Adding IPsec support #1206
Adding IPsec support #1206
Conversation
|
can you remove the file .DS_Store? |
|
Please see in-line.
AFAIK, SAI counters are always associated with an SAI object. Any top level "foo" counter would be associated with SAI_SWITCH object and would have an enum named SAI_SWITCH_STAT_foo. From your description, I do not understand which object you want these "global" counters for and what are counter semantics you are looking for. Also note the hardware is not capable of having a counter at SAI_SWITCH level, since the counters are per IPsec engine and each engine may serve a subset of ports. Normally the highest level the IPsec engine hardware counts is at port level. If you do not expose that details in the counter API, you lose information about which port is contributing to the "global" counters.
From this comment, as well as from the request for notify criteria, it seems you consider packets that cannot be decrypted by hardware as exception packets. However, our model was there can be 3 types of IPsec packets that can match the host/switch IP address:
To allow software decryption, the hardware has the capability of forwarding encrypted packets to the switch software. If there is no decryption capability in software, the switch can install a "system ACL" to detect all such packets (with ESP header) and to drop and count those. This seems a more flexible way of implementing the IPsec decryption. |
|
For notifications related to SN counter, don't we need the SA_INDEX? And in that case, do we want to send a separate notification for each event on each SA? Please see 3 more comments in-line.
Do the soft- and hard-limits refer to SN in the ESP header or something else? Do we need any per-SA attributes to define these thresholds?
This is for tx (encryption) SAs only - right? Would it better to call this something like SAI_IPSEC_CONDITION_TYPE_SN_MAX_REACHED? After all packets are not transmitted with rolled over SN.
|
RE: This is for tx (encryption) SAs only - right? Would it better to call this something like SAI_IPSEC_CONDITION_TYPE_SN_MAX_REACHED |
This is resolved |
I am not exactly sure what you mean by invalid SA/decryption failure. Perhaps you mean IPsec packets that match one of the Security Engine's tunnel termination criteria, but do not terminate the IPsec in the Security Engine? This is not supported in the other IPsec hardware and sounds like an implementation specific debug counter. AFAIK, the NOS can allow such implementation-specific debug features, but outside the scope of the standard SAI API. |
|
please resolve conflicts and correct possible errors |
dipankar-ba
force-pushed
the
Add_IPsec_support
branch
2 times, most recently
from
bd820a8
to
8869a27
Compare
dipankar-ba
force-pushed
the
Add_IPsec_support
branch
from
db87624
to
61a010b
Compare
meta/saiserialize.c
Outdated
| _In_ const char *buffer, | ||
| _Out_ sai_macsec_sak_t sak) | ||
| { | ||
| return sai_deserialize_encrypt_key( buffer, sak ); |
There was a problem hiding this comment.
if _macsec and encrypt_key are the same why 2 differnt types introduced ?
There was a problem hiding this comment.
In the sai-ipsec subgroup meeting on July 14, it was decided to duplicate the data type for IPsec because of the unfortunate naming of the MACsec data type.
The existing sai_macsec_sak_t and the corresponding enum SAI_MACSEC_SA_ATTR_SAK should not be changed because those are used in existing MACsec drivers and NOS code.
Using sai_macsec_sak_t for IPsec could have worked with an enum SAI_IPSEC_SA_ATTR_MACSEC_SAK, but those names have no meaning in the IPsec context. Hence duplication was preferred.
meta/saiserialize.c
Outdated
| _In_ const char *buffer, | ||
| _Out_ sai_macsec_auth_key_t auth) | ||
| { | ||
| return sai_deserialize_auth_key( buffer, auth ); |
There was a problem hiding this comment.
if auth_key and mansec_auth_key is the same, why 2 different types intdoduced ?
There was a problem hiding this comment.
In the sai-ipsec subgroup meeting on July 14, it was decided to duplicate the data type for IPsec because of the unfortunate naming of the MACsec data type.
The existing sai_macsec_auth_key_t and the corresponding enum SAI_MACSEC_SA_ATTR_AUTH_KEY should not be changed because those are used in existing MACsec drivers and NOS code.
Using sai_macsec_auth_key_t for IPsec could have worked with an enum SAI_IPSEC_SA_ATTR_MACSEC_AUTH_KEY, but the MACsec reference in IPsec context is weird and confusing. Hence duplication was preferred.
There was a problem hiding this comment.
instead of having 2 different types, can we have 1 type (new one) and add a "define OLD_type NEW_type" ??
There was a problem hiding this comment.
In the sai-ipsec subgroup meeting on July 14, it was decided to duplicate the data type for IPsec because of the unfortunate naming of the MACsec data type.
Why SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is needed when MACsec Secure Association created?
MACsec is based on 802.1AE cipher suite.
Data plane encryption is based on GCM-AES-128/256 or GCM-XPN-AES-128/256.
Data plane authentication is based on GHASH function as GCM Spec.
What can the MACsec crypto hardware do with an SAI_MACSEC_ATTR_MACSEC_AUTH_KEY ?
|
I made mistake on resolving conflicts: if accidently remove "SAI_TUNNEL_ATTR_TYPE == SAI_TUNNEL_TYPE_NVGR" @dipankar-ba can you update? |
|
@dipankar-ba - please resolve conflicts? Thanks. |
|
Sorry, I had thought it had merged. I will take a look.
- Dipankar
…On Thu, Aug 26, 2021 at 9:24 AM rlhui ***@***.***> wrote:
@dipankar-ba <https://github.com/dipankar-ba> - please resolve conflicts?
Thanks.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1206 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN3GZXMVEBU6PZHRF3QZGBTT6ZTCBANCNFSM4ZPQNHIA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
|
@kcudnik |
|
your current fail is here: as for ACL enum shifts, acl enums changed beginning from your PR, since march 19, and to actually fix that you would need to rebase this PR on top of master instead of having branches |
dipankar-ba
force-pushed
the
Add_IPsec_support
branch
from
0c355bd
to
708f4a5
Compare
dipankar-ba
force-pushed
the
Add_IPsec_support
branch
2 times, most recently
from
9135d15
to
1469eca
Compare
Removed parsing hint from decrypted packet 1st nibble. Added notification support. (cherry-pick f30f96d 7a7f806 c984217) Fixed notification mechanism. Changed IPSEC_SA_TAG_TPID default value. (cherry-pick 2227b36 ce6d675 8869a2) Added sai_encrypt_key_t and sai_auth_key_t (cherry-pick 61a010b 67d01dd) Moving new attributes to the end of enums Removed SAI_TUNNEL_TYPE_NVGRE (cherry-pick de6a638 67b6caf) Signed-off-by: dipankar-ba <dipankar@arista.com>
dipankar-ba
force-pushed
the
Add_IPsec_support
branch
from
1469eca
to
215ece8
Compare
|
The crypto hardware uses SAI_MACSEC_ATTR_MACSEC_AUTH_KEY for the GHASH
function. My initial draft of SAI_MACSEC did not have this, because
theoretically the hardware or the driver could compute it from the
encryption key. But during the in-person review, someone wanted it on the
interface, because traditionally it has been done that way in existing
driver interfaces. And nobody objected to that request.
- Dipankar
…On Sat, Nov 5, 2022 at 1:58 AM Haidong Gong ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In meta/saiserialize.c
<#1206 (comment)>
:
> +{
+ return sai_deserialize_encrypt_key( buffer, sak );
+}
+
+int sai_serialize_macsec_auth_key(
+ _Out_ char *buffer,
+ _In_ const sai_macsec_auth_key_t auth)
+{
+ return sai_serialize_auth_key( buffer, auth );
+}
+
+int sai_deserialize_macsec_auth_key(
+ _In_ const char *buffer,
+ _Out_ sai_macsec_auth_key_t auth)
+{
+ return sai_deserialize_auth_key( buffer, auth );
In the sai-ipsec subgroup meeting on July 14, it was decided to duplicate
the data type for IPsec because of the unfortunate naming of the MACsec
data type.
Why SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is needed when MACsec Secure
Association created?
MACsec is based on 802.1AE cipher suite.
Data plane encryption is based on GCM-AES-128/256 or GCM-XPN-AES-128/256.
Data plane authentication is based on GHASH function as GCM Spec.
What can the MACsec crypto hardware do with an
SAI_MACSEC_ATTR_MACSEC_AUTH_KEY ?
—
Reply to this email directly, view it on GitHub
<#1206 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN3GZXOK6SRNIBBVW5QN53LWGYOS5ANCNFSM4ZPQNHIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
So SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is H for GHASH(H,A,C) which is calculated by E(K,0). |
|
It seemed logical to give the same flags to SAI_MACSEC_SA_ATTR_SAK and
SAI_MACSEC_ATTR_MACSEC_AUTH_KEY,
since the latter can be computed once at the same time SAK is available.
What would be the advantage of delaying the AUTH_KEY computation?
- Dipankar
On Tue, Nov 8, 2022 at 3:58 AM Haidong Gong ***@***.***>
wrote:
… The crypto hardware uses SAI_MACSEC_ATTR_MACSEC_AUTH_KEY for the GHASH
function. My initial draft of SAI_MACSEC did not have this, because
theoretically the hardware or the driver could compute it from the
encryption key. But during the in-person review, someone wanted it on the
interface, because traditionally it has been done that way in existing
driver interfaces. And nobody objected to that request. - Dipankar
… <#m_4630814634200061671_>
On Sat, Nov 5, 2022 at 1:58 AM Haidong Gong *@*.*> wrote: @.** commented
on this pull request. ------------------------------ In meta/saiserialize.c
<#1206 (comment)
<#1206 (comment)>>
: > +{ + return sai_deserialize_encrypt_key( buffer, sak ); +} + +int
sai_serialize_macsec_auth_key( + *Out* char *buffer, + In const
sai_macsec_auth_key_t auth) +{ + return sai_serialize_auth_key( buffer,
auth ); +} + +int sai_deserialize_macsec_auth_key( + In const char buffer,
+ Out sai_macsec_auth_key_t auth) +{ + return sai_deserialize_auth_key(
buffer, auth ); In the sai-ipsec subgroup meeting on July 14, it was
decided to duplicate the data type for IPsec because of the unfortunate
naming of the MACsec data type. Why SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is
needed when MACsec Secure Association created? MACsec is based on 802.1AE
cipher suite. Data plane encryption is based on GCM-AES-128/256 or
GCM-XPN-AES-128/256. Data plane authentication is based on GHASH function
as GCM Spec. What can the MACsec crypto hardware do with an
SAI_MACSEC_ATTR_MACSEC_AUTH_KEY ? — Reply to this email directly, view it
on GitHub <#1206 (comment)
<#1206 (comment)>>,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AN3GZXOK6SRNIBBVW5QN53LWGYOS5ANCNFSM4ZPQNHIA
<https://github.com/notifications/unsubscribe-auth/AN3GZXOK6SRNIBBVW5QN53LWGYOS5ANCNFSM4ZPQNHIA>
. You are receiving this because you were mentioned.Message ID: @.**>
So SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is H for GHASH(H,A,C) which is
calculated by E(K,0).
SAI_MACSEC_ATTR_MACSEC_AUTH_KEY is not necessary to be MANDATORY_ON_CREATE.
—
Reply to this email directly, view it on GitHub
<#1206 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN3GZXMFNFZUXY26OMWNHYTWHI55JANCNFSM4ZPQNHIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
If hardware support calc H from SAI_MACSEC_SA_ATTR_SAK, H is not needed when create MACSEC SA. |
Hardware crypto implement could have different architecture, it might be cipher-text based or packet flow based. |
|
Hi Haidong,
Sorry, I do not understand. Are we still talking of 2 different
implementation of the same AES-GCM cypher-suite? Do you have any
references that explains the 2 implementations?
Also, if we are still talking about AES-GCM, the NOS could provide the
AUTH_KEY during the SA creation and the hardware could choose to not use it
- right?
- Dipankar
…On Tue, Nov 8, 2022 at 9:19 PM Haidong Gong ***@***.***> wrote:
What would be the advantage of delaying the AUTH_KEY computation?
Hardware crypto implement could have different architecture, it might be
cipher-text based or packet flow based.
In packet flow based implement the crypto uint in hardware support
pipeline process per cycle, support H calculation in "Start of packet"
cycle causes no "delaying" or extra hardware cost.
—
Reply to this email directly, view it on GitHub
<#1206 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN3GZXIK2HWSIYW4FV4SZZTWHMX6VANCNFSM4ZPQNHIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
There are reasons for hardware crypto implement making choice to calculate H or put it in storage like SRAM:
As you said "hardware could choose to not use it". If you want to keep, that's ok to me. |
|
Hi Haidong,
I do not want to do this because:
1. CREATE_ONLY without MANDATORY_ON_CREATE does not make sense. It does
not define if the NOS should provide this attribute or not.
1. It is disruptive. If NOS does not provide this attribute, existing
(hardware+driver) implementations will break - requiring at least a driver
modification
2. It is unnecessary - it costs little for NOS to compute the AUTH_KEY once
and provide it to the driver
3. The current AUTH_KEY attribute+flags work even with a (driver+hardware)
implementation that chooses to compute the AUTH_KEY, instead of using one
from the NOS.
If you still feel strongly about this, you can submit a PR and have it
reviewed by the community.
BTW, there is no need to compute AUTH_KEY per packet - computing once for
all packets in the SA is sufficient. So, hardware speed has nothing to do
with the implementation choice. And I cannot see why anyone will choose to
compute this in hardware.
Regards.
- Dipankar
…On Wed, Nov 9, 2022 at 6:49 PM Haidong Gong ***@***.***> wrote:
Also, if we are still talking about AES-GCM, the NOS could provide the
There are reasons for hardware crypto implement making choice to calculate
H or put it in storage like SRAM:
1. session number
2. speed
3. architecture
I could understand some PHY implement put it in storage like SRAM as
input parameter for only several session there.
And maybe there are timing or latency issue in their hardware
implement to calc H especially in high frequency Clock like 800G PHY.
However, if session number is up to K level and frequency is not high
enough,that's another story.
As you said "hardware could choose to not use it".
That's the point, if hardware could choose to not use it, why it must be
MANDATORY_ON_CREATE ?
Or software need it for any other reason ?
It seems to me the only reason whole system need it, is some hardware
could not calculate it per packet from SAK in line rate.
I don't think NOS always need to calucate it every time it need a new SAK.
For system like Sonic with SAI, it should be considered whether the driver
layer is the better palce to put this parameter.
If you want to keep, that's ok to me.
Just change it from "MANDATORY_ON_CREATE | CREATE_ONLY" to CREATE_ONLY.
—
Reply to this email directly, view it on GitHub
<#1206 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN3GZXNCZCWOZPKFZGDIZTLWHRPDFANCNFSM4ZPQNHIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
To 1. ”provide this attribute or not“ should not be deciced by NOS,it should be decided by hardware if this parameter is needed. For hardware need H, it should be calculated from SAK by driver. For hardware does not need it, SAK is enough. NOS has nothing to do with H. To 2. As I said "session number" could lead to problems for both software and hardware. Hardware does not want to take the cost of SRAM for 10K session's extra parameter storage which could be calculated without any cost because the calc unit is always there. Software does not want to calculate 10K session's H from SAK when the controller or administrator switches 10K session's SAK periodically. If this must be done, only the driver of serveal PHY which need H calc it. To 3. NOS has nothing to do with H and it must calculate it just because it may not known if the hardware could calc it. This may work with Sonic now because Sonic makes the assumption that H is always needed. To BTW. The need is there for the cost of SRAM of 10K session's extra parameter storage in ASIC. And the speed I said means the Clock Frequency of ASIC which could be 800MHz or even GHz, in this case session number is definitely small and the lantecy/timig is critical, the trade-off is naturely for ASIC designer to choice H to be an input parameter from SRAM storage. |
Signed-off-by: dipankar-ba dipankar@arista.com