, *to_next;
ipsec_main_t *im = &ipsec_main;
- esp_main_t *em = &esp_main;
+ ipsec_proto_main_t *em = &ipsec_proto_main;
u32 *recycle = 0;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
- u32 cpu_index = os_get_cpu_number ();
+ u32 thread_index = vlib_get_thread_index ();
ipsec_alloc_empty_buffers (vm, im);
- u32 *empty_buffers = im->empty_buffers[cpu_index];
+ u32 *empty_buffers = im->empty_buffers[thread_index];
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
}
}
+ sa0->total_data_size += i_b0->current_length;
+
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
- int icv_size = em->esp_integ_algs[sa0->integ_alg].trunc_size;
+ int icv_size =
+ em->ipsec_proto_main_integ_algs[sa0->integ_alg].trunc_size;
memset (sig, 0, sizeof (sig));
u8 *icv =
vlib_buffer_get_current (i_b0) + i_b0->current_length -
/* add old buffer to the recycle list */
vec_add1 (recycle, i_bi0);
- if (sa0->crypto_alg >= IPSEC_CRYPTO_ALG_AES_CBC_128 &&
- sa0->crypto_alg <= IPSEC_CRYPTO_ALG_AES_CBC_256)
+ if ((sa0->crypto_alg >= IPSEC_CRYPTO_ALG_AES_CBC_128 &&
+ sa0->crypto_alg <= IPSEC_CRYPTO_ALG_AES_CBC_256) ||
+ (sa0->crypto_alg >= IPSEC_CRYPTO_ALG_DES_CBC &&
+ sa0->crypto_alg <= IPSEC_CRYPTO_ALG_3DES_CBC))
{
- const int BLOCK_SIZE = 16;
- const int IV_SIZE = 16;
+ const int BLOCK_SIZE =
+ em->ipsec_proto_main_crypto_algs[sa0->crypto_alg].block_size;;
+ const int IV_SIZE =
+ em->ipsec_proto_main_crypto_algs[sa0->crypto_alg].iv_size;
esp_footer_t *f0;
u8 ip_hdr_size = 0;
}
}
- esp_decrypt_aes_cbc (sa0->crypto_alg,
- esp0->data + IV_SIZE,
- (u8 *) vlib_buffer_get_current (o_b0) +
- ip_hdr_size, BLOCK_SIZE * blocks,
- sa0->crypto_key, esp0->data);
+ esp_decrypt_cbc (sa0->crypto_alg,
+ esp0->data + IV_SIZE,
+ (u8 *) vlib_buffer_get_current (o_b0) +
+ ip_hdr_size, BLOCK_SIZE * blocks,
+ sa0->crypto_key, esp0->data);
- o_b0->current_length = (blocks * 16) - 2 + ip_hdr_size;
+ o_b0->current_length = (blocks * BLOCK_SIZE) - 2 + ip_hdr_size;
o_b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
f0 =
(esp_footer_t *) ((u8 *) vlib_buffer_get_current (o_b0) +
next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
+ vnet_buffer (o_b0)->sw_if_index[VLIB_RX] =
+ vnet_buffer (i_b0)->sw_if_index[VLIB_RX];
}
trace:
Code Review / vpp.git / blobdiff