From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 689AE2B9C for ; Mon, 25 Feb 2019 13:08:35 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Feb 2019 04:08:34 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,411,1544515200"; d="scan'208";a="125009474" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.136]) by fmsmga007.fm.intel.com with ESMTP; 25 Feb 2019 04:08:33 -0800 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com, konstantin.ananyev@intel.com, roy.fan.zhang@intel.com Date: Mon, 25 Feb 2019 12:07:44 +0000 Message-Id: <20190225120745.61836-4-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.14.5 In-Reply-To: <20190225120745.61836-1-roy.fan.zhang@intel.com> References: <20190219153236.84537-1-roy.fan.zhang@intel.com> <20190225120745.61836-1-roy.fan.zhang@intel.com> Subject: [dpdk-dev] [PATCH v3 3/4] ipsec: add 3DES-CBC algorithm support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Feb 2019 12:08:36 -0000 This patch adds triple-des CBC mode cipher algorithm to ipsec library. Signed-off-by: Fan Zhang --- lib/librte_ipsec/sa.c | 40 ++++++++++++++++++++++------------------ lib/librte_ipsec/sa.h | 6 ++++++ 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c index e34dd320a..81d25fd49 100644 --- a/lib/librte_ipsec/sa.c +++ b/lib/librte_ipsec/sa.c @@ -238,6 +238,7 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) sa->ctp.cipher.length = 0; break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES: sa->ctp.cipher.offset = sa->hdr_len + sizeof(struct esp_hdr); sa->ctp.cipher.length = sa->iv_len; break; @@ -307,6 +308,13 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, sa->algo_type = ALGO_TYPE_AES_CTR; break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + /* RFC 1851 */ + sa->pad_align = IPSEC_PAD_3DES_CBC; + sa->iv_len = IPSEC_3DES_IV_SIZE; + sa->algo_type = ALGO_TYPE_3DES; + break; + default: return -EINVAL; } @@ -476,6 +484,19 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sop = cop->sym; switch (algo_type) { + case ALGO_TYPE_AES_CBC: + /* Cipher-Auth (AES-CBC *) case */ + case ALGO_TYPE_3DES: + /* Cipher-Auth (3DES-CBC *) case */ + case ALGO_TYPE_NULL: + /* NULL case */ + sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; + sop->cipher.data.length = sa->ctp.cipher.length + plen; + sop->auth.data.offset = sa->ctp.auth.offset + hlen; + sop->auth.data.length = sa->ctp.auth.length + plen; + sop->auth.digest.data = icv->va; + sop->auth.digest.phys_addr = icv->pa; + break; case ALGO_TYPE_AES_GCM: /* AEAD (AES_GCM) case */ sop->aead.data.offset = sa->ctp.cipher.offset + hlen; @@ -490,15 +511,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; - case ALGO_TYPE_AES_CBC: - /* Cipher-Auth (AES-CBC *) case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; case ALGO_TYPE_AES_CTR: /* Cipher-Auth (AES-CTR *) case */ sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; @@ -512,15 +524,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt); break; - case ALGO_TYPE_NULL: - /* NULL case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; default: break; } @@ -873,6 +876,7 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop, aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES: sop->cipher.data.offset = pofs + sa->ctp.cipher.offset; sop->cipher.data.length = clen; sop->auth.data.offset = pofs + sa->ctp.auth.offset; diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h index 12c061ee6..ceff41390 100644 --- a/lib/librte_ipsec/sa.h +++ b/lib/librte_ipsec/sa.h @@ -14,6 +14,7 @@ /* padding alignment for different algorithms */ enum { IPSEC_PAD_DEFAULT = 4, + IPSEC_PAD_3DES_CBC = 8, IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE, IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT, IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT, @@ -24,6 +25,10 @@ enum { enum { IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE, IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t), + /* TripleDES supports IV size of 32bits or 64bits but he library + * only supports 64bits. + */ + IPSEC_3DES_IV_SIZE = sizeof(uint64_t), }; /* these definitions probably has to be in rte_crypto_sym.h */ @@ -57,6 +62,7 @@ struct replay_sqn { /*IPSEC SA supported algorithms */ enum sa_algo_type { ALGO_TYPE_NULL = 0, + ALGO_TYPE_3DES, ALGO_TYPE_AES_CBC, ALGO_TYPE_AES_CTR, ALGO_TYPE_AES_GCM, -- 2.14.5