From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE334A0577; Sun, 5 Apr 2020 17:24:32 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1336F1BED0; Sun, 5 Apr 2020 17:24:32 +0200 (CEST) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00069.outbound.protection.outlook.com [40.107.0.69]) by dpdk.org (Postfix) with ESMTP id E8ECF1BECB for ; Sun, 5 Apr 2020 17:24:30 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kYIlf34fQviXWFbTM4P5m4OlE5l++kXrLlWy37r3GtMEG+Uocy+N48tIDPA6mo1iFZeajnEJvRC4dcW0x9fmJBoY74S72ZTl6Bj44JGeCAz2dV5hCyuw42ktJnzwGTaqeQbqZF1we2R3z2Du5P9TP3GFK1/GvFac7CSrdokC3U0USjtgp5TNcO74uOq9OpEW5h0XUtyhzUZYFE0eO5dZDCBIEKp6zvYSxjA+LrChburxfs8Hq1TfBNUOWIg7u1tQnA3B5mCfjW3cEcd/1n6zgASiejAuGRh0sb7mjVrDOcG5scc6c8xKaaYVX13vyMnLU6So9Wttp4goJcWUo6qwIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NewA6luHhpO30yokZVb4DBiBHeSY9vRSPjJeMRyEfOs=; b=oAeSpcydFziSt/YgLesPdR543Qq/q5owvNwd05j2BW93coGoK74/cHlEFnvcXMQtNH7yQC5clFgkgy/2cbfIJVvGUWTBkfdA2FJ6lZ3RdQqwunW8EbHZUsKdixXSwfI0dtQD9bbViCHsdnoI5JKmqjt2uwqhQD76OlTEhd8qFP7psLH/iWSAaXSlZ45BFbcbstgb4XuKVVOR7PXu6WIblXyqEty0H7ESYWXbRWOpWlWiTz17SRnNi8ZMtu15GyzEyBD/ZmsO+EbsKuDkR2d2VO9ZdcJ6vR4JDji9kvTik89Q7J0Rx84v7WqQW6dt7lxWXNcJDNRJdHQsirP3Ux1SlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NewA6luHhpO30yokZVb4DBiBHeSY9vRSPjJeMRyEfOs=; b=iFsIcBtB0YCr8V/em7skJLAkFUUxL81zQwo1Al9B6HlyomZ25tRcpl97MuHC6mGHYm9M12MdrP6mI++fygllTSaDpBV9sjpTRjoNVsKBMadx7vNfwg0XnsyLaVgnjz9fHQmzPQNsPHbT8eNpfo2ZPSMkQ+GMvsfl2QBVrDbNASw= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (2603:10a6:803:129::11) by VE1PR04MB6589.eurprd04.prod.outlook.com (2603:10a6:803:128::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Sun, 5 Apr 2020 15:24:29 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::8060:a35c:4858:c490]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::8060:a35c:4858:c490%7]) with mapi id 15.20.2878.018; Sun, 5 Apr 2020 15:24:29 +0000 From: Akhil Goyal To: Anoob Joseph , Radu Nicolau CC: Narayana Prasad , Tejasree Kondoj , "dev@dpdk.org" Thread-Topic: [PATCH v3] examples/ipsec-secgw: support 192/256 AES key sizes Thread-Index: AQHWCWMMDxR+qWxeNUurZFUGmGVANKhqp9fg Date: Sun, 5 Apr 2020 15:24:29 +0000 Message-ID: References: <1585221759-23016-1-git-send-email-anoobj@marvell.com> <1585882384-28213-1-git-send-email-anoobj@marvell.com> In-Reply-To: <1585882384-28213-1-git-send-email-anoobj@marvell.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [45.118.166.70] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: ad6cced4-7432-4426-1b3e-08d7d9756f48 x-ms-traffictypediagnostic: VE1PR04MB6589: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:989; x-forefront-prvs: 03648EFF89 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VE1PR04MB6639.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(396003)(39850400004)(136003)(366004)(376002)(66556008)(66946007)(76116006)(66476007)(33656002)(66446008)(55016002)(110136005)(6506007)(478600001)(5660300002)(9686003)(52536014)(64756008)(2906002)(4326008)(86362001)(8936002)(26005)(44832011)(7696005)(81166006)(316002)(54906003)(71200400001)(8676002)(81156014)(186003)(334744003); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +SeXbY6JBGk+dXl35j4XarhkSB90CSzU39Gfo1sIgZXLICXOsf2c/kJOQ9X67/HD3afTGUoOEE1oTJkCxVjS3EjZmzNnArqLYlvAofDbKsuEFQpWyCuUbGuYhJHFk/cT8nVVlc1ClRGz5uyt/1jgzNpxJ7ZeEOZqsVa7tE9VTJNZsu7pIO4HNz9aR5sQJBain+FWUPSXydUL7FKJ/f9N2y/8PvBiSrWU5zNwspkuvb/YzS23CnN9bl5xtf1r1rCOmBqEJAjM/J8kIew36LrGSvGn+UEn8Ru/w2gIBx3szmYAS61149vfIGEqqFk51Y0PDaRxuw1Mzy67gw8/AwSB73E1UZqR+HmfwcJKVd/AhnTKhqHSLzTdpORR4zGvr3PHLMqln3CV03he2u5y1HoJxN3hbh0SbkTZ5Rue1o4ynx7MGlHstKoNCtiQdQ8dK+8y3rgf08uIF+kBuriyqsHEyV5YEHHo6katdEE362aTcHDzNTbpWFwcQPghocqQS12G x-ms-exchange-antispam-messagedata: nz6YvAmb8DVI64ZS8DJEeoloC26JeBDG6HHIRqaUGMQNDjo6rH8dlSrETeWsc9WzTPGZB2/AGuQ7SzVTF0N53U+vobA/8L57hstgjdiepKLekkSwIRiIh8yOr0K+vn6UmDVse8qcg5WnU9kGsVm6ag== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad6cced4-7432-4426-1b3e-08d7d9756f48 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2020 15:24:29.6302 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: L7WMGEwwnVb6dm8u9LDt6GOtH+pNiubOba3HarHld9hlezRJiw+A6QmjQ36vKXqIK49jgjKRA8roXDKgTTM6MQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6589 Subject: Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support 192/256 AES key sizes X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Anoob, >=20 > Adding support for the following, > 1. AES-192-GCM > 2. AES-256-GCM > 3. AES-192-CBC >=20 > Signed-off-by: Anoob Joseph > Signed-off-by: Tejasree Kondoj > --- > v3: > * Fixed incorrect AES-GCM key length being printed during app startup > * Introduced new macro 'SALT_SIZE' to make the usage more obvious (AES-GC= M > key has key following 4 byte salt) > * Minor cleanup for the existing code. I believe GCM keys are extended by 4 bytes to include the SALT value in man= y apps. We may add a comment that it is including the SALT value, but it makes more= confusing now. The length which is being printed is 16Bytes but we expect the user to have= 20Bytes In the ep0.cfg file. This will be confusing also to configure the packet ca= pturing APPs Like wireshark which accepts 20Byte keys in case of GCM. >=20 > v2: > * Updated doc and release notes >=20 > doc/guides/rel_notes/release_20_05.rst | 7 ++++++ > doc/guides/sample_app_ug/ipsec_secgw.rst | 3 +++ > examples/ipsec-secgw/ipsec.h | 3 ++- > examples/ipsec-secgw/sa.c | 38 ++++++++++++++++++++++++++= ------ > 4 files changed, 43 insertions(+), 8 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_20_05.rst > b/doc/guides/rel_notes/release_20_05.rst > index 1dfcfcc..c0b0625 100644 > --- a/doc/guides/rel_notes/release_20_05.rst > +++ b/doc/guides/rel_notes/release_20_05.rst > @@ -70,6 +70,13 @@ New Features > by making use of the event device capabilities. The event mode current= ly > supports > only inline IPsec protocol offload. >=20 > +* **Added 192/256 AES key sizes in ipsec-secgw application.** > + > + Updated ipsec-secgw application to support the following key sizes, > + - AES-192-CBC > + - AES-192-GCM > + - AES-256-GCM > + >=20 > Removed Items > ------------- > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst > b/doc/guides/sample_app_ug/ipsec_secgw.rst > index 038f593..f5e94bf 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -538,6 +538,7 @@ where each options means: >=20 > * *null*: NULL algorithm > * *aes-128-cbc*: AES-CBC 128-bit algorithm > + * *aes-192-cbc*: AES-CBC 192-bit algorithm > * *aes-256-cbc*: AES-CBC 256-bit algorithm > * *aes-128-ctr*: AES-CTR 128-bit algorithm > * *3des-cbc*: 3DES-CBC 192-bit algorithm > @@ -593,6 +594,8 @@ where each options means: > * Available options: >=20 > * *aes-128-gcm*: AES-GCM 128-bit algorithm > + * *aes-192-gcm*: AES-GCM 192-bit algorithm > + * *aes-256-gcm*: AES-GCM 256-bit algorithm >=20 > * Syntax: *cipher_algo * >=20 > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index f8f29f9..476a6d5 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -73,6 +73,7 @@ struct ip_addr { > }; >=20 > #define MAX_KEY_SIZE 32 > +#define SALT_SIZE 4 >=20 > /* > * application wide SA parameters > @@ -133,7 +134,7 @@ struct ipsec_sa { > #define IP6_TRANSPORT (1 << 4) > struct ip_addr src; > struct ip_addr dst; > - uint8_t cipher_key[MAX_KEY_SIZE]; > + uint8_t cipher_key[MAX_KEY_SIZE + SALT_SIZE]; > uint16_t cipher_key_len; > uint8_t auth_key[MAX_KEY_SIZE]; > uint16_t auth_key_len; > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 0eb52d1..fc6bc97 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -77,6 +77,13 @@ const struct supported_cipher_algo cipher_algos[] =3D = { > .key_len =3D 16 > }, > { > + .keyword =3D "aes-192-cbc", > + .algo =3D RTE_CRYPTO_CIPHER_AES_CBC, > + .iv_len =3D 16, > + .block_size =3D 16, > + .key_len =3D 24 > + }, > + { > .keyword =3D "aes-256-cbc", > .algo =3D RTE_CRYPTO_CIPHER_AES_CBC, > .iv_len =3D 16, > @@ -127,7 +134,25 @@ const struct supported_aead_algo aead_algos[] =3D { > .algo =3D RTE_CRYPTO_AEAD_AES_GCM, > .iv_len =3D 8, > .block_size =3D 4, > - .key_len =3D 20, > + .key_len =3D 16, > + .digest_len =3D 16, > + .aad_len =3D 8, > + }, > + { > + .keyword =3D "aes-192-gcm", > + .algo =3D RTE_CRYPTO_AEAD_AES_GCM, > + .iv_len =3D 8, > + .block_size =3D 4, > + .key_len =3D 24, > + .digest_len =3D 16, > + .aad_len =3D 8, > + }, > + { > + .keyword =3D "aes-256-gcm", > + .algo =3D RTE_CRYPTO_AEAD_AES_GCM, > + .iv_len =3D 8, > + .block_size =3D 4, > + .key_len =3D 32, > .digest_len =3D 16, > .aad_len =3D 8, > } > @@ -495,16 +520,14 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > return; >=20 > key_len =3D parse_key_string(tokens[ti], > - rule->cipher_key); > + rule->cipher_key) - SALT_SIZE; > APP_CHECK(key_len =3D=3D rule->cipher_key_len, status, > "unrecognized input \"%s\"", tokens[ti]); > if (status->status < 0) > return; >=20 > - key_len -=3D 4; > - rule->cipher_key_len =3D key_len; > - memcpy(&rule->salt, > - &rule->cipher_key[key_len], 4); > + memcpy(&rule->salt, &rule->cipher_key[key_len], > + SALT_SIZE); >=20 > aead_algo_p =3D 1; > continue; > @@ -751,7 +774,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbo= und) > } >=20 > for (i =3D 0; i < RTE_DIM(aead_algos); i++) { > - if (aead_algos[i].algo =3D=3D sa->aead_algo) { > + if (aead_algos[i].algo =3D=3D sa->aead_algo && > + aead_algos[i].key_len =3D=3D sa->cipher_key_len) { > printf("%s ", aead_algos[i].keyword); > break; > } > -- > 2.7.4