summaryrefslogtreecommitdiffstats
path: root/src/plugins/crypto_ipsecmb
AgeCommit message (Collapse)AuthorFilesLines
2019-10-31vppinfra: add clib_mem_free_sBenoît Ganne1-6/+2
IPsec zero-es all allocated key memory including memory sur-allocated by the allocator. Move it to its own function in clib mem infra to make it easier to instrument. Type: refactor Change-Id: Icd1c44d18b741e723864abce75ac93e2eff74b61 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 78af0a8c5ff1a33ff8dccb1b2ea6ffadb8ef7b62)
2019-09-05crypto: add '-maes' compile switchBenoît Ganne1-1/+1
AES intrinsics use builtins available only with the -maes and GCC 9 just started to enforce it. Type: fix Change-Id: Ia6825ea3eae7191a4bfee47f9fa93fad16ccf76c Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 561be280feb6a10834bf50e0813cc0ad3c635067)
2019-05-16init / exit function orderingDave Barach1-4/+6
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-07ipsec-mb: fix the "make test" on non-AESNI platformsAndrew Yourtchenko1-0/+3
"make test" fails with invalid instruction on non-AESNI platform, so do not register the ipsec-mb crypto backend in this case. Change-Id: I61887e40ce3d39880e7da534b9dee00fd677d8fd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-05-06Remove target option when IPSecMB disabledNathan Skrzypczak1-2/+1
Change-Id: I2313932bdc41a4702585aa338f22df3f6e4e23d7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion1-49/+16
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: CBC IV size is always equal to block sizeDamjan Marion1-27/+13
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: use pre-expanded keysDamjan Marion1-218/+207
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion1-4/+7
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-23Bump to intel-ipsec-mb version 0.52Damjan Marion1-2/+4
Change-Id: Ifeaf93c98e4af92da9409fa5a2114b577e8c0937 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-17crypto-ipsecmb: enable GCMNeale Ranns1-24/+220
Change-Id: I670d7899bcc63a419daf481167dc445a6386cce8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-15crypto: fix coverity warningsFilip Tehlar1-0/+2
Change-Id: Id9dfd912517c44cf812953bd05ac04c9e172a2b7 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-04-11IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns2-14/+57
hard code IV and key lengths based on cipher. Init IV from random data, use AES instruction to rotate. Change-Id: I13a6507d12267b823c528660a903787baeba47a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-10crypto: Intel IPSEC-MB engineNeale Ranns2-0/+416
A plugin to use Intel IPSec MB library as a VPP crypto engine This changes uses concepts from: https://gerrit.fd.io/r/#/c/17301/ hence that author's work is acknowledge below Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>