FD.io VPP  v19.08-27-gf4dcae4
Vector Packet Processing
ipsecmb.c
Go to the documentation of this file.
1 /*
2  * ipsecmb.c - Intel IPSec Multi-buffer library Crypto Engine
3  *
4  * Copyright (c) 2019 Cisco Systemss
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <fcntl.h>
19 
20 #include <intel-ipsec-mb.h>
21 
22 #include <vnet/vnet.h>
23 #include <vnet/plugin/plugin.h>
24 #include <vpp/app/version.h>
25 #include <vnet/crypto/crypto.h>
26 #include <vppinfra/cpu.h>
27 
28 #define HMAC_MAX_BLOCK_SIZE SHA_512_BLOCK_SIZE
29 #define EXPANDED_KEY_N_BYTES (16 * 15)
30 
31 typedef struct
32 {
33  MB_MGR *mgr;
34  __m128i cbc_iv;
36 
37 typedef struct
38 {
41  aes_gcm_pre_t aes_gcm_pre;
42  keyexp_t keyexp;
43  hash_one_block_t hash_one_block;
44  hash_fn_t hash_fn;
46 
47 typedef struct ipsecmb_main_t_
48 {
51  void **key_data;
53 
54 typedef struct
55 {
56  u8 enc_key_exp[EXPANDED_KEY_N_BYTES];
57  u8 dec_key_exp[EXPANDED_KEY_N_BYTES];
59 
60 static ipsecmb_main_t ipsecmb_main = { };
61 
62 /*
63  * (Alg, JOB_HASH_ALG, fn, block-size-bytes, hash-size-bytes, digest-size-bytes)
64  */
65 #define foreach_ipsecmb_hmac_op \
66  _(SHA1, SHA1, sha1, 64, 20, 20) \
67  _(SHA224, SHA_224, sha224, 64, 32, 28) \
68  _(SHA256, SHA_256, sha256, 64, 32, 32) \
69  _(SHA384, SHA_384, sha384, 128, 64, 48) \
70  _(SHA512, SHA_512, sha512, 128, 64, 64)
71 
72 /*
73  * (Alg, key-len-bits)
74  */
75 #define foreach_ipsecmb_cbc_cipher_op \
76  _(AES_128_CBC, 128) \
77  _(AES_192_CBC, 192) \
78  _(AES_256_CBC, 256)
79 
80 /*
81  * (Alg, key-len-bytes, iv-len-bytes)
82  */
83 #define foreach_ipsecmb_gcm_cipher_op \
84  _(AES_128_GCM, 128) \
85  _(AES_192_GCM, 192) \
86  _(AES_256_GCM, 256)
87 
88 always_inline void
89 ipsecmb_retire_hmac_job (JOB_AES_HMAC * job, u32 * n_fail, u32 digest_size)
90 {
91  vnet_crypto_op_t *op = job->user_data;
92  u32 len = op->digest_len ? op->digest_len : digest_size;
93 
94  if (STS_COMPLETED != job->status)
95  {
96  op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
97  *n_fail = *n_fail + 1;
98  return;
99  }
100 
102  {
103  if ((memcmp (op->digest, job->auth_tag_output, len)))
104  {
105  *n_fail = *n_fail + 1;
106  op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
107  return;
108  }
109  }
110  else if (len == digest_size)
111  clib_memcpy_fast (op->digest, job->auth_tag_output, digest_size);
112  else
113  clib_memcpy_fast (op->digest, job->auth_tag_output, len);
114 
115  op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
116 }
117 
120  u32 n_ops, u32 block_size, u32 hash_size,
121  u32 digest_size, JOB_HASH_ALG alg)
122 {
123  ipsecmb_main_t *imbm = &ipsecmb_main;
125  vm->thread_index);
126  JOB_AES_HMAC *job;
127  u32 i, n_fail = 0;
128  u8 scratch[n_ops][digest_size];
129 
130  /*
131  * queue all the jobs first ...
132  */
133  for (i = 0; i < n_ops; i++)
134  {
135  vnet_crypto_op_t *op = ops[i];
136  u8 *kd = (u8 *) imbm->key_data[op->key_index];
137 
138  job = IMB_GET_NEXT_JOB (ptd->mgr);
139 
140  job->src = op->src;
141  job->hash_start_src_offset_in_bytes = 0;
142  job->msg_len_to_hash_in_bytes = op->len;
143  job->hash_alg = alg;
144  job->auth_tag_output_len_in_bytes = digest_size;
145  job->auth_tag_output = scratch[i];
146 
147  job->cipher_mode = NULL_CIPHER;
148  job->cipher_direction = DECRYPT;
149  job->chain_order = HASH_CIPHER;
150 
151  job->u.HMAC._hashed_auth_key_xor_ipad = kd;
152  job->u.HMAC._hashed_auth_key_xor_opad = kd + hash_size;
153  job->user_data = op;
154 
155  job = IMB_SUBMIT_JOB (ptd->mgr);
156 
157  if (job)
158  ipsecmb_retire_hmac_job (job, &n_fail, digest_size);
159  }
160 
161  while ((job = IMB_FLUSH_JOB (ptd->mgr)))
162  ipsecmb_retire_hmac_job (job, &n_fail, digest_size);
163 
164  return n_ops - n_fail;
165 }
166 
167 #define _(a, b, c, d, e, f) \
168 static_always_inline u32 \
169 ipsecmb_ops_hmac_##a (vlib_main_t * vm, \
170  vnet_crypto_op_t * ops[], \
171  u32 n_ops) \
172 { return ipsecmb_ops_hmac_inline (vm, ops, n_ops, d, e, f, b); } \
173 
175 #undef _
176 
177 always_inline void
178 ipsecmb_retire_cipher_job (JOB_AES_HMAC * job, u32 * n_fail)
179 {
180  vnet_crypto_op_t *op = job->user_data;
181 
182  if (STS_COMPLETED != job->status)
183  {
184  op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
185  *n_fail = *n_fail + 1;
186  }
187  else
188  op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
189 }
190 
193  u32 n_ops, u32 key_len,
194  JOB_CIPHER_DIRECTION direction)
195 {
196  ipsecmb_main_t *imbm = &ipsecmb_main;
198  vm->thread_index);
199  JOB_AES_HMAC *job;
200  u32 i, n_fail = 0;
201 
202  for (i = 0; i < n_ops; i++)
203  {
205  vnet_crypto_op_t *op = ops[i];
206  kd = (ipsecmb_aes_cbc_key_data_t *) imbm->key_data[op->key_index];
207  __m128i iv;
208 
209  job = IMB_GET_NEXT_JOB (ptd->mgr);
210 
211  job->src = op->src;
212  job->dst = op->dst;
213  job->msg_len_to_cipher_in_bytes = op->len;
214  job->cipher_start_src_offset_in_bytes = 0;
215 
216  job->hash_alg = NULL_HASH;
217  job->cipher_mode = CBC;
218  job->cipher_direction = direction;
219  job->chain_order = (direction == ENCRYPT ? CIPHER_HASH : HASH_CIPHER);
220 
221  if ((direction == ENCRYPT) && (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV))
222  {
223  iv = ptd->cbc_iv;
224  _mm_storeu_si128 ((__m128i *) op->iv, iv);
225  ptd->cbc_iv = _mm_aesenc_si128 (iv, iv);
226  }
227 
228  job->aes_key_len_in_bytes = key_len / 8;
229  job->aes_enc_key_expanded = kd->enc_key_exp;
230  job->aes_dec_key_expanded = kd->dec_key_exp;
231  job->iv = op->iv;
232  job->iv_len_in_bytes = AES_BLOCK_SIZE;
233 
234  job->user_data = op;
235 
236  job = IMB_SUBMIT_JOB (ptd->mgr);
237 
238  if (job)
239  ipsecmb_retire_cipher_job (job, &n_fail);
240  }
241 
242  while ((job = IMB_FLUSH_JOB (ptd->mgr)))
243  ipsecmb_retire_cipher_job (job, &n_fail);
244 
245  return n_ops - n_fail;
246 }
247 
248 #define _(a, b) \
249 static_always_inline u32 \
250 ipsecmb_ops_cbc_cipher_enc_##a (vlib_main_t * vm, \
251  vnet_crypto_op_t * ops[], \
252  u32 n_ops) \
253 { return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, ENCRYPT); } \
254  \
255 static_always_inline u32 \
256 ipsecmb_ops_cbc_cipher_dec_##a (vlib_main_t * vm, \
257  vnet_crypto_op_t * ops[], \
258  u32 n_ops) \
259 { return ipsecmb_ops_cbc_cipher_inline (vm, ops, n_ops, b, DECRYPT); } \
260 
262 #undef _
263 
264 always_inline void
265 ipsecmb_retire_gcm_cipher_job (JOB_AES_HMAC * job,
266  u32 * n_fail, JOB_CIPHER_DIRECTION direction)
267 {
268  vnet_crypto_op_t *op = job->user_data;
269 
270  if (STS_COMPLETED != job->status)
271  {
272  op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
273  *n_fail = *n_fail + 1;
274  return;
275  }
276  else
277  op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
278 
279  if (DECRYPT == direction)
280  {
281  if ((memcmp (op->tag, job->auth_tag_output, op->tag_len)))
282  {
283  *n_fail = *n_fail + 1;
284  op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
285  }
286  }
287 }
288 
291  u32 n_ops, u32 key_len,
292  JOB_CIPHER_DIRECTION direction)
293 {
294  ipsecmb_main_t *imbm = &ipsecmb_main;
296  vm->thread_index);
297  JOB_AES_HMAC *job;
298  u32 i, n_fail = 0;
299  u8 scratch[n_ops][64];
300 
301  /*
302  * queue all the jobs first ...
303  */
304  for (i = 0; i < n_ops; i++)
305  {
306  struct gcm_key_data *kd;
307  vnet_crypto_op_t *op = ops[i];
308  kd = (struct gcm_key_data *) imbm->key_data[op->key_index];
309 
310  job = IMB_GET_NEXT_JOB (ptd->mgr);
311 
312  job->src = op->src;
313  job->dst = op->dst;
314  job->msg_len_to_cipher_in_bytes = op->len;
315  job->cipher_start_src_offset_in_bytes = 0;
316 
317  job->hash_alg = AES_GMAC;
318  job->cipher_mode = GCM;
319  job->cipher_direction = direction;
320  job->chain_order = (direction == ENCRYPT ? CIPHER_HASH : HASH_CIPHER);
321 
322  job->iv = op->iv;
323  job->aes_key_len_in_bytes = key_len / 8;
324  job->aes_enc_key_expanded = kd;
325  job->aes_dec_key_expanded = kd;
326  job->iv_len_in_bytes = 12;
327 
328  job->u.GCM.aad = op->aad;
329  job->u.GCM.aad_len_in_bytes = op->aad_len;
330  job->auth_tag_output_len_in_bytes = op->tag_len;
331  if (DECRYPT == direction)
332  job->auth_tag_output = scratch[i];
333  else
334  job->auth_tag_output = op->tag;
335  job->user_data = op;
336 
337  job = IMB_SUBMIT_JOB (ptd->mgr);
338 
339  if (job)
340  ipsecmb_retire_gcm_cipher_job (job, &n_fail, direction);
341  }
342 
343  while ((job = IMB_FLUSH_JOB (ptd->mgr)))
344  ipsecmb_retire_gcm_cipher_job (job, &n_fail, direction);
345 
346  return n_ops - n_fail;
347 }
348 
349 #define _(a, b) \
350 static_always_inline u32 \
351 ipsecmb_ops_gcm_cipher_enc_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], \
352  u32 n_ops) \
353 { return ipsecmb_ops_gcm_cipher_inline (vm, ops, n_ops, b, ENCRYPT); } \
354  \
355 static_always_inline u32 \
356 ipsecmb_ops_gcm_cipher_dec_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], \
357  u32 n_ops) \
358 { return ipsecmb_ops_gcm_cipher_inline (vm, ops, n_ops, b, DECRYPT); } \
359 
361 #undef _
362 
363 clib_error_t *
365 {
367  clib_error_t *err = 0;
368  int fd;
369 
370  if ((fd = open ("/dev/urandom", O_RDONLY)) < 0)
371  return clib_error_return_unix (0, "failed to open '/dev/urandom'");
372 
373  vec_foreach (ptd, imbm->per_thread_data)
374  {
375  if (read (fd, &ptd->cbc_iv, sizeof (ptd->cbc_iv)) != sizeof (ptd->cbc_iv))
376  {
377  err = clib_error_return_unix (0, "'/dev/urandom' read failure");
378  close (fd);
379  return (err);
380  }
381  }
382 
383  close (fd);
384  return (NULL);
385 }
386 
387 static void
390 {
391  ipsecmb_main_t *imbm = &ipsecmb_main;
393  ipsecmb_alg_data_t *ad = imbm->alg_data + key->alg;
394  u32 i;
395  void *kd;
396 
397  if (kop == VNET_CRYPTO_KEY_OP_DEL)
398  {
399  if (idx >= vec_len (imbm->key_data))
400  return;
401 
402  if (imbm->key_data[idx] == 0)
403  return;
404 
405  clib_memset_u8 (imbm->key_data[idx], 0,
406  clib_mem_size (imbm->key_data[idx]));
407  clib_mem_free (imbm->key_data[idx]);
408  imbm->key_data[idx] = 0;
409  return;
410  }
411 
412  if (ad->data_size == 0)
413  return;
414 
416 
417  if (kop == VNET_CRYPTO_KEY_OP_MODIFY && imbm->key_data[idx])
418  {
419  clib_memset_u8 (imbm->key_data[idx], 0,
420  clib_mem_size (imbm->key_data[idx]));
421  clib_mem_free (imbm->key_data[idx]);
422  }
423 
424  kd = imbm->key_data[idx] = clib_mem_alloc_aligned (ad->data_size,
426 
427  /* AES CBC key expansion */
428  if (ad->keyexp)
429  {
430  ad->keyexp (key->data, ((ipsecmb_aes_cbc_key_data_t *) kd)->enc_key_exp,
431  ((ipsecmb_aes_cbc_key_data_t *) kd)->dec_key_exp);
432  return;
433  }
434 
435  /* AES GCM */
436  if (ad->aes_gcm_pre)
437  {
438  ad->aes_gcm_pre (key->data, (struct gcm_key_data *) kd);
439  return;
440  }
441 
442  /* HMAC */
443  if (ad->hash_one_block)
444  {
445  const int block_qw = HMAC_MAX_BLOCK_SIZE / sizeof (u64);
446  u64 pad[block_qw], key_hash[block_qw];
447 
448  clib_memset_u8 (key_hash, 0, HMAC_MAX_BLOCK_SIZE);
449  if (vec_len (key->data) <= ad->block_size)
450  clib_memcpy_fast (key_hash, key->data, vec_len (key->data));
451  else
452  ad->hash_fn (key->data, vec_len (key->data), key_hash);
453 
454  for (i = 0; i < block_qw; i++)
455  pad[i] = key_hash[i] ^ 0x3636363636363636;
456  ad->hash_one_block (pad, kd);
457 
458  for (i = 0; i < block_qw; i++)
459  pad[i] = key_hash[i] ^ 0x5c5c5c5c5c5c5c5c;
460  ad->hash_one_block (pad, ((u8 *) kd) + (ad->data_size / 2));
461 
462  return;
463  }
464 }
465 
466 static clib_error_t *
468 {
469  ipsecmb_main_t *imbm = &ipsecmb_main;
470  ipsecmb_alg_data_t *ad;
473  clib_error_t *error;
474  MB_MGR *m = 0;
475  u32 eidx;
476  u8 *name;
477 
478  if (!clib_cpu_supports_aes ())
479  return 0;
480 
481  /*
482  * A priority that is better than OpenSSL but worse than VPP natvie
483  */
484  name = format (0, "Intel(R) Multi-Buffer Crypto for IPsec Library %s%c",
485  IMB_VERSION_STR, 0);
486  eidx = vnet_crypto_register_engine (vm, "ipsecmb", 80, (char *) name);
487 
488  vec_validate (imbm->per_thread_data, tm->n_vlib_mains - 1);
489 
490  /* *INDENT-OFF* */
491  vec_foreach (ptd, imbm->per_thread_data)
492  {
493  ptd->mgr = alloc_mb_mgr (0);
494  if (clib_cpu_supports_avx512f ())
495  init_mb_mgr_avx512 (ptd->mgr);
496  else if (clib_cpu_supports_avx2 ())
497  init_mb_mgr_avx2 (ptd->mgr);
498  else
499  init_mb_mgr_sse (ptd->mgr);
500 
501  if (ptd == imbm->per_thread_data)
502  m = ptd->mgr;
503  }
504  /* *INDENT-ON* */
505 
506  if (clib_cpu_supports_x86_aes () && (error = crypto_ipsecmb_iv_init (imbm)))
507  return (error);
508 
509 #define _(a, b, c, d, e, f) \
510  vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_HMAC, \
511  ipsecmb_ops_hmac_##a); \
512  ad = imbm->alg_data + VNET_CRYPTO_ALG_HMAC_##a; \
513  ad->block_size = d; \
514  ad->data_size = e * 2; \
515  ad->hash_one_block = m-> c##_one_block; \
516  ad->hash_fn = m-> c; \
517 
519 #undef _
520 #define _(a, b) \
521  vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
522  ipsecmb_ops_cbc_cipher_enc_##a); \
523  vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
524  ipsecmb_ops_cbc_cipher_dec_##a); \
525  ad = imbm->alg_data + VNET_CRYPTO_ALG_##a; \
526  ad->data_size = sizeof (ipsecmb_aes_cbc_key_data_t); \
527  ad->keyexp = m->keyexp_##b; \
528 
530 #undef _
531 #define _(a, b) \
532  vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
533  ipsecmb_ops_gcm_cipher_enc_##a); \
534  vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
535  ipsecmb_ops_gcm_cipher_dec_##a); \
536  ad = imbm->alg_data + VNET_CRYPTO_ALG_##a; \
537  ad->data_size = sizeof (struct gcm_key_data); \
538  ad->aes_gcm_pre = m->gcm##b##_pre; \
539 
541 #undef _
542 
544  return (NULL);
545 }
546 
547 /* *INDENT-OFF* */
549 {
550  .runs_after = VLIB_INITS ("vnet_crypto_init"),
551 };
552 /* *INDENT-ON* */
553 
554 /* *INDENT-OFF* */
556 {
557  .version = VPP_BUILD_VER,
558  .description = "Intel IPSEC Multi-buffer Crypto Engine",
559 };
560 /* *INDENT-ON* */
561 
562 /*
563  * fd.io coding-style-patch-verification: ON
564  *
565  * Local Variables:
566  * eval: (c-set-style "gnu")
567  * End:
568  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:439
u8 pad[3]
log2 (size of the packing page block)
Definition: bihash_doc.h:61
#define EXPANDED_KEY_N_BYTES
Definition: ipsecmb.c:29
unsigned long u64
Definition: types.h:89
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
#define NULL
Definition: clib.h:58
u32 thread_index
Definition: main.h:197
static void ipsecmb_retire_hmac_job(JOB_AES_HMAC *job, u32 *n_fail, u32 digest_size)
Definition: ipsecmb.c:89
static void ipsecmb_retire_gcm_cipher_job(JOB_AES_HMAC *job, u32 *n_fail, JOB_CIPHER_DIRECTION direction)
Definition: ipsecmb.c:265
int i
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:450
VLIB_PLUGIN_REGISTER()
#define foreach_ipsecmb_hmac_op
Definition: ipsecmb.c:65
unsigned char u8
Definition: types.h:56
static ipsecmb_main_t ipsecmb_main
Definition: ipsecmb.c:60
u8 dec_key_exp[EXPANDED_KEY_N_BYTES]
Definition: ipsecmb.c:57
void vnet_crypto_register_key_handler(vlib_main_t *vm, u32 engine_index, vnet_crypto_key_handler_t *key_handler)
Definition: crypto.c:169
clib_error_t * crypto_ipsecmb_iv_init(ipsecmb_main_t *imbm)
Definition: ipsecmb.c:364
#define static_always_inline
Definition: clib.h:99
vnet_crypto_key_op_t
Definition: crypto.h:70
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
struct ipsecmb_main_t_ ipsecmb_main_t
#define always_inline
Definition: clib.h:98
static clib_error_t * crypto_ipsecmb_init(vlib_main_t *vm)
Definition: ipsecmb.c:467
void ** key_data
Definition: ipsecmb.c:51
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
unsigned int u32
Definition: types.h:88
static void ipsecmb_retire_cipher_job(JOB_AES_HMAC *job, u32 *n_fail)
Definition: ipsecmb.c:178
static_always_inline u32 ipsecmb_ops_hmac_inline(vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops, u32 block_size, u32 hash_size, u32 digest_size, JOB_HASH_ALG alg)
Definition: ipsecmb.c:119
ipsecmb_per_thread_data_t * per_thread_data
Definition: ipsecmb.c:49
static u8 iv[]
Definition: aes_cbc.c:24
uword user_data
Definition: crypto.h:143
hash_fn_t hash_fn
Definition: ipsecmb.c:44
unsigned short u16
Definition: types.h:57
#define clib_error_return_unix(e, args...)
Definition: error.h:102
u8 name[64]
Definition: memclnt.api:152
vnet_crypto_alg_t alg
Definition: crypto.h:102
#define VNET_CRYPTO_OP_FLAG_HMAC_CHECK
Definition: crypto.h:132
static_always_inline u32 ipsecmb_ops_gcm_cipher_inline(vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops, u32 key_len, JOB_CIPHER_DIRECTION direction)
Definition: ipsecmb.c:290
u8 len
Definition: ip_types.api:90
#define foreach_ipsecmb_cbc_cipher_op
Definition: ipsecmb.c:75
#define VNET_CRYPTO_OP_FLAG_INIT_IV
Definition: crypto.h:131
vlib_main_t * vm
Definition: buffer.c:312
static uword clib_mem_size(void *p)
Definition: mem.h:263
#define foreach_ipsecmb_gcm_cipher_op
Definition: ipsecmb.c:83
static void crypto_ipsecmb_key_handler(vlib_main_t *vm, vnet_crypto_key_op_t kop, vnet_crypto_key_index_t idx)
Definition: ipsecmb.c:388
static void clib_mem_free(void *p)
Definition: mem.h:226
ipsecmb_alg_data_t alg_data[VNET_CRYPTO_N_ALGS]
Definition: ipsecmb.c:50
u32 vnet_crypto_key_index_t
Definition: crypto.h:159
keyexp_t keyexp
Definition: ipsecmb.c:42
u8 enc_key_exp[EXPANDED_KEY_N_BYTES]
Definition: ipsecmb.c:56
static_always_inline void clib_memset_u8(void *p, u8 val, uword count)
Definition: string.h:424
hash_one_block_t hash_one_block
Definition: ipsecmb.c:43
static foreach_aarch64_flags int clib_cpu_supports_aes()
Definition: cpu.h:236
static_always_inline vnet_crypto_key_t * vnet_crypto_get_key(vnet_crypto_key_index_t index)
Definition: crypto.h:239
#define HMAC_MAX_BLOCK_SIZE
Definition: ipsecmb.c:28
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
typedef key
Definition: ipsec.api:245
aes_gcm_pre_t aes_gcm_pre
Definition: ipsecmb.c:41
vnet_crypto_op_status_t status
Definition: crypto.h:129
static void * clib_mem_alloc_aligned(uword size, uword align)
Definition: mem.h:161
static_always_inline u32 ipsecmb_ops_cbc_cipher_inline(vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops, u32 key_len, JOB_CIPHER_DIRECTION direction)
Definition: ipsecmb.c:192
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
#define vec_foreach(var, vec)
Vector iterator.
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
u32 vnet_crypto_register_engine(vlib_main_t *vm, char *name, int prio, char *desc)
Definition: crypto.c:78
#define VLIB_INITS(...)
Definition: init.h:344