For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c
Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
with it
PS. openSSL 3.x.x
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If715a80228548b4e588cee222968d9da9024c438
The sys/random.h header, which provides the getrandom syscall wrapper,
was only added in glibc2.25. To make it compatible with older version,
we can directly call the syscall.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
So far by suppressing depreciation messages, as there was no transition
period.
Type: make
Change-Id: I9887613fd71a22bf11bf22a04c129aca4a16867f
Signed-off-by: Damjan Marion <damarion@cisco.com>
Fix build errors related to chachapoly when the
system openssl version is < 0x10100000.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I62283fcc44c952ddd4d6a9f621c18e8be1af8af1
Type: fix
Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo
Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>
Since 3DES has 8 bytes of initialization vector and
code contains hardcode for 16 bytes, check added to
determine if crypto algorythm is 3DES_CBC and set
corresponding iv_len param
Change-Id: Iac50c8a8241e321e3b4d576c88f2496852bd905c
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code
- fixes GCM unit tests
- GCM IV is constructed out of simple counter, per RFC4106 section 3.1
Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52.
Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d
Signed-off-by: Damjan Marion <damarion@cisco.com>
