History log of /vpp/src/plugins/crypto_openssl/
Revision Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
d1d90f59 25-May-2020 Rajesh Goel <rajegoel@cisco.com>

ipsec: DES/3DES fixing the iv_len for openssl crypto

Type: fix

Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08

41e831f5 24-Feb-2020 Filip Tehlar <ftehlar@cisco.com>

crypto-openssl: fix coverity warnings

Type: fix

Change-Id: Ia42ff39a0a33f89901b8333a9e6ca82ca9805cc6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

efcad1a9 04-Feb-2020 Filip Tehlar <ftehlar@cisco.com>

ipsec: add support for chained buffers

Type: feature

Change-Id: Ie072a7c2bbb1e4a77f7001754f01897efd30fc53
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

7c9fe920 10-Jan-2020 John DeNisco <jdenisco@cisco.com>

docs: Edit FEATURE.yaml files so they can be published

Type: docs
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I7280e5c5ad10a66c0787a5282291a2ef000bff5f

822d6899 02-Jan-2020 Neale Ranns <nranns@cisco.com>

crypto-ipsecmb: Add FEATURE.yaml for all crypto engine plugins

Type: docs

Change-Id: Ia00e3167e954271c9eb7618792fd86df288d5c19
Signed-off-by: Neale Ranns <nranns@cisco.com>

6afaae15 17-Jul-2019 Neale Ranns <nranns@cisco.com>

ipsec: GCM, Anti-replay and ESN fixess

Type: fix

Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo

Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>

f4805078 17-May-2019 Vladimir Ratnikov <vratnikov@netgate.com>

openssl plugin 3des routine iv_len fix

Since 3DES has 8 bytes of initialization vector and
code contains hardcode for 16 bytes, check added to
determine if crypto algorythm is 3DES_CBC and set
corresponding iv_len param

Change-Id: Iac50c8a8241e321e3b4d576c88f2496852bd905c
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>

f8d50682 14-May-2019 Dave Barach <dave@barachs.net>

init / exit function ordering

The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.

The following schemes are *roughly* equivalent:

static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;

... do some stuff...

if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);

and

static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};

The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.

Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.

Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>

1d1985de 23-Apr-2019 Dave Wallace <dwallacelf@gmail.com>

plugins: clean up plugin descriptions

- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.

Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

d97918ec 25-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto, ipsec: change GCM IV handling

- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code

- fixes GCM unit tests

- GCM IV is constructed out of simple counter, per RFC4106 section 3.1

Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>

82d81d4f 25-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: AES GCM IV length is always 12

... at least for use cases we are interested in

Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>

d1bed687 24-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: improve key handling

Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>

47feb114 11-Apr-2019 Neale Ranns <nranns@cisco.com>

IPSEC: support GCM in ESP

Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>

45df934d 14-Apr-2019 Neale Ranns <nranns@cisco.com>

crypto: openssl - IV len not passed by caller. Callee knows from algo type

Change-Id: Ib80e9bfb19a79e1adc79aef90371a15954daa993
Signed-off-by: Neale Ranns <nranns@cisco.com>

1b1d1e9e 14-Apr-2019 Neale Ranns <nranns@cisco.com>

crypto-openssl-gcm: account for failed decrypts

Change-Id: I749c5a9d58128fd6d0fb8284e56b8f89cf91c609
Signed-off-by: Neale Ranns <nranns@cisco.com>

89e66434 12-Apr-2019 fituldo <filip.tehlar@gmail.com>

crypto: add support for AES-CTR cipher

Change-Id: I7d84bab7768421ed37813702c0413e52167f41ab
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

11a73973 11-Apr-2019 Filip Tehlar <ftehlar@cisco.com>

crypto: add more AES-GCM test cases

Change-Id: Ibb3e2f3ba5f31482fc2f0dce53d68f8476608f4b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

060bfb98 29-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: add support for AEAD and AES-GCM

Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db
Signed-off-by: Damjan Marion <damarion@cisco.com>

72ac548e 04-Apr-2019 Filip Tehlar <ftehlar@cisco.com>

crypto: fix init dependency

Change-Id: Ie8dcd9fa0d0487b146eaa62113a5ee06bd3e7d3b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

085637f5 03-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: pass multiple ops to handler

Change-Id: I438ef1f50d83560ecc608f898cfc61d7f51e1724
Signed-off-by: Damjan Marion <damarion@cisco.com>

b4fff3a3 25-Mar-2019 Damjan Marion <damarion@cisco.com>

ipsec: esp-decrypt rework

Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f
Signed-off-by: Damjan Marion <damarion@cisco.com>

8863123b 20-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: add hmac truncate option

This reverts commit 785368e559dbdf50676f74f43f13423c817abb52.

Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d
Signed-off-by: Damjan Marion <damarion@cisco.com>

f2edfbd2 20-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto_openssl: call EVP_EncryptFinal_ex only if needed

Change-Id: I4dc6749a67c0726bae20b8204a5171676308b909
Signed-off-by: Damjan Marion <damarion@cisco.com>

e225f717 19-Mar-2019 Filip Tehlar <ftehlar@cisco.com>

tests: implement crypto tests per RFC2202

Change-Id: I18b30d5ee8aa60c34d52b7716b5feb7225cb0d59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

91f17dc7 18-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: introduce crypto infra

Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>