From: Gagandeep Singh <g.singh@nxp.com>
To: gakhil@marvell.com, dev@dpdk.org
Cc: Gagandeep Singh <g.singh@nxp.com>
Subject: [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
Date: Fri, 20 May 2022 09:50:59 +0530
Message-ID: <20220520042104.3784908-3-g.singh@nxp.com> (raw)
In-Reply-To: <20220520042104.3784908-1-g.singh@nxp.com>
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++--
examples/ipsec-secgw/esp.c | 5 +++++
examples/ipsec-secgw/sa.c | 8 ++++++++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index d93acf0667..5cb6a69a27 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -115,8 +115,9 @@ Constraints
* No IPv6 options headers.
* No AH mode.
-* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1,
- AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL.
+* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
+ HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
+ and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
Compiling the Application
@@ -566,6 +567,7 @@ where each options means:
* *aes-256-cbc*: AES-CBC 256-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
* *3des-cbc*: 3DES-CBC 192-bit algorithm
+ * *des-cbc*: DES-CBC 64-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
@@ -593,6 +595,7 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *aes-xcbc-mac*: AES XCBC MAC algorithm
``<auth_key>``
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
/* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 3b0bc5a2cf..0b27f11fc0 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
.iv_len = 8,
.block_size = 8,
.key_len = 24
+ },
+ {
+ .keyword = "des-cbc",
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .iv_len = 8,
+ .block_size = 8,
+ .key_len = 8
}
};
@@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
--
2.25.1
next prev parent reply other threads:[~2022-05-20 4:21 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
2022-04-25 4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-13 9:49 ` [EXT] " Akhil Goyal
2022-04-25 4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
2022-05-13 9:54 ` [EXT] " Akhil Goyal
2022-05-16 9:45 ` Gagandeep Singh
2022-04-25 4:14 ` [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-04-25 4:14 ` [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver Gagandeep Singh
2022-04-25 4:14 ` [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-04-25 4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh
2022-05-13 10:26 ` [EXT] " Akhil Goyal
2022-05-16 7:25 ` Gagandeep Singh
2022-04-25 4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-13 10:46 ` [EXT] " Akhil Goyal
2022-05-16 7:27 ` Gagandeep Singh
2022-05-13 9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal
2022-05-16 7:14 ` Gagandeep Singh
2022-05-16 7:26 ` Anoob Joseph
2022-05-16 7:54 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-26 13:52 ` [EXT] " Akhil Goyal
2022-05-30 4:31 ` Gagandeep Singh
2022-05-30 6:04 ` Akhil Goyal
2022-05-31 18:14 ` Akhil Goyal
2022-06-06 4:00 ` [PATCH v4] " Gagandeep Singh
2022-06-15 16:06 ` [EXT] " Akhil Goyal
2022-05-20 4:20 ` Gagandeep Singh [this message]
2022-05-26 13:54 ` [EXT] [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-05-26 13:55 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
2022-05-26 13:56 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-05-26 13:58 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-26 13:59 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 7/7] doc: add missing authentication algorithm Gagandeep Singh
2022-05-26 14:00 ` [EXT] " Akhil Goyal
2022-05-17 3:38 ` [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-05-17 16:32 ` Stephen Hemminger
2022-05-18 4:23 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 7/7] doc: add missing authentication algorithm Gagandeep Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220520042104.3784908-3-g.singh@nxp.com \
--to=g.singh@nxp.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
DPDK patches and discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
dev@dpdk.org
public-inbox-index dev
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://inbox.dpdk.org/inbox.dpdk.dev
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git