From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C0BE6A0577; Tue, 7 Apr 2020 08:31:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DEDF52B96; Tue, 7 Apr 2020 08:30:59 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id CBF04FFA for ; Tue, 7 Apr 2020 08:30:58 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0376RdQk023685; Mon, 6 Apr 2020 23:30:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=KkjOGpXketzx5t3Ws3gSbSWym7+IoD5DokiGgOUhLNI=; b=JQVd2aoD8Hjid1QFreE9CSQjjLPyR/LC9QKO/F0TALoLGkOW7ME4aeURbkmy8zA2RD8o rJ0mK+8CYamBFl5+9S6IGZvSXf5AtqvhJ855cBvJ6gism7TKFfWKp2OjchhH456b8tvD +/+r0g55bUckJYW85ruZgQhGHjVJFb5k83I5Sz8KfgPxMsnQ9bv7W7obVrdgzt6T/aRw sO/wby5nbt5QbNnnhUENYVWtf57FmHkZXjTbkq+fYXQiZmqjCWJBrP/LZV8PL77/bt95 InUVSL+HDOwidRp/C5zHhpzQ68fy1Tz8Oo1gfubHFqAcQRxieFBPMMHiSn3+1TnZW3ev ng== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 306srm8ymn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Apr 2020 23:30:58 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 23:30:56 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Apr 2020 23:30:56 -0700 Received: from ajoseph83.caveonetworks.com (ajoseph83.caveonetworks.com [10.29.45.60]) by maili.marvell.com (Postfix) with ESMTP id 2D6023F7041; Mon, 6 Apr 2020 23:30:53 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Radu Nicolau CC: Anoob Joseph , Narayana Prasad , Tejasree Kondoj , Date: Tue, 7 Apr 2020 12:00:42 +0530 Message-ID: <1586241042-30178-1-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1585882384-28213-1-git-send-email-anoobj@marvell.com> References: <1585882384-28213-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-07_01:2020-04-07, 2020-04-06 signatures=0 Subject: [dpdk-dev] [PATCH v4] examples/ipsec-secgw: support 192/256 AES key sizes X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for the following, 1. AES-192-GCM 2. AES-256-GCM 3. AES-192-CBC Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- v4: * Reverted to v2 as suggested by Akhil. * Added additional check in print routines to make sure correct key size is printed. * Updated incorrect documentation of 'aead_key' v3: * Fixed incorrect AES-GCM key length being printed during app startup * Introduced new macro 'SALT_SIZE' to make the usage more obvious (AES-GCM key has key following 4 byte salt) * Minor cleanup for the existing code. v2: * Updated doc and release notes doc/guides/rel_notes/release_20_05.rst | 7 +++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 10 +++++++--- examples/ipsec-secgw/ipsec.h | 2 +- examples/ipsec-secgw/sa.c | 28 +++++++++++++++++++++++++++- 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index 6b1a7c5..8cfcef2 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -81,6 +81,13 @@ New Features by making use of the event device capabilities. The event mode currently supports only inline IPsec protocol offload. +* **Added 192/256 AES key sizes in ipsec-secgw application.** + + Updated ipsec-secgw application to support the following key sizes, + - AES-192-CBC + - AES-192-GCM + - AES-256-GCM + Removed Items ------------- diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 038f593..c02d16a 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -538,6 +538,7 @@ where each options means: * *null*: NULL algorithm * *aes-128-cbc*: AES-CBC 128-bit algorithm + * *aes-192-cbc*: AES-CBC 192-bit algorithm * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm * *3des-cbc*: 3DES-CBC 192-bit algorithm @@ -593,6 +594,8 @@ where each options means: * Available options: * *aes-128-gcm*: AES-GCM 128-bit algorithm + * *aes-192-gcm*: AES-GCM 192-bit algorithm + * *aes-256-gcm*: AES-GCM 256-bit algorithm * Syntax: *cipher_algo * @@ -604,11 +607,12 @@ where each options means: Must be followed by option * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'. - The number of bytes should be as same as the specified AEAD algorithm - key size. + Last 4 bytes of the provided key will be used as 'salt' and so, the + number of bytes should be same as the sum of specified AEAD algorithm + key size and salt size (4 bytes). For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4: - A1:B2:C3:D4* + A1:B2:C3:D4:A1:B2:C3:D4* ```` diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index f8f29f9..46a974e 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -72,7 +72,7 @@ struct ip_addr { } ip; }; -#define MAX_KEY_SIZE 32 +#define MAX_KEY_SIZE 36 /* * application wide SA parameters diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index a6bf5e8..5e3a7aa 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -77,6 +77,13 @@ const struct supported_cipher_algo cipher_algos[] = { .key_len = 16 }, { + .keyword = "aes-192-cbc", + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .iv_len = 16, + .block_size = 16, + .key_len = 24 + }, + { .keyword = "aes-256-cbc", .algo = RTE_CRYPTO_CIPHER_AES_CBC, .iv_len = 16, @@ -130,6 +137,24 @@ const struct supported_aead_algo aead_algos[] = { .key_len = 20, .digest_len = 16, .aad_len = 8, + }, + { + .keyword = "aes-192-gcm", + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .iv_len = 8, + .block_size = 4, + .key_len = 28, + .digest_len = 16, + .aad_len = 8, + }, + { + .keyword = "aes-256-gcm", + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .iv_len = 8, + .block_size = 4, + .key_len = 36, + .digest_len = 16, + .aad_len = 8, } }; @@ -753,7 +778,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound) } for (i = 0; i < RTE_DIM(aead_algos); i++) { - if (aead_algos[i].algo == sa->aead_algo) { + if (aead_algos[i].algo == sa->aead_algo && + aead_algos[i].key_len-4 == sa->cipher_key_len) { printf("%s ", aead_algos[i].keyword); break; } -- 2.7.4