* replay: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: add support for SM4-CBC cipher and SM3-HMAC auth
@ 2025-11-20 1:26 Sunyang Wu
0 siblings, 0 replies; only message in thread
From: Sunyang Wu @ 2025-11-20 1:26 UTC (permalink / raw)
To: Akhil Goyal, dev
Hi Akhil,
Thank you for your question about PMD support for the SM4-CBC and SM3-HMAC combination.
The SM4-CBC + SM3-HMAC algorithm combination is supported by the following PMDs in DPDK:
1. QAT PMD (Intel QuickAssist Technology)
Hardware accelerated crypto operations
Full support for both SM4-CBC and SM3-HMAC
Recommended for production environments with QAT hardware
2. AESNI-MB PMD (Intel Multi-Buffer Crypto)
CPU-based implementation using Intel AES-NI instructions
Supports both SM4-CBC and SM3-HMAC algorithms
Suitable for Intel CPUs without dedicated crypto hardware
3. CN10K/CN20K PMD (Marvell Octeon)
Hardware accelerated support for Chinese crypto algorithms
Full SM4-CBC and SM3-HMAC support
The patch implementation in examples/ipsec-secgw adds the algorithm definitions and parsing support, making it compatible with any PMD that supports these algorithms. Users can choose to use the appropriate PMD based on their hardware availability:
For QAT: --vdev crypto_qat
For AESNI-MB: --vdev crypto_aesni_mb (default on Intel CPUs)
For CN10K: Platform-specific driver
Example configuration with QAT PMD:
./build/examples/ipsec-secgw -l 0-3 -n 4 --vdev crypto_qat -- -p 0x3 -u 0x1 --config="(0,0,qat_device0)" -f ep0.cfg
SA configuration example:
sa out 30 cipher_algo sm4-cbc cipher_key 01:23:45:67:89:ab:cd:ef:fe:dc:ba:98:76:54:32:10 auth_algo sm3-hmac auth_key 01:23:45:67:89:ab:cd:ef:fe:dc:ba:98:76:54:32:10:11:22:33:44 mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
The implementation follows the same pattern as existing algorithms and integrates seamlessly with the current IPsec framework.
Best regards,
Sunyang Wu
-----邮件原件-----
发件人: Akhil Goyal <gakhil@marvell.com>
发送时间: 2025年11月19日 17:26
收件人: Sunyang Wu <sunyang.wu@jaguarmicro.com>; dev@dpdk.org
主题: RE: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: add support for SM4-CBC cipher and SM3-HMAC auth
External Mail: This email originated from OUTSIDE of the organization!
Do not click links, open attachments or provide ANY information unless you recognize the sender and know the content is safe.
> This patch adds support for Chinese cryptographic algorithms in the
> IPsec security gateway example application:
>
> 1 Add SM4-CBC cipher algorithm support with 16-byte IV and key;
> 2 Add SM3-HMAC authentication algorithm support with 20-byte key;
> 3 Update SA configuration parsing to recognize "sm4-cbc" and "sm3-hmac"
> keywords;
> 4 Implement proper IV handling and authentication offset/length
> configuration.
>
> These additions enable the IPsec security gateway to use Chinese
> national cryptographic standards for secure communications.
>
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
Which PMD is used to support this combination for IPsec?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-11-20 1:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-20 1:26 replay: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: add support for SM4-CBC cipher and SM3-HMAC auth Sunyang Wu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).