Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encrypt: broken IPsec algo removed #2552

Merged
merged 1 commit into from
May 17, 2024
Merged

encrypt: broken IPsec algo removed #2552

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cli/encrypt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ func newCmdIPsecRotateKey() *cobra.Command {
return nil
},
}
cmd.Flags().StringVarP(&params.IPsecKeyAuthAlgo, "auth-algo", "", "", "IPsec key authentication algorithm (optional parameter, if omitted the current settings will be used). One of: gcm-aes, hmac-md5, hmac-sha1, hmac-sha256, hmac-sha512")
cmd.Flags().StringVarP(&params.IPsecKeyAuthAlgo, "auth-algo", "", "", "IPsec key authentication algorithm (optional parameter, if omitted the current settings will be used). One of: gcm-aes, hmac-sha256, hmac-sha512")
cmd.Flags().StringVarP(&params.IPsecKeyPerNode, "key-per-node", "", "", "IPsec key per cluster node (optional parameter, if omitted the current settings will be used). One of: true, false")
_ = cmd.Flags().MarkHidden("key-per-node")
cmd.Flags().DurationVar(&params.WaitDuration, "wait-duration", 1*time.Minute, "Maximum time to wait for result, default 1 minute")
Expand Down
10 changes: 0 additions & 10 deletions encrypt/ipsec_key_rotator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ package encrypt
var rotators = map[string]func(key ipsecKey) (ipsecKey, error){
"": func(key ipsecKey) (ipsecKey, error) { return key.rotate() },
"gcm-aes": newGcmAesKey,
"hmac-md5": newHmacMD5Key,
"hmac-sha1": newHmacSHA1Key,
"hmac-sha256": newHmacSHA256Key,
"hmac-sha512": newHmacSHA512Key,
}
Expand Down Expand Up @@ -36,14 +34,6 @@ func newGcmAesKey(key ipsecKey) (ipsecKey, error) {
return newKey, nil
}

func newHmacMD5Key(key ipsecKey) (ipsecKey, error) {
return newCbcAesKey(key, "hmac(md5)", 16, 32)
}

func newHmacSHA1Key(key ipsecKey) (ipsecKey, error) {
return newCbcAesKey(key, "hmac(sha1)", 20, 32)
}

func newHmacSHA256Key(key ipsecKey) (ipsecKey, error) {
return newCbcAesKey(key, "hmac(sha256)", 32, 32)
}
Expand Down
38 changes: 0 additions & 38 deletions encrypt/ipsec_key_rotator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,6 @@ func Test_IsIPsecAlgoSupported(t *testing.T) {
have: "gcm-aes",
expected: true,
},
{
have: "hmac-md5",
expected: true,
},
{
have: "hmac-sha1",
expected: true,
},
{
have: "hmac-sha256",
expected: true,
Expand Down Expand Up @@ -216,36 +208,6 @@ func Test_rotateIPsecKey(t *testing.T) {
size: 128,
},
},
{
haveAlgo: "hmac-md5",
haveKey: ipsecKey{
spi: 1,
spiSuffix: true,
},
expected: ipsecKey{
spi: 2,
spiSuffix: true,
algo: "hmac(md5)",
key: "1286b7f6f9f61a4f",
cipherMode: "cbc(aes)",
cipherKey: "efbeeb4230992f76a6e4cc2ff995b756",
},
},
{
haveAlgo: "hmac-sha1",
haveKey: ipsecKey{
spi: 2,
spiSuffix: true,
},
expected: ipsecKey{
spi: 3,
spiSuffix: true,
algo: "hmac(sha1)",
key: "5448dd20e4528a9c2d5b",
cipherMode: "cbc(aes)",
cipherKey: "123d17f2bbbae8009d952b4d0d656f06",
},
},
{
haveAlgo: "hmac-sha256",
haveKey: ipsecKey{
Expand Down
Loading