21 #include <openssl/hmac.h> 22 #include <openssl/rand.h> 23 #include <openssl/evp.h> 42 }) ip4_and_esp_header_t;
49 }) ip6_and_esp_header_t;
68 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 69 EVP_CIPHER_CTX *encrypt_ctx;
74 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 75 EVP_CIPHER_CTX *decrypt_ctx;
80 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 99 #define ESP_WINDOW_SIZE (64) 100 #define ESP_SEQ_MAX (4294967295UL) 193 if (wrap == 0 && seq > sa->
last_seq)
254 memset (em, 0,
sizeof (em[0]));
289 i->
md = EVP_sha256 ();
293 i->
md = EVP_sha256 ();
297 i->
md = EVP_sha384 ();
301 i->
md = EVP_sha512 ();
308 for (thread_id = 0; thread_id < tm->
n_vlib_mains; thread_id++)
310 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 326 u8 * data,
int data_len,
u8 * signature,
u8 use_esn,
u32 seq_hi)
330 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 335 const EVP_MD *md =
NULL;
349 HMAC_Init_ex (ctx, key, key_len, md,
NULL);
351 HMAC_Update (ctx, data, data_len);
354 HMAC_Update (ctx, (
u8 *) & seq_hi,
sizeof (seq_hi));
355 HMAC_Final (ctx, signature, &len);
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
ipsec_proto_main_integ_alg_t * ipsec_proto_main_integ_algs
static void esp_replay_advance(ipsec_sa_t *sa, u32 seq)
ipsec_crypto_alg_t last_decrypt_alg
static unsigned int hmac_calc(ipsec_integ_alg_t alg, u8 *key, int key_len, u8 *data, int data_len, u8 *signature, u8 use_esn, u32 seq_hi)
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
ipsec_proto_main_crypto_alg_t * ipsec_proto_main_crypto_algs
static int esp_seq_advance(ipsec_sa_t *sa)
static void esp_replay_advance_esn(ipsec_sa_t *sa, u32 seq)
ipsec_proto_main_per_thread_data_t * per_thread_data
static int esp_replay_check_esn(ipsec_sa_t *sa, u32 seq)
ipsec_crypto_alg_t last_encrypt_alg
static_always_inline uword vlib_get_thread_index(void)
EVP_CIPHER_CTX decrypt_ctx
u8 * format_esp_header(u8 *s, va_list *args)
static int esp_replay_check(ipsec_sa_t *sa, u32 seq)
EVP_CIPHER_CTX encrypt_ctx
static void ipsec_proto_init()
ipsec_integ_alg_t last_integ_alg
static vlib_thread_main_t * vlib_get_thread_main()
ipsec_proto_main_t ipsec_proto_main
#define CLIB_CACHE_LINE_BYTES
typedef CLIB_PACKED(struct{ip4_header_t ip4;esp_header_t esp;}) ip4_and_esp_header_t