From: Gagandeep Singh <g.singh@nxp.com> To: gakhil@marvell.com, dev@dpdk.org Cc: Gagandeep Singh <g.singh@nxp.com> Subject: [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Date: Fri, 20 May 2022 09:50:59 +0530 Message-ID: <20220520042104.3784908-3-g.singh@nxp.com> (raw) In-Reply-To: <20220520042104.3784908-1-g.singh@nxp.com> ipsec-secgw application is updated to support DES-CBC ciphering and XCBC-MAC authentication based IPsec functionality. Signed-off-by: Gagandeep Singh <g.singh@nxp.com> --- doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++-- examples/ipsec-secgw/esp.c | 5 +++++ examples/ipsec-secgw/sa.c | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index d93acf0667..5cb6a69a27 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -115,8 +115,9 @@ Constraints * No IPv6 options headers. * No AH mode. -* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1, - AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC, + HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 + and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). Compiling the Application @@ -566,6 +567,7 @@ where each options means: * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm * *3des-cbc*: 3DES-CBC 192-bit algorithm + * *des-cbc*: DES-CBC 64-bit algorithm * Syntax: *cipher_algo <your algorithm>* @@ -593,6 +595,7 @@ where each options means: * *null*: NULL algorithm * *sha1-hmac*: HMAC SHA1 algorithm + * *aes-xcbc-mac*: AES XCBC MAC algorithm ``<auth_key>`` diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index bd233752c8..b72a5604c8 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: /* Copy IV at the end of crypto operation */ @@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + payload_len; @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: memset(iv, 0, sa->iv_len); @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: sym_cop->cipher.data.offset = ip_hdr_len + @@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + pad_payload_len; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 3b0bc5a2cf..0b27f11fc0 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = { .iv_len = 8, .block_size = 8, .key_len = 24 + }, + { + .keyword = "des-cbc", + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .iv_len = 8, + .block_size = 8, + .key_len = 8 } }; @@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: case RTE_CRYPTO_CIPHER_AES_CTR: -- 2.25.1
next prev parent reply other threads:[~2022-05-20 4:21 UTC|newest] Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh 2022-04-25 4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh 2022-05-13 9:49 ` [EXT] " Akhil Goyal 2022-04-25 4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh 2022-05-13 9:54 ` [EXT] " Akhil Goyal 2022-05-16 9:45 ` Gagandeep Singh 2022-04-25 4:14 ` [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh 2022-04-25 4:14 ` [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver Gagandeep Singh 2022-04-25 4:14 ` [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh 2022-04-25 4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh 2022-05-13 10:26 ` [EXT] " Akhil Goyal 2022-05-16 7:25 ` Gagandeep Singh 2022-04-25 4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh 2022-05-13 10:46 ` [EXT] " Akhil Goyal 2022-05-16 7:27 ` Gagandeep Singh 2022-05-13 9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal 2022-05-16 7:14 ` Gagandeep Singh 2022-05-16 7:26 ` Anoob Joseph 2022-05-16 7:54 ` Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh 2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh 2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh 2022-05-26 13:52 ` [EXT] " Akhil Goyal 2022-05-30 4:31 ` Gagandeep Singh 2022-05-30 6:04 ` Akhil Goyal 2022-05-31 18:14 ` Akhil Goyal 2022-06-06 4:00 ` [PATCH v4] " Gagandeep Singh 2022-06-15 16:06 ` [EXT] " Akhil Goyal 2022-05-20 4:20 ` Gagandeep Singh [this message] 2022-05-26 13:54 ` [EXT] [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Akhil Goyal 2022-05-20 4:21 ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh 2022-05-26 13:55 ` [EXT] " Akhil Goyal 2022-05-20 4:21 ` [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh 2022-05-26 13:56 ` [EXT] " Akhil Goyal 2022-05-20 4:21 ` [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh 2022-05-26 13:58 ` [EXT] " Akhil Goyal 2022-05-20 4:21 ` [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh 2022-05-26 13:59 ` [EXT] " Akhil Goyal 2022-05-20 4:21 ` [PATCH v3 7/7] doc: add missing authentication algorithm Gagandeep Singh 2022-05-26 14:00 ` [EXT] " Akhil Goyal 2022-05-17 3:38 ` [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh 2022-05-17 16:32 ` Stephen Hemminger 2022-05-18 4:23 ` Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh 2022-05-17 3:38 ` [PATCH v2 7/7] doc: add missing authentication algorithm Gagandeep Singh
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220520042104.3784908-3-g.singh@nxp.com \ --to=g.singh@nxp.com \ --cc=dev@dpdk.org \ --cc=gakhil@marvell.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git