aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp.h
AgeCommit message (Collapse)AuthorFilesLines
2023-03-23ipsec: make pre-shared keys harder to misuseBenoît Ganne1-3/+0
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2 instead, but one does not always have the choice. For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C) whereas for AES-CTR or AES-GCM, the IV should never be reused with the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d section 8). If one uses pre-shared keys and VPP is restarted, the IV counter restarts at 0 and the same IVs are generated with the same pre-shared keys materials. To fix those issues we follow the recommendation from NIST SP800-38a and NIST SP800-38d: - we use a PRNG (not cryptographically secured) to generate IVs to avoid generating the same IV sequence between VPP restarts. The PRNG is chosen so that there is a low chance of generating the same sequence - for AES-CBC, the generated IV is encrypted as part of the message. This makes the (predictable) PRNG-generated IV unpredictable as it is encrypted with the secret key - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine Most of the changes in this patch are caused by the need to shoehorn an additional state of 2 u64 for the PRNG in the 1st cacheline of the SA object. Type: improvement Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor1-13/+77
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-12-04ipsec: fix async buffer leakMatthew Smith1-1/+0
Type: fix Fixes: f16e9a5507 If an attempt to submit an async crypto frame fails, the buffers that were added to the frame are supposed to be dropped. This was not happening and they are leaking, resulting in buffer exhaustion. There are two issues: 1. The return value of esp_async_recycle_failed_submit() is used to figure out how many buffers should be dropped. That function calls vnet_crypto_async_reset_frame() and then returns f->n_elts. Resetting the frame sets n_elts to 0. So esp_async_recycle_failed_submit() always returns 0. It is safe to remove the call to reset the frame because esp_async_recycle_failed_submit() is called in 2 places and a call to reset the frame is made immediately afterwards in both cases - so it is currently unnecessary anyway. 2. An array and an index are passed to esp_async_recycle_failed_submit(). The index should indicate the position in the array where indices of the buffers contained in the frame should be written. Across multiple calls, the same index value (n_sync) is passed. This means each call may overwrite the same entries in the array with the buffer indices in the frame rather than appending them to the entries which were written earlier. Pass n_noop as the index instead of n_sync. Change-Id: I525ab3c466965446f6c116f4c8c5ebb678a66d84 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns1-3/+4
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-03-05ipsec: Support async mode per-SANeale Ranns1-20/+15
Type: feature This feautre only applies to ESP not AH SAs. As well as the gobal switch for ayncs mode, allow individual SAs to be async. If global async is on, all SAs are async. If global async mode is off, then if then an SA can be individually set to async. This preserves the global switch behaviour. the stratergy in the esp encrypt.decrypt nodes is to separate the frame into, 1) sync buffers, 2) async buffers and 3) no-op buffers. Sync buffer will undergo a cyrpto/ath operation, no-op will not, they are dropped or handed-off. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
2021-02-05ipsec: add support for AES CTRBenoît Ganne1-0/+13
Type: feature Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns1-0/+1
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
2020-10-24ipsec: remove pending nodeFan Zhang1-0/+40
This patch removes esp-encrypt-pending and esp-decrypt-pending graph nodes from ipsec data-path. Type: improvement Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Icd90837eafdbfbfdf348681dcafb872593978980
2020-04-30crypto: introduce async crypto infraFan Zhang1-7/+79
Type: feature Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com> Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
2020-02-10ipsec: remove dead codeFilip Tehlar1-29/+0
Type: style Change-Id: Ifda9597bf4aee89cf1dfd287429a2772fed8f535 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-07-16ipsec: handle UDP keepalivesNeale Ranns1-1/+5
Type: feature Change-Id: I87cc1168466f267e8c4bbec318401982f4bdf03a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-29ipsec: fix perf issue in esp_aad_fillDamjan Marion1-4/+7
Type: fix Fixes: 47feb11 Change-Id: I6b3b97cd361eef19c910c14fd06edb001a4c191b Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion1-2/+1
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-16IPSEC: support GCM in ESPNeale Ranns1-0/+34
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-08IPSEC TEST: various hash alogrithmsNeale Ranns1-1/+1
Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion1-4/+4
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04ipsec: trunc_size -> icv_sizeDamjan Marion1-2/+2
Change-Id: Idb661261c2191adda963a7815822fd7a27a9e7a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29ipsec: esp-decrypt reworkDamjan Marion1-0/+1
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28crypto: add vnet_crypto_op_init (...)Damjan Marion1-1/+1
Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESNDamjan Marion1-2/+2
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28ipsec: anti-replay code cleanupDamjan Marion1-120/+0
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion1-5/+6
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ipsec: esp-encrypt reworkDamjan Marion1-1/+3
Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-25IPSEC tests fnd fix or Extended Sequence NumbersNeale Ranns1-1/+3
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-22ipsec: fix esn handlingDamjan Marion1-9/+5
Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20crypto: add hmac truncate optionDamjan Marion1-0/+1
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52. Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20ipsec: keep crypto data inside SADamjan Marion1-9/+7
Change-Id: Ie8986bd3652d25c4befe681cea77df95aba37ebc Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-19crypto: introduce crypto infraDamjan Marion1-93/+15
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2018-11-29ipsec: move ipsec defs to ipsec.hKlement Sekera1-51/+0
Change-Id: Ia3dcd98edb6188deb96a3a99d831e71b2ffa0060 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-1/+1
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-09ipsec: support UDP encap/decap for NAT traversalKlement Sekera1-0/+8
Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-23IPSEC_AH: broken initialization (VPP-1208)Marco Varlese1-1/+1
The init-path for IPSEC_AH where the CTX gets initialized is broken since the for-loop never executes due to the wrong usage of tm->n_vlib_mains which being subtracted by 1. Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-11-29DES-CBC/3DES-CBC support for VPP IPSec Core“mukeshyadav1984”1-0/+19
Change-Id: I876f215b129e5e59d3acc6447ce40458cc341eba Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
2017-11-28IPSec AH protocol enhancement in VPP native core“mukeshyadav1984”1-25/+28
Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939 Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
2017-11-10Allow Openssl 1.1.0Marco Varlese1-1/+23
This patch addresses all the code changes required to VPP to support openssl 1.1.0 API. All the changes have been done so that VPP can still be built against current openssl API whilst forward-looking to version 1.1.0. Change-Id: I65e22c53c5decde7a15c7eb78a62951ee246b8dc Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace1-1/+1
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-05dpdk/ipsec: rework plus improved cli commandsSergio Gonzalez Monroy1-0/+4
This patch reworks the DPDK ipsec implementation including the cryptodev management as well as replacing new cli commands for better usability. For the data path: - The dpdk-esp-encrypt-post node is not necessary anymore. - IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead of ip4-input. The DPDK cryptodev cli commands are replaced by the following new commands: - show dpdk crypto devices - show dpdk crypto placement [verbose] - set dpdk crypto placement (<device> <thread> | auto) - clear dpdk crypto placement <device> [<thread>] - show dpdk crypto pools Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-04-06Use thread local storage for thread indexDamjan Marion1-4/+4
This patch deprecates stack-based thread identification, Also removes requirement that thread stacks are adjacent. Finally, possibly annoying for some folks, it renames all occurences of cpu_index and cpu_number with thread index. Using word "cpu" is misleading here as thread can be migrated ti different CPU, and also it is not related to linux cpu index. Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion1-0/+320
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>