Skip to content

[v2] vpnaas: add support for more ciphers (auth, encryption, pfs modes) #3333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 23, 2025
Merged

[v2] vpnaas: add support for more ciphers (auth, encryption, pfs modes) #3333

merged 1 commit into from
Mar 23, 2025

Conversation

gophercloud-backport-bot[bot]
Copy link

Backport: #3315

For VPNaaS IKE policies and IPSEC policies several choices for encryption algorithms, auth algorithms and PFS modes have been added.

Encryption algorithms: add AES CCM mode and AES GCM mode variants for 128/192/256 bit keys and 8/12/16 octet ICVs. Add AES CTR modes for 128/192/256 bit keys.
Auth algorithms: add aes-xcbc and aes-cmac.
PFS: add Diffie Hellman groups 15 to 31.

Closes: #3314

Fixes #3314
Links to the line numbers/files in the OpenStack source code that support the
code in this PR:

https://opendev.org/openstack/neutron-lib/src/commit/bf21a6dcd48bdd15c28086f256319ac035b7fef0/neutron_lib/api/definitions/vpn.py#L47
https://opendev.org/openstack/neutron-lib/src/branch/master/neutron_lib/api/definitions/vpn_aes_ctr.py
https://opendev.org/openstack/neutron-lib/src/commit/bf21a6dcd48bdd15c28086f256319ac035b7fef0/neutron_lib/api/definitions/vpn.py#L178
https://opendev.org/openstack/neutron-lib/src/branch/master/neutron_lib/api/definitions/vpn_aes_ctr.py

@bpetermannS11
vpnaas: add support for more ciphers (auth, encryption, pfs modes)
b76a690 
For VPNaaS IKE policies and IPSEC policies several choices for
encryption algorithms, auth algorithms and PFS modes have been
added.

Encryption algorithms: add AES CCM mode and AES GCM mode variants
for 128/192/256 bit keys and 8/12/16 octet ICVs. Add AES CTR modes
for 128/192/256 bit keys.
Auth algorithms: add aes-xcbc and aes-cmac.
PFS: add Diffie Hellman groups 15 to 31.

Closes: #3314
@github-actions github-actions bot added edit:networking This PR updates networking code v2 This PR targets v2 semver:minor Backwards-compatible change labels Mar 23, 2025
@coveralls
Copy link

Coverage Status

coverage: 78.606%. remained the same
when pulling b76a690 on bp-v2-2727a96
into b4af4f3 on v2.

mandre
mandre approved these changes Mar 23, 2025
View reviewed changes
Copy link
Contributor

@mandre mandre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI failure is a (frequent) flake.

@mandre mandre merged commit 23f18e1 into v2 Mar 23, 2025
23 of 27 checks passed
@mandre mandre deleted the bp-v2-2727a96 branch March 23, 2025 15:37
@bpetermannS11 bpetermannS11 mentioned this pull request Apr 4, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mandre mandre mandre approved these changes

Assignees
No one assigned
Labels
edit:networking This PR updates networking code semver:minor Backwards-compatible change v2 This PR targets v2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@coveralls @mandre @bpetermannS11