diff options
| author |   Benoît Ganne <bganne@cisco.com> | 2022-01-18 15:56:41 +0100 |
|---|---|---|
| committer |   Dave Wallace <dwallacelf@gmail.com> | 2023-02-03 21:04:24 -0500 |
| commit | 9b8dc82531d9cbe5859488a886405a69b163f8a7 (patch) | |
| tree | 62456aa3304aa68d4323bc665628cbee9fa4475d /src/vnet/crypto | |
| parent | d03b3bf62fdcf855d493653fc410c6bf839d6393 (diff) | |
ipsec: fix AES CBC IV generation (CVE-2022-46397)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/crypto')
| -rw-r--r-- | src/vnet/crypto/crypto.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index e24ad1091f3..8f12a7216b0 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -338,7 +338,7 @@ typedef struct i16 crypto_start_offset; /* first buffer offset */ i16 integ_start_offset; /* adj total_length for integ, e.g.4 bytes for IPSec ESN */ - u16 integ_length_adj; + i16 integ_length_adj; vnet_crypto_op_status_t status : 8; u8 flags; /**< share same VNET_CRYPTO_OP_FLAG_* values */ } vnet_crypto_async_frame_elt_t; @@ -628,7 +628,7 @@ static_always_inline void vnet_crypto_async_add_to_frame (vlib_main_t *vm, vnet_crypto_async_frame_t *f, u32 key_index, u32 crypto_len, i16 integ_len_adj, i16 crypto_start_offset, - u16 integ_start_offset, u32 buffer_index, + i16 integ_start_offset, u32 buffer_index, u16 next_node, u8 *iv, u8 *tag, u8 *aad, u8 flags) { |