From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7FC9CA0562; Fri, 3 Apr 2020 04:53:24 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 86C8F1BFC6; Fri, 3 Apr 2020 04:53:23 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 541231BFC4 for ; Fri, 3 Apr 2020 04:53:22 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0332nwxJ027582; Thu, 2 Apr 2020 19:53:21 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=Hhq9/3+r25Ozlzi54UbIj5D7d/rrAeqP8GihmUVQihE=; b=vrkXyqjtTgxPq2/bVpyVPeqn/hjpHbDYS87UiYvpc7kkDhoVte8an/aVesJXqJqOwGzC fVKbBiaAS7k/ILX+Rq7iUHIYelfQ1LihV5yP59UZSOm1iPzJwlRA6zRk9Cdx68FknlfF WNr3zDO1oa2MRRa0d35pdjrF/6jbkiVy/6JfoJBljvTZJy0QRu0hn5FMltOkTIg8R2K0 abEi9AXoIrBvff8VA4Lg98YKWXm3/o/Mn0ZULusHyRK2vG6d1TGtCOFrQbBDXx1LrDGm VSGmLyjNWs2zqlrTm75OA8F2Wlcg6FFkgKQvjrcMaHtIyZQshsLG1mplL86tRWVSpfAS hg== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0a-0016f401.pphosted.com with ESMTP id 304855vrys-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Apr 2020 19:53:21 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 2 Apr 2020 19:53:20 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 2 Apr 2020 19:53:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 2 Apr 2020 19:53:19 -0700 Received: from ajoseph83.caveonetworks.com (ajoseph83.caveonetworks.com [10.29.45.60]) by maili.marvell.com (Postfix) with ESMTP id 0FFFD3F705D; Thu, 2 Apr 2020 19:53:16 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Radu Nicolau CC: Anoob Joseph , Narayana Prasad , Tejasree Kondoj , Date: Fri, 3 Apr 2020 08:23:04 +0530 Message-ID: <1585882384-28213-1-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1585221759-23016-1-git-send-email-anoobj@marvell.com> References: <1585221759-23016-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_13:2020-04-02, 2020-04-02 signatures=0 Subject: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support 192/256 AES key sizes X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for the following, 1. AES-192-GCM 2. AES-256-GCM 3. AES-192-CBC Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- v3: * Fixed incorrect AES-GCM key length being printed during app startup * Introduced new macro 'SALT_SIZE' to make the usage more obvious (AES-GCM key has key following 4 byte salt) * Minor cleanup for the existing code. v2: * Updated doc and release notes doc/guides/rel_notes/release_20_05.rst | 7 ++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 3 +++ examples/ipsec-secgw/ipsec.h | 3 ++- examples/ipsec-secgw/sa.c | 38 ++++++++++++++++++++++++++------ 4 files changed, 43 insertions(+), 8 deletions(-) diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index 1dfcfcc..c0b0625 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -70,6 +70,13 @@ New Features by making use of the event device capabilities. The event mode currently supports only inline IPsec protocol offload. +* **Added 192/256 AES key sizes in ipsec-secgw application.** + + Updated ipsec-secgw application to support the following key sizes, + - AES-192-CBC + - AES-192-GCM + - AES-256-GCM + Removed Items ------------- diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 038f593..f5e94bf 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -538,6 +538,7 @@ where each options means: * *null*: NULL algorithm * *aes-128-cbc*: AES-CBC 128-bit algorithm + * *aes-192-cbc*: AES-CBC 192-bit algorithm * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm * *3des-cbc*: 3DES-CBC 192-bit algorithm @@ -593,6 +594,8 @@ where each options means: * Available options: * *aes-128-gcm*: AES-GCM 128-bit algorithm + * *aes-192-gcm*: AES-GCM 192-bit algorithm + * *aes-256-gcm*: AES-GCM 256-bit algorithm * Syntax: *cipher_algo * diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index f8f29f9..476a6d5 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -73,6 +73,7 @@ struct ip_addr { }; #define MAX_KEY_SIZE 32 +#define SALT_SIZE 4 /* * application wide SA parameters @@ -133,7 +134,7 @@ struct ipsec_sa { #define IP6_TRANSPORT (1 << 4) struct ip_addr src; struct ip_addr dst; - uint8_t cipher_key[MAX_KEY_SIZE]; + uint8_t cipher_key[MAX_KEY_SIZE + SALT_SIZE]; uint16_t cipher_key_len; uint8_t auth_key[MAX_KEY_SIZE]; uint16_t auth_key_len; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 0eb52d1..fc6bc97 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -77,6 +77,13 @@ const struct supported_cipher_algo cipher_algos[] = { .key_len = 16 }, { + .keyword = "aes-192-cbc", + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .iv_len = 16, + .block_size = 16, + .key_len = 24 + }, + { .keyword = "aes-256-cbc", .algo = RTE_CRYPTO_CIPHER_AES_CBC, .iv_len = 16, @@ -127,7 +134,25 @@ const struct supported_aead_algo aead_algos[] = { .algo = RTE_CRYPTO_AEAD_AES_GCM, .iv_len = 8, .block_size = 4, - .key_len = 20, + .key_len = 16, + .digest_len = 16, + .aad_len = 8, + }, + { + .keyword = "aes-192-gcm", + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .iv_len = 8, + .block_size = 4, + .key_len = 24, + .digest_len = 16, + .aad_len = 8, + }, + { + .keyword = "aes-256-gcm", + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .iv_len = 8, + .block_size = 4, + .key_len = 32, .digest_len = 16, .aad_len = 8, } @@ -495,16 +520,14 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, return; key_len = parse_key_string(tokens[ti], - rule->cipher_key); + rule->cipher_key) - SALT_SIZE; APP_CHECK(key_len == rule->cipher_key_len, status, "unrecognized input \"%s\"", tokens[ti]); if (status->status < 0) return; - key_len -= 4; - rule->cipher_key_len = key_len; - memcpy(&rule->salt, - &rule->cipher_key[key_len], 4); + memcpy(&rule->salt, &rule->cipher_key[key_len], + SALT_SIZE); aead_algo_p = 1; continue; @@ -751,7 +774,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound) } for (i = 0; i < RTE_DIM(aead_algos); i++) { - if (aead_algos[i].algo == sa->aead_algo) { + if (aead_algos[i].algo == sa->aead_algo && + aead_algos[i].key_len == sa->cipher_key_len) { printf("%s ", aead_algos[i].keyword); break; } -- 2.7.4