← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #58799

[Bug 1642428] [NEW] Add sha384 and sha512 auth algorithms for vendor drivers

  Thread PreviousDate PreviousThread Next 
Public bug reported:

https://review.openstack.org/393702
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.

commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
Author: Dongcan Ye <hellochosen@xxxxxxxxx>
Date:   Fri Nov 4 18:43:32 2016 +0800

    Add sha384 and sha512 auth algorithms for vendor drivers
    
    Currently, VPNaaS limits the IPSec and IKE auth algorithm to
    "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
    and the new driver supports more auth algorithms, such as "sha2-384",
    "sha2-512", it can not integrated with current VPNaaS plugin.
    
    This patch add "sha384" and "sha512" auth algorithms in API and DB side,
    Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
    support these, so we add a validator in ipsec and Cisco CSR service driver,
    that will raise an exception when creating or updating the IPSec/IKE Policy
    auth algorithm with "sha384" and "sha512".
    Other vendors can bypass validate ike_policy and ipsec_policy
    when creating and updating auth_algorithm, or implement specific
    logic for themselves.
    
    DocImpact
    APIImpact
    NOTE: CLI support also needs change.
    
    Closes-Bug: #1638152
    Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: doc neutron-vpnaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1642428

Title:
      Add sha384 and sha512 auth algorithms for vendor drivers

Status in neutron:
  New

Bug description:
  https://review.openstack.org/393702
  Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.

  commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
  Author: Dongcan Ye <hellochosen@xxxxxxxxx>
  Date:   Fri Nov 4 18:43:32 2016 +0800

      Add sha384 and sha512 auth algorithms for vendor drivers
      
      Currently, VPNaaS limits the IPSec and IKE auth algorithm to
      "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
      and the new driver supports more auth algorithms, such as "sha2-384",
      "sha2-512", it can not integrated with current VPNaaS plugin.
      
      This patch add "sha384" and "sha512" auth algorithms in API and DB side,
      Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
      support these, so we add a validator in ipsec and Cisco CSR service driver,
      that will raise an exception when creating or updating the IPSec/IKE Policy
      auth algorithm with "sha384" and "sha512".
      Other vendors can bypass validate ike_policy and ipsec_policy
      when creating and updating auth_algorithm, or implement specific
      logic for themselves.
      
      DocImpact
      APIImpact
      NOTE: CLI support also needs change.
      
      Closes-Bug: #1638152
      Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1642428/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next