ipsec: fix AES CBC IV generation (CVE-2022-46397) For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>

commit: 02dfd296342525a0802132d85d0ea51da841e5ce [log] [tgz]
author: Benoît Ganne <bganne@cisco.com> Tue Jan 18 15:56:41 2022 +0100
committer: Dave Wallace <dwallacelf@gmail.com> Wed Feb 08 01:06:39 2023 +0000
tree: a4bdb7dbb25c30e8c6e9a9c379ee5e443de8fbab
parent: aaad4f977cd7337b37cc6f00019f601f07abdced [diff] [blame]
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index df079b1..88d5c42 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h

@@ -137,7 +137,7 @@
   u32 seq;
   u32 seq_hi;
   u64 replay_window;
-  u64 ctr_iv_counter;
+  u64 iv_counter;
   dpo_id_t dpo;
 
   vnet_crypto_key_index_t crypto_key_index;
commit	02dfd296342525a0802132d85d0ea51da841e5ce	[log] [tgz]
author	Benoît Ganne <bganne@cisco.com>	Tue Jan 18 15:56:41 2022 +0100
committer	Dave Wallace <dwallacelf@gmail.com>	Wed Feb 08 01:06:39 2023 +0000
tree	a4bdb7dbb25c30e8c6e9a9c379ee5e443de8fbab
parent	aaad4f977cd7337b37cc6f00019f601f07abdced [diff] [blame]