Line data Source code
1 : /*
2 : * Copyright (c) 2015 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : #ifndef __AH_H__
16 : #define __AH_H__
17 :
18 : #include <vnet/ip/ip.h>
19 : #include <vnet/ipsec/ipsec.h>
20 : #include <vnet/ipsec/ipsec.api_enum.h>
21 :
22 : typedef struct
23 : {
24 : unsigned char nexthdr;
25 : unsigned char hdrlen;
26 : unsigned short reserved;
27 : unsigned int spi;
28 : unsigned int seq_no;
29 : unsigned char auth_data[0];
30 : } ah_header_t;
31 :
32 :
33 : /* *INDENT-OFF* */
34 : typedef CLIB_PACKED (struct {
35 : ip4_header_t ip4;
36 : ah_header_t ah;
37 : }) ip4_and_ah_header_t;
38 : /* *INDENT-ON* */
39 :
40 : /* *INDENT-OFF* */
41 : typedef CLIB_PACKED (struct {
42 : ip6_header_t ip6;
43 : ah_header_t ah;
44 : }) ip6_and_ah_header_t;
45 : /* *INDENT-ON* */
46 :
47 : always_inline u32
48 21 : ah_encrypt_err_to_sa_err (u32 err)
49 : {
50 21 : switch (err)
51 : {
52 0 : case AH_ENCRYPT_ERROR_CRYPTO_ENGINE_ERROR:
53 0 : return IPSEC_SA_ERROR_CRYPTO_ENGINE_ERROR;
54 21 : case AH_ENCRYPT_ERROR_SEQ_CYCLED:
55 21 : return IPSEC_SA_ERROR_SEQ_CYCLED;
56 : }
57 0 : return ~0;
58 : }
59 :
60 : always_inline u32
61 77 : ah_decrypt_err_to_sa_err (u32 err)
62 : {
63 77 : switch (err)
64 : {
65 0 : case AH_DECRYPT_ERROR_DECRYPTION_FAILED:
66 0 : return IPSEC_SA_ERROR_DECRYPTION_FAILED;
67 17 : case AH_DECRYPT_ERROR_INTEG_ERROR:
68 17 : return IPSEC_SA_ERROR_INTEG_ERROR;
69 0 : case AH_DECRYPT_ERROR_NO_TAIL_SPACE:
70 0 : return IPSEC_SA_ERROR_NO_TAIL_SPACE;
71 0 : case AH_DECRYPT_ERROR_DROP_FRAGMENTS:
72 0 : return IPSEC_SA_ERROR_DROP_FRAGMENTS;
73 60 : case AH_DECRYPT_ERROR_REPLAY:
74 60 : return IPSEC_SA_ERROR_REPLAY;
75 : }
76 0 : return ~0;
77 : }
78 :
79 : always_inline void
80 21 : ah_encrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node,
81 : u32 thread_index, u32 err, u16 index, u16 *nexts,
82 : u16 drop_next, u32 sa_index)
83 : {
84 21 : ipsec_set_next_index (b, node, thread_index, err,
85 : ah_encrypt_err_to_sa_err (err), index, nexts,
86 : drop_next, sa_index);
87 21 : }
88 :
89 : always_inline void
90 77 : ah_decrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node,
91 : u32 thread_index, u32 err, u16 index, u16 *nexts,
92 : u16 drop_next, u32 sa_index)
93 : {
94 77 : ipsec_set_next_index (b, node, thread_index, err,
95 : ah_decrypt_err_to_sa_err (err), index, nexts,
96 : drop_next, sa_index);
97 77 : }
98 :
99 : always_inline u8
100 7689 : ah_calc_icv_padding_len (u8 icv_size, int is_ipv6)
101 : {
102 7689 : ASSERT (0 == is_ipv6 || 1 == is_ipv6);
103 7689 : const u8 req_multiple = 4 + 4 * is_ipv6; // 4 for ipv4, 8 for ipv6
104 7689 : const u8 total_size = sizeof (ah_header_t) + icv_size;
105 7689 : return (req_multiple - total_size % req_multiple) % req_multiple;
106 : }
107 :
108 : #endif /* __AH_H__ */
109 :
110 : /*
111 : * fd.io coding-style-patch-verification: ON
112 : *
113 : * Local Variables:
114 : * eval: (c-set-style "gnu")
115 : * End:
116 : */
|
