Age | Commit message (Collapse) | Author | Files | Lines |
|
The 0.55 version of libipsec_mb does not support the chacha functions
used in the plugin.
The missing symobls are:
ipsecmb_ops_chacha_poly
ipsecmb_ops_chacha_poly_chained
IMB_CIPHER_DIRECTION
Check for ipsecmb_ops_chacha_poly() and conditionalise the chacha code
in the plugin on this.
ipsec_mb 0.55 is the version currently found in Debian Stable (bullseye)
Type: make
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I88c962ac4f99a58b5cd61fb9b75f692e27d4ec30
|
|
Type: feature
This patch adds chacha20-poly1305 single and chained algorithm
support to ipsecmb crypto engine.
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: If04ee0c8f985b07fd31dad1ce29000ec6f1733c5
|
|
Type: make
Change-Id: I780c1c81a50cb92bc89c05856efd8ef88479c0ab
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Change-Id: Ide2901f5d2111a518b2c8212aa84468cef1d72ca
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Use error counters related to ipsec-mb return codes instead of
'bad-hmac' only.
Type: improvement
Change-Id: I9329da300a70d76b4d4ab30fa45f0a2a85d6519b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Do not access data structures based on uninitialized key->alg.
Type: fix
Fixes: f539578bac8b64886b57c460c9d74273e6613f8b
Change-Id: I6bfb7e7a51af2c131b8bdf3bca6a38fcf1094760
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
|
|
Type: improvement
Change-Id: I6bad46403c07b211dfda7229aed1b5e19342865f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ia65caf38988c7e860e6d028f93659916825ef16b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: docs
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I7280e5c5ad10a66c0787a5282291a2ef000bff5f
|
|
Type: docs
Change-Id: Ia00e3167e954271c9eb7618792fd86df288d5c19
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Use ipsecmb single GCM enc/dec API to furthuer improve single
buffer performance for small packets.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I2d34ff50d34b09f194fc0c88b6e9a3928a86fc33
|
|
This patch improves the GCM encrypt and decrypt performance using
the dedicated API provided by intel-ipsec-mb library. This helps
remove the overhead caused by the JOB API.
Type: feature
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I00c9ab3ed9f2660093fb2584feb8bca4979acee8
|
|
IPsec zero-es all allocated key memory including memory sur-allocated by
the allocator.
Move it to its own function in clib mem infra to make it easier to
instrument.
Type: refactor
Change-Id: Icd1c44d18b741e723864abce75ac93e2eff74b61
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
AES intrinsics use builtins available only with the -maes and GCC 9 just
started to enforce it.
Type: fix
Change-Id: Ia6825ea3eae7191a4bfee47f9fa93fad16ccf76c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
"make test" fails with invalid instruction on non-AESNI platform,
so do not register the ipsec-mb crypto backend in this case.
Change-Id: I61887e40ce3d39880e7da534b9dee00fd677d8fd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I2313932bdc41a4702585aa338f22df3f6e4e23d7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code
- fixes GCM unit tests
- GCM IV is constructed out of simple counter, per RFC4106 section 3.1
Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ifeaf93c98e4af92da9409fa5a2114b577e8c0937
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I670d7899bcc63a419daf481167dc445a6386cce8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id9dfd912517c44cf812953bd05ac04c9e172a2b7
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
hard code IV and key lengths based on cipher.
Init IV from random data, use AES instruction to rotate.
Change-Id: I13a6507d12267b823c528660a903787baeba47a0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
A plugin to use Intel IPSec MB library as a VPP crypto engine
This changes uses concepts from:
https://gerrit.fd.io/r/#/c/17301/
hence that author's work is acknowledge below
Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|