aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/crypto/crypto.c
AgeCommit message (Collapse)AuthorFilesLines
2020-02-11ipsec: add support for chained buffersFilip Tehlar1-39/+144
Type: feature Change-Id: Ie072a7c2bbb1e4a77f7001754f01897efd30fc53 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-13crypto: do not crash if no crypto engine loadedBenoît Ganne1-1/+1
Do not overflow ops_handlers vector. Type: fix Change-Id: I8d5e7fb8125a7bd87ecfe6f4f1390fb9f43dad8f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-12crypto: not use vec api with opt_data[VNET_CRYPTO_N_OP_IDS]Lijian Zhang1-1/+1
opt_data is defined as a array, while in some code, e.g., function vnet_crypto_get_op_type, it's used as vec. vec api is not applicable to static arraies. src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0))) Type: fix Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-06-25ipsec: return error if the engine backend has no handler for theNeale Ranns1-0/+8
requested alogrithm. Type: feature Change-Id: I19a9c14b2bb52ba2fc66246845b7ada73d5095d1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-07ipsec: remove the set_key APINeale Ranns1-22/+0
there's no use case to just change the key of an SA. instead the SA should be renegociated and the new SA applied to the existing SPD entry or tunnel. the set_key functions were untested. Type: refactor Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-05IPSEC: some CLI fixesNeale Ranns1-2/+2
Change-Id: I45618347e37440263270baf07b2f82f653f754a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne1-2/+34
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion1-3/+75
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-11IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns1-2/+5
hard code IV and key lengths based on cipher. Init IV from random data, use AES instruction to rotate. Change-Id: I13a6507d12267b823c528660a903787baeba47a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion1-42/+76
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-07crypto: coverity issuesDamjan Marion1-1/+1
Change-Id: I9db1b74097c9df587b9265b14a969d347bcb731a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04crypto: pass multiple ops to handlerDamjan Marion1-6/+41
Change-Id: I438ef1f50d83560ecc608f898cfc61d7f51e1724 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-26crypto: add set crypto handler CLIFilip Tehlar1-8/+47
Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-19crypto: introduce crypto infraDamjan Marion1-0/+127
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>