diff options
author | fituldo <filip.tehlar@gmail.com> | 2019-04-12 12:26:43 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-14 14:44:56 +0000 |
commit | 89e66434a2c93a07d7e913bb66b2be5e6e6df14c (patch) | |
tree | 17b3ed7dfd68283b4a3d6f0fd6deed3336a19426 /src | |
parent | 4e08316f3ec2c98165f156c6551f1e6557931739 (diff) |
crypto: add support for AES-CTR cipher
Change-Id: I7d84bab7768421ed37813702c0413e52167f41ab
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/crypto_openssl/main.c | 5 | ||||
-rw-r--r-- | src/plugins/unittest/CMakeLists.txt | 3 | ||||
-rw-r--r-- | src/plugins/unittest/crypto/aes_ctr.c | 116 | ||||
-rw-r--r-- | src/vnet/crypto/crypto.h | 5 |
4 files changed, 126 insertions, 3 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index 13981e929c7..9b741bbbc71 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -44,7 +44,10 @@ static openssl_per_thread_data_t *per_thread_data = 0; _(cbc, AES_256_CBC, EVP_aes_256_cbc) \ _(gcm, AES_128_GCM, EVP_aes_128_gcm) \ _(gcm, AES_192_GCM, EVP_aes_192_gcm) \ - _(gcm, AES_256_GCM, EVP_aes_256_gcm) + _(gcm, AES_256_GCM, EVP_aes_256_gcm) \ + _(cbc, AES_128_CTR, EVP_aes_128_ctr) \ + _(cbc, AES_192_CTR, EVP_aes_192_ctr) \ + _(cbc, AES_256_CTR, EVP_aes_256_ctr) \ #define foreach_openssl_hmac_op \ _(MD5, EVP_md5) \ diff --git a/src/plugins/unittest/CMakeLists.txt b/src/plugins/unittest/CMakeLists.txt index 55766176fff..60a7cc166ab 100644 --- a/src/plugins/unittest/CMakeLists.txt +++ b/src/plugins/unittest/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Cisco and/or its affiliates. +# Copyright (c) 2018-2019 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -18,6 +18,7 @@ add_vpp_plugin(unittest crypto_test.c crypto/aes_cbc.c crypto/aes_gcm.c + crypto/aes_ctr.c crypto/rfc2202_hmac_sha1.c crypto/rfc2202_hmac_md5.c crypto/rfc4231.c diff --git a/src/plugins/unittest/crypto/aes_ctr.c b/src/plugins/unittest/crypto/aes_ctr.c new file mode 100644 index 00000000000..80e66111c12 --- /dev/null +++ b/src/plugins/unittest/crypto/aes_ctr.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* Test vectors for AES-CTR published here: + * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf + */ + +#include <vppinfra/clib.h> +#include <vnet/crypto/crypto.h> +#include <unittest/crypto/crypto.h> + +static u8 tc1_key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, +}; + +static u8 tc1_iv[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, +}; + +static u8 tc1_plaintext[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, +}; + +static u8 tc1_ciphertext[] = { + 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, + 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, +}; + +/* *INDENT-OFF* */ +UNITTEST_REGISTER_CRYPTO_TEST (nist_aes128_ctr_tc1) = { + .name = "CTR-AES128 TC1", + .alg = VNET_CRYPTO_ALG_AES_128_CTR, + .key = TEST_DATA (tc1_key), + .iv = TEST_DATA (tc1_iv), + .plaintext = TEST_DATA (tc1_plaintext), + .ciphertext = TEST_DATA (tc1_ciphertext), +}; +/* *INDENT-ON* */ + +static u8 tc1_192_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b, +}; + +static u8 tc1_192_iv[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, +}; + +static u8 tc1_192_ciphertext[] = { + 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, + 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, +}; + +/* *INDENT-OFF* */ +UNITTEST_REGISTER_CRYPTO_TEST (nist_aes192_ctr_tc1) = { + .name = "CTR-AES192 TC1", + .alg = VNET_CRYPTO_ALG_AES_192_CTR, + .key = TEST_DATA (tc1_192_key), + .iv = TEST_DATA (tc1_192_iv), + .plaintext = TEST_DATA (tc1_plaintext), + .ciphertext = TEST_DATA (tc1_192_ciphertext), +}; +/* *INDENT-ON* */ + +static u8 tc1_256_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4, +}; + +static u8 tc1_256_iv[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, +}; + +static u8 tc1_256_ciphertext[] = { + 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, + 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, +}; + +/* *INDENT-OFF* */ +UNITTEST_REGISTER_CRYPTO_TEST (nist_aes256_ctr_tc1) = { + .name = "CTR-AES256 TC1", + .alg = VNET_CRYPTO_ALG_AES_256_CTR, + .key = TEST_DATA (tc1_256_key), + .iv = TEST_DATA (tc1_256_iv), + .plaintext = TEST_DATA (tc1_plaintext), + .ciphertext = TEST_DATA (tc1_256_ciphertext), +}; +/* *INDENT-ON* */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 92b65a4722a..06f7e534e11 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -25,7 +25,10 @@ _(3DES_CBC, "3des-cbc") \ _(AES_128_CBC, "aes-128-cbc") \ _(AES_192_CBC, "aes-192-cbc") \ - _(AES_256_CBC, "aes-256-cbc") + _(AES_256_CBC, "aes-256-cbc") \ + _(AES_128_CTR, "aes-128-ctr") \ + _(AES_192_CTR, "aes-192-ctr") \ + _(AES_256_CTR, "aes-256-ctr") #define foreach_crypto_aead_alg \ _(AES_128_GCM, "aes-128-gcm") \ |