github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/pkg/maps/encrypt/encrypt.go

github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/pkg/maps/encrypt/encrypt.go (about)

     1  // Copyright 2018-2019 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package encrypt
    16  
    17  import (
    18  	"fmt"
    19  	"unsafe"
    20  
    21  	"github.com/cilium/cilium/pkg/bpf"
    22  	"github.com/cilium/cilium/pkg/logging"
    23  	"github.com/cilium/cilium/pkg/logging/logfields"
    24  )
    25  
    26  // EncryptKey is the context ID for the encryption session
    27  // +k8s:deepcopy-gen=true
    28  // +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
    29  type EncryptKey struct {
    30  	key uint32 `align:"ctx"`
    31  }
    32  
    33  // EncryptValue is ID assigned to the keys
    34  // +k8s:deepcopy-gen=true
    35  // +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
    36  type EncryptValue struct {
    37  	encryptKeyID uint8
    38  }
    39  
    40  // String pretty print the EncryptKey
    41  func (k EncryptKey) String() string {
    42  	return fmt.Sprintf("%d", k.key)
    43  }
    44  
    45  // String pretty print the encryption key index.
    46  func (v EncryptValue) String() string {
    47  	return fmt.Sprintf("%d", v.encryptKeyID)
    48  }
    49  
    50  // GetValuePtr returns the unsafe pointer to the BPF value.
    51  func (v *EncryptValue) GetValuePtr() unsafe.Pointer { return unsafe.Pointer(v) }
    52  
    53  // GetKeyPtr returns the unsafe pointer to the BPF key
    54  func (k *EncryptKey) GetKeyPtr() unsafe.Pointer { return unsafe.Pointer(k) }
    55  
    56  // NewValue returns a new empty instance of the structure represeting the BPF
    57  // map value
    58  func (k EncryptKey) NewValue() bpf.MapValue { return &EncryptValue{} }
    59  
    60  func newEncryptKey(key uint32) *EncryptKey {
    61  	return &EncryptKey{
    62  		key: key,
    63  	}
    64  }
    65  
    66  var log = logging.DefaultLogger.WithField(logfields.LogSubsys, "encryptMap")
    67  
    68  const (
    69  	// MapName name of map used to pin map for datapath
    70  	MapName = "cilium_encrypt_state"
    71  
    72  	// MaxEntries represents the maximum number of current encryption contexts
    73  	MaxEntries = 1
    74  )
    75  
    76  var (
    77  	// Encrypt represents the BPF map for sockets
    78  	encryptMap = bpf.NewMap(MapName,
    79  		bpf.MapTypeArray,
    80  		&EncryptKey{},
    81  		int(unsafe.Sizeof(EncryptKey{})),
    82  		&EncryptValue{},
    83  		int(unsafe.Sizeof(EncryptValue{})),
    84  		MaxEntries,
    85  		0, 0,
    86  		bpf.ConvertKeyValue,
    87  	).WithCache()
    88  )
    89  
    90  // MapCreate will create an encrypt map
    91  func MapCreate() error {
    92  	_, err := encryptMap.OpenOrCreate()
    93  	return err
    94  }
    95  
    96  // MapUpdateContext updates the encrypt state with ctxID to use the new keyID
    97  func MapUpdateContext(ctxID uint32, keyID uint8) error {
    98  	k := newEncryptKey(ctxID)
    99  	v := &EncryptValue{
   100  		encryptKeyID: keyID,
   101  	}
   102  	return encryptMap.Update(k, v)
   103  }