Modify

Opened 7 years ago

Last modified 4 years ago

#8928 accepted enhancement

Add support for more IPSec crypto modules

Reported by: kevinoid Owned by: nico
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: Cc:

Description

In order to create a functional IPSec connection using the in-kernel IPSec stack (NETKEY), there are several modules which are required that are not currently available from the OpenWrt configuration interface. Particularly, several initialization vectors, the crypto random number generator, block cipher modes, and the crypto workqueue.

The attached patches add packages for each logically separate module (or group of modules) to allow users to only select the modules they require.

Patch 7 and 8 in the series may be controversial. Since there are very few (if any) crypto modules which are required in all IPSec configurations, these patches remove the dependency on specific crypto packages from the networking IPSec package in favor of a meta-package to select all common IPSec crypto modules. This affords mortal users the convenience of selecting all commonly required IPSec modules and godlike developers the ability to select only the modules their specific IPSec configuration requires.

I welcome your consideration and feedback.

Attachments (11)

0001-Package-crypto_wq-module.patch (1.3 KB) - added by kevinoid 7 years ago.
Patch to add a package for the crypto_wq module
0002-Add-package-for-random-number-generators.patch (1.7 KB) - added by kevinoid 7 years ago.
Patch to add a package for the cryptographic random number generators
0003-Package-block-cipher-initialization-vectors.patch (2.2 KB) - added by kevinoid 7 years ago.
Patch to add a package for the block cipher initialization vectors
0004-Package-the-seqiv-module.patch (1.1 KB) - added by kevinoid 7 years ago.
Patch to add a package for the seqiv module
0005-Package-ctr-crypto-module.patch (1.1 KB) - added by kevinoid 7 years ago.
Patch to add a package for the ctr module
0006-Package-ccm-crypto-module.patch (1.1 KB) - added by kevinoid 7 years ago.
Patch to add a package for the ccm module
0007-Create-meta-package-for-common-IPSec-crypto-modules.patch (1.9 KB) - added by kevinoid 7 years ago.
Patch to create a cryptographic IPSec modules meta-package
0008-Don-t-require-specific-crypto-modules-for-ipsec-pack.patch (1.8 KB) - added by kevinoid 7 years ago.
Patch to remove crypto dependencies from the networking IPSec package
0009-Package-zlib-crypto-module.patch (2.3 KB) - added by kevinoid 7 years ago.
Patch to add a package for the zlib crypto modules
0010-Require-crypto-cbc-for-crypto-ipsec.patch (919 bytes) - added by kevinoid 7 years ago.
Patch to require cbc module for crypto-ipsec
openwrt-ipsec-crypto-patches-20110529.tar.gz (2.3 KB) - added by kevin@… 7 years ago.
Updated patch set against current trunk

Download all attachments as: .zip

Change History (14)

Changed 7 years ago by kevinoid

Patch to add a package for the crypto_wq module

Changed 7 years ago by kevinoid

Patch to add a package for the cryptographic random number generators

Changed 7 years ago by kevinoid

Patch to add a package for the block cipher initialization vectors

Changed 7 years ago by kevinoid

Patch to add a package for the seqiv module

Changed 7 years ago by kevinoid

Patch to add a package for the ctr module

Changed 7 years ago by kevinoid

Patch to add a package for the ccm module

Changed 7 years ago by kevinoid

Patch to create a cryptographic IPSec modules meta-package

Changed 7 years ago by kevinoid

Patch to remove crypto dependencies from the networking IPSec package

Changed 7 years ago by kevinoid

Patch to add a package for the zlib crypto modules

Changed 7 years ago by kevinoid

Patch to require cbc module for crypto-ipsec

Changed 7 years ago by kevin@…

Updated patch set against current trunk

comment:1 Changed 7 years ago by kevin@…

I have rebased the patches against the current trunk to address the updated conventions (e.g. kernel module extensions) and the inclusion of several of the modules in r26812-26814. Currently outstanding are the seqiv, ctr, and ccm modules as well as the IPsec crypto metapackage. I am not really set on the metapackage, although I do think it would be useful for balancing ease of configuration with need for small size on some platforms...

comment:2 Changed 6 years ago by nico

  • Owner changed from developers to nico
  • Status changed from new to accepted

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as accepted .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.