From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id CE334A0577;
	Sun,  5 Apr 2020 17:24:32 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 1336F1BED0;
	Sun,  5 Apr 2020 17:24:32 +0200 (CEST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
 (mail-eopbgr00069.outbound.protection.outlook.com [40.107.0.69])
 by dpdk.org (Postfix) with ESMTP id E8ECF1BECB
 for <dev@dpdk.org>; Sun,  5 Apr 2020 17:24:30 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=kYIlf34fQviXWFbTM4P5m4OlE5l++kXrLlWy37r3GtMEG+Uocy+N48tIDPA6mo1iFZeajnEJvRC4dcW0x9fmJBoY74S72ZTl6Bj44JGeCAz2dV5hCyuw42ktJnzwGTaqeQbqZF1we2R3z2Du5P9TP3GFK1/GvFac7CSrdokC3U0USjtgp5TNcO74uOq9OpEW5h0XUtyhzUZYFE0eO5dZDCBIEKp6zvYSxjA+LrChburxfs8Hq1TfBNUOWIg7u1tQnA3B5mCfjW3cEcd/1n6zgASiejAuGRh0sb7mjVrDOcG5scc6c8xKaaYVX13vyMnLU6So9Wttp4goJcWUo6qwIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=NewA6luHhpO30yokZVb4DBiBHeSY9vRSPjJeMRyEfOs=;
 b=oAeSpcydFziSt/YgLesPdR543Qq/q5owvNwd05j2BW93coGoK74/cHlEFnvcXMQtNH7yQC5clFgkgy/2cbfIJVvGUWTBkfdA2FJ6lZ3RdQqwunW8EbHZUsKdixXSwfI0dtQD9bbViCHsdnoI5JKmqjt2uwqhQD76OlTEhd8qFP7psLH/iWSAaXSlZ45BFbcbstgb4XuKVVOR7PXu6WIblXyqEty0H7ESYWXbRWOpWlWiTz17SRnNi8ZMtu15GyzEyBD/ZmsO+EbsKuDkR2d2VO9ZdcJ6vR4JDji9kvTik89Q7J0Rx84v7WqQW6dt7lxWXNcJDNRJdHQsirP3Ux1SlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass
 header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=NewA6luHhpO30yokZVb4DBiBHeSY9vRSPjJeMRyEfOs=;
 b=iFsIcBtB0YCr8V/em7skJLAkFUUxL81zQwo1Al9B6HlyomZ25tRcpl97MuHC6mGHYm9M12MdrP6mI++fygllTSaDpBV9sjpTRjoNVsKBMadx7vNfwg0XnsyLaVgnjz9fHQmzPQNsPHbT8eNpfo2ZPSMkQ+GMvsfl2QBVrDbNASw=
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (2603:10a6:803:129::11)
 by VE1PR04MB6589.eurprd04.prod.outlook.com (2603:10a6:803:128::25)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Sun, 5 Apr
 2020 15:24:29 +0000
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::8060:a35c:4858:c490]) by VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::8060:a35c:4858:c490%7]) with mapi id 15.20.2878.018; Sun, 5 Apr 2020
 15:24:29 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: Anoob Joseph <anoobj@marvell.com>, Radu Nicolau <radu.nicolau@intel.com>
CC: Narayana Prasad <pathreya@marvell.com>, Tejasree Kondoj
 <ktejasree@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH v3] examples/ipsec-secgw: support 192/256 AES key sizes
Thread-Index: AQHWCWMMDxR+qWxeNUurZFUGmGVANKhqp9fg
Date: Sun, 5 Apr 2020 15:24:29 +0000
Message-ID: <VE1PR04MB66394D7FD0F7AF01D4946BB8E6C50@VE1PR04MB6639.eurprd04.prod.outlook.com>
References: <1585221759-23016-1-git-send-email-anoobj@marvell.com>
 <1585882384-28213-1-git-send-email-anoobj@marvell.com>
In-Reply-To: <1585882384-28213-1-git-send-email-anoobj@marvell.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-originating-ip: [45.118.166.70]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ad6cced4-7432-4426-1b3e-08d7d9756f48
x-ms-traffictypediagnostic: VE1PR04MB6589:
x-microsoft-antispam-prvs: <VE1PR04MB6589A0FC192CD263902C8010E6C50@VE1PR04MB6589.eurprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:989;
x-forefront-prvs: 03648EFF89
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:VE1PR04MB6639.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFTY:;
 SFS:(10009020)(4636009)(346002)(396003)(39850400004)(136003)(366004)(376002)(66556008)(66946007)(76116006)(66476007)(33656002)(66446008)(55016002)(110136005)(6506007)(478600001)(5660300002)(9686003)(52536014)(64756008)(2906002)(4326008)(86362001)(8936002)(26005)(44832011)(7696005)(81166006)(316002)(54906003)(71200400001)(8676002)(81156014)(186003)(334744003);
 DIR:OUT; SFP:1101; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +SeXbY6JBGk+dXl35j4XarhkSB90CSzU39Gfo1sIgZXLICXOsf2c/kJOQ9X67/HD3afTGUoOEE1oTJkCxVjS3EjZmzNnArqLYlvAofDbKsuEFQpWyCuUbGuYhJHFk/cT8nVVlc1ClRGz5uyt/1jgzNpxJ7ZeEOZqsVa7tE9VTJNZsu7pIO4HNz9aR5sQJBain+FWUPSXydUL7FKJ/f9N2y/8PvBiSrWU5zNwspkuvb/YzS23CnN9bl5xtf1r1rCOmBqEJAjM/J8kIew36LrGSvGn+UEn8Ru/w2gIBx3szmYAS61149vfIGEqqFk51Y0PDaRxuw1Mzy67gw8/AwSB73E1UZqR+HmfwcJKVd/AhnTKhqHSLzTdpORR4zGvr3PHLMqln3CV03he2u5y1HoJxN3hbh0SbkTZ5Rue1o4ynx7MGlHstKoNCtiQdQ8dK+8y3rgf08uIF+kBuriyqsHEyV5YEHHo6katdEE362aTcHDzNTbpWFwcQPghocqQS12G
x-ms-exchange-antispam-messagedata: nz6YvAmb8DVI64ZS8DJEeoloC26JeBDG6HHIRqaUGMQNDjo6rH8dlSrETeWsc9WzTPGZB2/AGuQ7SzVTF0N53U+vobA/8L57hstgjdiepKLekkSwIRiIh8yOr0K+vn6UmDVse8qcg5WnU9kGsVm6ag==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ad6cced4-7432-4426-1b3e-08d7d9756f48
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2020 15:24:29.6302 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L7WMGEwwnVb6dm8u9LDt6GOtH+pNiubOba3HarHld9hlezRJiw+A6QmjQ36vKXqIK49jgjKRA8roXDKgTTM6MQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6589
Subject: Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support 192/256 AES
	key sizes
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Anoob,

>=20
> Adding support for the following,
> 1. AES-192-GCM
> 2. AES-256-GCM
> 3. AES-192-CBC
>=20
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
> v3:
> * Fixed incorrect AES-GCM key length being printed during app startup
> * Introduced new macro 'SALT_SIZE' to make the usage more obvious (AES-GC=
M
>   key has key following 4 byte salt)
> * Minor cleanup for the existing code.

I believe GCM keys are extended by 4 bytes to include the SALT value in man=
y apps.
We may add a comment that it is including the SALT value, but it makes more=
 confusing
now.

The length which is being printed is 16Bytes but we expect the user to have=
 20Bytes
In the ep0.cfg file. This will be confusing also to configure the packet ca=
pturing APPs
Like wireshark which accepts 20Byte keys in case of GCM.

>=20
> v2:
> * Updated doc and release notes
>=20
>  doc/guides/rel_notes/release_20_05.rst   |  7 ++++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  3 +++
>  examples/ipsec-secgw/ipsec.h             |  3 ++-
>  examples/ipsec-secgw/sa.c                | 38 ++++++++++++++++++++++++++=
------
>  4 files changed, 43 insertions(+), 8 deletions(-)
>=20
> diff --git a/doc/guides/rel_notes/release_20_05.rst
> b/doc/guides/rel_notes/release_20_05.rst
> index 1dfcfcc..c0b0625 100644
> --- a/doc/guides/rel_notes/release_20_05.rst
> +++ b/doc/guides/rel_notes/release_20_05.rst
> @@ -70,6 +70,13 @@ New Features
>    by making use of the event device capabilities. The event mode current=
ly
> supports
>    only inline IPsec protocol offload.
>=20
> +* **Added 192/256 AES key sizes in ipsec-secgw application.**
> +
> +  Updated ipsec-secgw application to support the following key sizes,
> +    - AES-192-CBC
> +    - AES-192-GCM
> +    - AES-256-GCM
> +
>=20
>  Removed Items
>  -------------
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> b/doc/guides/sample_app_ug/ipsec_secgw.rst
> index 038f593..f5e94bf 100644
> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -538,6 +538,7 @@ where each options means:
>=20
>     * *null*: NULL algorithm
>     * *aes-128-cbc*: AES-CBC 128-bit algorithm
> +   * *aes-192-cbc*: AES-CBC 192-bit algorithm
>     * *aes-256-cbc*: AES-CBC 256-bit algorithm
>     * *aes-128-ctr*: AES-CTR 128-bit algorithm
>     * *3des-cbc*: 3DES-CBC 192-bit algorithm
> @@ -593,6 +594,8 @@ where each options means:
>   * Available options:
>=20
>     * *aes-128-gcm*: AES-GCM 128-bit algorithm
> +   * *aes-192-gcm*: AES-GCM 192-bit algorithm
> +   * *aes-256-gcm*: AES-GCM 256-bit algorithm
>=20
>   * Syntax: *cipher_algo <your algorithm>*
>=20
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index f8f29f9..476a6d5 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -73,6 +73,7 @@ struct ip_addr {
>  };
>=20
>  #define MAX_KEY_SIZE		32
> +#define SALT_SIZE		4
>=20
>  /*
>   * application wide SA parameters
> @@ -133,7 +134,7 @@ struct ipsec_sa {
>  #define IP6_TRANSPORT (1 << 4)
>  	struct ip_addr src;
>  	struct ip_addr dst;
> -	uint8_t cipher_key[MAX_KEY_SIZE];
> +	uint8_t cipher_key[MAX_KEY_SIZE + SALT_SIZE];
>  	uint16_t cipher_key_len;
>  	uint8_t auth_key[MAX_KEY_SIZE];
>  	uint16_t auth_key_len;
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 0eb52d1..fc6bc97 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -77,6 +77,13 @@ const struct supported_cipher_algo cipher_algos[] =3D =
{
>  		.key_len =3D 16
>  	},
>  	{
> +		.keyword =3D "aes-192-cbc",
> +		.algo =3D RTE_CRYPTO_CIPHER_AES_CBC,
> +		.iv_len =3D 16,
> +		.block_size =3D 16,
> +		.key_len =3D 24
> +	},
> +	{
>  		.keyword =3D "aes-256-cbc",
>  		.algo =3D RTE_CRYPTO_CIPHER_AES_CBC,
>  		.iv_len =3D 16,
> @@ -127,7 +134,25 @@ const struct supported_aead_algo aead_algos[] =3D {
>  		.algo =3D RTE_CRYPTO_AEAD_AES_GCM,
>  		.iv_len =3D 8,
>  		.block_size =3D 4,
> -		.key_len =3D 20,
> +		.key_len =3D 16,
> +		.digest_len =3D 16,
> +		.aad_len =3D 8,
> +	},
> +	{
> +		.keyword =3D "aes-192-gcm",
> +		.algo =3D RTE_CRYPTO_AEAD_AES_GCM,
> +		.iv_len =3D 8,
> +		.block_size =3D 4,
> +		.key_len =3D 24,
> +		.digest_len =3D 16,
> +		.aad_len =3D 8,
> +	},
> +	{
> +		.keyword =3D "aes-256-gcm",
> +		.algo =3D RTE_CRYPTO_AEAD_AES_GCM,
> +		.iv_len =3D 8,
> +		.block_size =3D 4,
> +		.key_len =3D 32,
>  		.digest_len =3D 16,
>  		.aad_len =3D 8,
>  	}
> @@ -495,16 +520,14 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  				return;
>=20
>  			key_len =3D parse_key_string(tokens[ti],
> -				rule->cipher_key);
> +				rule->cipher_key) - SALT_SIZE;
>  			APP_CHECK(key_len =3D=3D rule->cipher_key_len, status,
>  				"unrecognized input \"%s\"", tokens[ti]);
>  			if (status->status < 0)
>  				return;
>=20
> -			key_len -=3D 4;
> -			rule->cipher_key_len =3D key_len;
> -			memcpy(&rule->salt,
> -				&rule->cipher_key[key_len], 4);
> +			memcpy(&rule->salt, &rule->cipher_key[key_len],
> +				SALT_SIZE);
>=20
>  			aead_algo_p =3D 1;
>  			continue;
> @@ -751,7 +774,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbo=
und)
>  	}
>=20
>  	for (i =3D 0; i < RTE_DIM(aead_algos); i++) {
> -		if (aead_algos[i].algo =3D=3D sa->aead_algo) {
> +		if (aead_algos[i].algo =3D=3D sa->aead_algo &&
> +				aead_algos[i].key_len =3D=3D sa->cipher_key_len) {
>  			printf("%s ", aead_algos[i].keyword);
>  			break;
>  		}
> --
> 2.7.4