wireguard: notify key changes to crypto engine
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
This commit is contained in:
Lijian Zhang
@ -144,6 +144,7 @@ noise_create_initiation (vlib_main_t * vm, noise_remote_t * r,
|
||||
/* es */
|
||||
if (!noise_mix_dh (hs->hs_ck, key, hs->hs_e, r->r_public))
|
||||
goto error;
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* s */
|
||||
noise_msg_encrypt (vm, es, l->l_public, NOISE_PUBLIC_KEY_LEN, key_idx,
|
||||
@ -152,6 +153,7 @@ noise_create_initiation (vlib_main_t * vm, noise_remote_t * r,
|
||||
/* ss */
|
||||
if (!noise_mix_ss (hs->hs_ck, key, r->r_ss))
|
||||
goto error;
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* {t} */
|
||||
noise_tai64n_now (ets);
|
||||
@ -198,6 +200,7 @@ noise_consume_initiation (vlib_main_t * vm, noise_local_t * l,
|
||||
/* es */
|
||||
if (!noise_mix_dh (hs.hs_ck, key, l->l_private, ue))
|
||||
goto error;
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* s */
|
||||
|
||||
@ -213,6 +216,7 @@ noise_consume_initiation (vlib_main_t * vm, noise_local_t * l,
|
||||
/* ss */
|
||||
if (!noise_mix_ss (hs.hs_ck, key, r->r_ss))
|
||||
goto error;
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* {t} */
|
||||
if (!noise_msg_decrypt (vm, timestamp, ets,
|
||||
@ -287,6 +291,7 @@ noise_create_response (vlib_main_t * vm, noise_remote_t * r, uint32_t * s_idx,
|
||||
|
||||
/* psk */
|
||||
noise_mix_psk (hs->hs_ck, hs->hs_hash, key, r->r_psk);
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* {} */
|
||||
noise_msg_encrypt (vm, en, NULL, 0, key_idx, hs->hs_hash);
|
||||
@ -341,6 +346,7 @@ noise_consume_response (vlib_main_t * vm, noise_remote_t * r, uint32_t s_idx,
|
||||
|
||||
/* psk */
|
||||
noise_mix_psk (hs.hs_ck, hs.hs_hash, key, preshared_key);
|
||||
vnet_crypto_key_update (vm, key_idx);
|
||||
|
||||
/* {} */
|
||||
|
||||
|
||||
@ -483,6 +483,17 @@ vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index)
|
||||
pool_put (cm->keys, key);
|
||||
}
|
||||
|
||||
void
|
||||
vnet_crypto_key_update (vlib_main_t *vm, vnet_crypto_key_index_t index)
|
||||
{
|
||||
vnet_crypto_main_t *cm = &crypto_main;
|
||||
vnet_crypto_engine_t *engine;
|
||||
|
||||
vec_foreach (engine, cm->engines)
|
||||
if (engine->key_op_handler)
|
||||
engine->key_op_handler (vm, VNET_CRYPTO_KEY_OP_MODIFY, index);
|
||||
}
|
||||
|
||||
vnet_crypto_async_alg_t
|
||||
vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
|
||||
vnet_crypto_alg_t integ_alg)
|
||||
|
||||
@ -496,6 +496,7 @@ int vnet_crypto_is_set_handler (vnet_crypto_alg_t alg);
|
||||
u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg,
|
||||
u8 * data, u16 length);
|
||||
void vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index);
|
||||
void vnet_crypto_key_update (vlib_main_t *vm, vnet_crypto_key_index_t index);
|
||||
|
||||
/**
|
||||
* Use 2 created keys to generate new key for linked algs (cipher + integ)
|
||||
|
||||
Reference in New Issue
Block a user