summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorfituldo <filip.tehlar@gmail.com>2019-04-12 12:26:43 +0000
committerDamjan Marion <dmarion@me.com>2019-04-14 14:44:56 +0000
commit89e66434a2c93a07d7e913bb66b2be5e6e6df14c (patch)
tree17b3ed7dfd68283b4a3d6f0fd6deed3336a19426 /src
parent4e08316f3ec2c98165f156c6551f1e6557931739 (diff)
crypto: add support for AES-CTR cipher
Change-Id: I7d84bab7768421ed37813702c0413e52167f41ab Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/crypto_openssl/main.c5
-rw-r--r--src/plugins/unittest/CMakeLists.txt3
-rw-r--r--src/plugins/unittest/crypto/aes_ctr.c116
-rw-r--r--src/vnet/crypto/crypto.h5
4 files changed, 126 insertions, 3 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 13981e929c7..9b741bbbc71 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -44,7 +44,10 @@ static openssl_per_thread_data_t *per_thread_data = 0;
_(cbc, AES_256_CBC, EVP_aes_256_cbc) \
_(gcm, AES_128_GCM, EVP_aes_128_gcm) \
_(gcm, AES_192_GCM, EVP_aes_192_gcm) \
- _(gcm, AES_256_GCM, EVP_aes_256_gcm)
+ _(gcm, AES_256_GCM, EVP_aes_256_gcm) \
+ _(cbc, AES_128_CTR, EVP_aes_128_ctr) \
+ _(cbc, AES_192_CTR, EVP_aes_192_ctr) \
+ _(cbc, AES_256_CTR, EVP_aes_256_ctr) \
#define foreach_openssl_hmac_op \
_(MD5, EVP_md5) \
diff --git a/src/plugins/unittest/CMakeLists.txt b/src/plugins/unittest/CMakeLists.txt
index 55766176fff..60a7cc166ab 100644
--- a/src/plugins/unittest/CMakeLists.txt
+++ b/src/plugins/unittest/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2018 Cisco and/or its affiliates.
+# Copyright (c) 2018-2019 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -18,6 +18,7 @@ add_vpp_plugin(unittest
crypto_test.c
crypto/aes_cbc.c
crypto/aes_gcm.c
+ crypto/aes_ctr.c
crypto/rfc2202_hmac_sha1.c
crypto/rfc2202_hmac_md5.c
crypto/rfc4231.c
diff --git a/src/plugins/unittest/crypto/aes_ctr.c b/src/plugins/unittest/crypto/aes_ctr.c
new file mode 100644
index 00000000000..80e66111c12
--- /dev/null
+++ b/src/plugins/unittest/crypto/aes_ctr.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Test vectors for AES-CTR published here:
+ * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
+ */
+
+#include <vppinfra/clib.h>
+#include <vnet/crypto/crypto.h>
+#include <unittest/crypto/crypto.h>
+
+static u8 tc1_key[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+};
+
+static u8 tc1_iv[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+};
+
+static u8 tc1_plaintext[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+};
+
+static u8 tc1_ciphertext[] = {
+ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
+};
+
+/* *INDENT-OFF* */
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes128_ctr_tc1) = {
+ .name = "CTR-AES128 TC1",
+ .alg = VNET_CRYPTO_ALG_AES_128_CTR,
+ .key = TEST_DATA (tc1_key),
+ .iv = TEST_DATA (tc1_iv),
+ .plaintext = TEST_DATA (tc1_plaintext),
+ .ciphertext = TEST_DATA (tc1_ciphertext),
+};
+/* *INDENT-ON* */
+
+static u8 tc1_192_key[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+};
+
+static u8 tc1_192_iv[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+};
+
+static u8 tc1_192_ciphertext[] = {
+ 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2,
+ 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b,
+};
+
+/* *INDENT-OFF* */
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes192_ctr_tc1) = {
+ .name = "CTR-AES192 TC1",
+ .alg = VNET_CRYPTO_ALG_AES_192_CTR,
+ .key = TEST_DATA (tc1_192_key),
+ .iv = TEST_DATA (tc1_192_iv),
+ .plaintext = TEST_DATA (tc1_plaintext),
+ .ciphertext = TEST_DATA (tc1_192_ciphertext),
+};
+/* *INDENT-ON* */
+
+static u8 tc1_256_key[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+};
+
+static u8 tc1_256_iv[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+};
+
+static u8 tc1_256_ciphertext[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
+};
+
+/* *INDENT-OFF* */
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes256_ctr_tc1) = {
+ .name = "CTR-AES256 TC1",
+ .alg = VNET_CRYPTO_ALG_AES_256_CTR,
+ .key = TEST_DATA (tc1_256_key),
+ .iv = TEST_DATA (tc1_256_iv),
+ .plaintext = TEST_DATA (tc1_plaintext),
+ .ciphertext = TEST_DATA (tc1_256_ciphertext),
+};
+/* *INDENT-ON* */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 92b65a4722a..06f7e534e11 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -25,7 +25,10 @@
_(3DES_CBC, "3des-cbc") \
_(AES_128_CBC, "aes-128-cbc") \
_(AES_192_CBC, "aes-192-cbc") \
- _(AES_256_CBC, "aes-256-cbc")
+ _(AES_256_CBC, "aes-256-cbc") \
+ _(AES_128_CTR, "aes-128-ctr") \
+ _(AES_192_CTR, "aes-192-ctr") \
+ _(AES_256_CTR, "aes-256-ctr")
#define foreach_crypto_aead_alg \
_(AES_128_GCM, "aes-128-gcm") \