History log of /vpp/src/vnet/crypto/crypto.h
Revision Date Author Comments
# f539578b 29-Apr-2020 Fan Zhang <roy.fan.zhang@intel.com>

crypto: introduce async crypto infra

Type: feature

Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b


# efcad1a9 04-Feb-2020 Filip Tehlar <ftehlar@cisco.com>

ipsec: add support for chained buffers

Type: feature

Change-Id: Ie072a7c2bbb1e4a77f7001754f01897efd30fc53
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>


# b15d796d 27-Sep-2019 Lijian Zhang <Lijian.Zhang@arm.com>

crypto: not use vec api with opt_data[VNET_CRYPTO_N_OP_IDS]

opt_data is defined as a array, while in some code, e.g., function
vnet_crypto_get_op_type, it's used as vec.
vec api is not applicable to static arraies.

src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0)))

Type: fix

Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>


# 6afaae15 17-Jul-2019 Neale Ranns <nranns@cisco.com>

ipsec: GCM, Anti-replay and ESN fixess

Type: fix

Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo

Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>


# ece2ae0f 21-Jun-2019 Neale Ranns <nranns@cisco.com>

ipsec: return error if the engine backend has no handler for the
requested alogrithm.

Type: feature

Change-Id: I19a9c14b2bb52ba2fc66246845b7ada73d5095d1
Signed-off-by: Neale Ranns <nranns@cisco.com>


# f2922422 06-Jun-2019 Neale Ranns <nranns@cisco.com>

ipsec: remove the set_key API

there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.

the set_key functions were untested.

Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>


# e6be7023 04-Jun-2019 Neale Ranns <nranns@cisco.com>

IPSEC: some CLI fixes

Change-Id: I45618347e37440263270baf07b2f82f653f754a5
Signed-off-by: Neale Ranns <nranns@cisco.com>


# be95444f 29-Apr-2019 Benoît Ganne <bganne@cisco.com>

crypto: enforce per-alg crypto key length

Crypto algorithms have different requirements on key length. As we do
not support key stretching (eg. PBKDF2), user must provide the exact
key length used by the algorithm.
Failing that means low-level crypto functions might read garbage (eg.
aes128_key_expand() will read 16-bytes, regardless of the key provided
by the user).

Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9
Signed-off-by: Benoît Ganne <bganne@cisco.com>


# d97918ec 25-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto, ipsec: change GCM IV handling

- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code

- fixes GCM unit tests

- GCM IV is constructed out of simple counter, per RFC4106 section 3.1

Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>


# 82d81d4f 25-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: AES GCM IV length is always 12

... at least for use cases we are interested in

Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>


# d1bed687 24-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: improve key handling

Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>


# 47feb114 11-Apr-2019 Neale Ranns <nranns@cisco.com>

IPSEC: support GCM in ESP

Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>


# 89e66434 12-Apr-2019 fituldo <filip.tehlar@gmail.com>

crypto: add support for AES-CTR cipher

Change-Id: I7d84bab7768421ed37813702c0413e52167f41ab
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>


# 61c0a3dd 05-Apr-2019 Damjan Marion <damarion@cisco.com>

crypto: add performace test to unittest plugin

Change-Id: I49c710c5ace24a4c1f083120fd4c2972566a1695
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>


# 060bfb98 29-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: add support for AEAD and AES-GCM

Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db
Signed-off-by: Damjan Marion <damarion@cisco.com>


# b4fff3a3 25-Mar-2019 Damjan Marion <damarion@cisco.com>

ipsec: esp-decrypt rework

Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f
Signed-off-by: Damjan Marion <damarion@cisco.com>


# a03d1823 28-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: add vnet_crypto_op_init (...)

Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5
Signed-off-by: Damjan Marion <damarion@cisco.com>


# d709cbcb 26-Mar-2019 Damjan Marion <damarion@cisco.com>

ipsec: compress ipsec_sa_t so data used by dataplane code fits in cacheline

Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>


# 1469d54f 25-Mar-2019 Filip Tehlar <ftehlar@cisco.com>

crypto: add set crypto handler CLI

Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>


# c59b9a26 19-Mar-2019 Damjan Marion <damarion@cisco.com>

ipsec: esp-encrypt rework

Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833
Signed-off-by: Damjan Marion <damarion@cisco.com>


# 8863123b 20-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: add hmac truncate option

This reverts commit 785368e559dbdf50676f74f43f13423c817abb52.

Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d
Signed-off-by: Damjan Marion <damarion@cisco.com>


# e225f717 19-Mar-2019 Filip Tehlar <ftehlar@cisco.com>

tests: implement crypto tests per RFC2202

Change-Id: I18b30d5ee8aa60c34d52b7716b5feb7225cb0d59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>


# 91f17dc7 18-Mar-2019 Damjan Marion <damarion@cisco.com>

crypto: introduce crypto infra

Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>