From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5D374A00BE; Tue, 17 May 2022 05:39:40 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 36F0A42B68; Tue, 17 May 2022 05:39:31 +0200 (CEST) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20060.outbound.protection.outlook.com [40.107.2.60]) by mails.dpdk.org (Postfix) with ESMTP id E685B40042 for ; Tue, 17 May 2022 05:39:28 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W74RjSl3rDzHmkgfM66cJpPMVuS3AatjJpjxDZP+0xxxaEcRH7u4ooC+RNA8sq+rE9P4h6AEPrMExKWWwXq794SxicKO6YugWjxfrq96pKPPtj+nHivYJuDgtG3alHmECotlfBFzu9u+N+Lwxhr/VAcyGNMwHCFifH1U4pDZYUFzU/5Q6WD2hD754UTD4nHB/lWWpiE00cixKtd7PrOxPNqU0dtK4JT2CIibWUdNVidEx+POoxUcaEoRgIDwiladNzFoa2TBEdu6aWUQ5k80SgEazqAMLC5zSCtB/uTeWKcCk1MH+xHs0d3vyBe8F6v2iiPSoq9Oi4pLFBBDbV+sVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ruug58ZfqzbJAtrAvgqBLn39i6fiH0I4yv2+ju+Rx/4=; b=I8IBc0S22Aqj8Onwn7a7M8QH6C4VF2M3YSo2Bqj2x2yekk4BBI6M1qk1WH1D155LoI7cIH4reOdR+XB8AB2FYLvT8FZOC3A5krG67hyLVXBT2+SlhVtWXhjYkNVNG0n2vVYx4qoQWViiZS2zHMA23yUxV1Z6MDEuSFhvEFctPnfVdmx+/A4r1DwLUk1fEfAPHY+kf6diEwVP6LC9slbhnKsfUE1zSnq9K9pfXQ9NrAStnoPGMT6GdsTGJMZTMUkmTvHhPUqGpy6brE5F5Ce66JE/8f2OOIRALl5yP1GsTnF5aePuiXAUrqKMHD2CvZvrxTGrUqN7dQLVm8YNQQMDUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ruug58ZfqzbJAtrAvgqBLn39i6fiH0I4yv2+ju+Rx/4=; b=d4UWepvPzdZ7F/tQlKiF8tgU3N40R0FqP7C/cp+sZ/mcr5Jc3YWv6E7JBzHwk2jJD1P6ORU9zlb2i+iw/6MYTtVvDYLfqhV087gESKYLRsOkrfkSPtaUa2MGcMREnN6HG7+9DiLlNNWxeUSquMpyvu2F98IYZMlRc0kwmPNw2XY= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AS8PR04MB8198.eurprd04.prod.outlook.com (2603:10a6:20b:3b0::14) by DB8PR04MB6937.eurprd04.prod.outlook.com (2603:10a6:10:113::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.18; Tue, 17 May 2022 03:39:27 +0000 Received: from AS8PR04MB8198.eurprd04.prod.outlook.com ([fe80::8cf1:93b:c340:3be2]) by AS8PR04MB8198.eurprd04.prod.outlook.com ([fe80::8cf1:93b:c340:3be2%9]) with mapi id 15.20.5250.018; Tue, 17 May 2022 03:39:27 +0000 From: Gagandeep Singh To: gakhil@marvell.com, dev@dpdk.org Cc: Gagandeep Singh Subject: [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Date: Tue, 17 May 2022 09:08:53 +0530 Message-Id: <20220517033858.40394-3-g.singh@nxp.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220517033858.40394-1-g.singh@nxp.com> References: <20220425041423.2232034-1-g.singh@nxp.com> <20220517033858.40394-1-g.singh@nxp.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SI2PR01CA0046.apcprd01.prod.exchangelabs.com (2603:1096:4:193::18) To AS8PR04MB8198.eurprd04.prod.outlook.com (2603:10a6:20b:3b0::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fabf6958-e1a7-4626-2ebf-08da37b6d38b X-MS-TrafficTypeDiagnostic: DB8PR04MB6937:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HdXq0QbS/8sMpGKKtNE//pmHvxTjUJbDUVm0KqVTGofJYlqbo/8Qq5yI5jFR5eWfrpKh0Ny1S17+zU2Wii+e65uFajPJJcvfwk19mmFKIPIWuzqp5qltTCVymsLWoZfQrpMPvdbl8+OevS284qPrua6XYrJADO3l2y6xrCXZNxmCEPtT72WUXySomCS4m58n1BnkF/KMQH+L4rDOPUsCyOkZD1qmeg7qyKACXizhBzdNAvRcr7hQ2uX03wUDxxuV0mvLqAceVfqfH/t7g1pMvr3j9mbV6W7h8gH9ICKGWEMcbnQZh1gLvRAGMq0fUSPGxKL5xDuUtHRtWJqQ5Cm+hiqk62qNfyTjEGhndHsdtVVRNCq/1id5Tj3/6jik5Pdd5RNDQn+pVKcrrwcu/IPz1C8rMKTetMhyK6F9o9NSzFbh+nDLTb7LIX08I/ULBPCBlq50CxNSi4DBq28vUdVWvmpDjOmScmb7B79Y7bkF85aY/AHsbA83tEPyoCiaqkPSa2Bwh1VxaCszUsWJeUqBV4J0bkmmeFftvDGy8VVOs1XEJ/PNZzdZnDATQV8wWnE1hJs1uDhYUVZMiBeErJGpn4w/8s9lkM3GjP6kv9Su8Mp9OeTaYjU5TNSF4VEwTkvamWSWltgMwQ5qZZZ4agL7PlhuZDcOalASJxEhZiwLWuco9inm4P694NPZPHM1/PrRMX5ljRARC//FSHG1OC7OvA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR04MB8198.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8936002)(316002)(55236004)(2906002)(38100700002)(2616005)(86362001)(66556008)(38350700002)(36756003)(26005)(186003)(6512007)(4326008)(6506007)(83380400001)(1076003)(6486002)(6666004)(52116002)(508600001)(8676002)(66946007)(5660300002)(66476007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?HD1xLjTazL3GDjja1mJFa2C+N3bBtHwbkbQgxVlbNcHroOJT11uFS12AUx3H?= =?us-ascii?Q?ozGN1W7XXnvxIY/X3Dc9suXwQ3Vjr4CsywX/a5AhdJgDQEWwph8L1NS4kdzv?= =?us-ascii?Q?l0PTt6y6fyD64tiuOnLueXyQm38ZnkBtmItSBJqUf8M82arm9Pbb+kt+1X27?= =?us-ascii?Q?BJBMo9hMp+3hrsU9TSLkbNgwNE08H4u9mtzeWhR3NTP/pDXZ5FN1JWUJPSxt?= =?us-ascii?Q?M7o+cvR1TLtbRCPSFoN4zPODYh0KwOElfjiQCLMLNVcAhKKPo0KL1wQ8ayeK?= =?us-ascii?Q?86f5ok2mguuoEosgqBsyB5bzvl60FPQhdYaCAB1qA/6SiySKzEuSnFna/hHX?= =?us-ascii?Q?Q8ZRprS8Awmy58BV25SkYNNtLWaSXX3/AzURTUWimbegOjAeWqNTDZFxYIrD?= =?us-ascii?Q?1VZwCGboFBzMKsDcmTfG/zUyGBkXtyp9vStC7vyRTf+GbQhcwHJ1wBTRT8ZW?= =?us-ascii?Q?O83jzkjQXOSRxhgAQO1/Awtgfh6+GBhMIQuSK0XV7yeVMaPA9cpgsm3gCyPv?= =?us-ascii?Q?4vyjXa66zWd4WZ8jDE4JJGpfPhP5DqbpfFZvWZDMD3+lbF33yaIuZEwWTxQF?= =?us-ascii?Q?Wkde1Aps0qWGU4U9ON3OTvE0t4NeZoDPgc2TjUqlpPZZuLGNUdERxRzs6xjF?= =?us-ascii?Q?CeBulgZJjL14KQs4ERhpwOH7xlhf1I4wfsY36AMtaie70lyhsTmOBFUBX7td?= =?us-ascii?Q?kdW+IGh2PkbpnvejpLJeaN55BWpVHB9e76ZdHJvwUEGNbYXQPBwHuupZ7a8x?= =?us-ascii?Q?m4cmVg6Ay8NLaYsFf7U/EFl5Za+65SjHXY+3ZvHRcee64AUx5cqOJIZ3liD9?= =?us-ascii?Q?8ctcMxCrZEYhY584h1UnvEYv/dWlb+TOCaET3+dBEwrRFKEJwnItw7bomf55?= =?us-ascii?Q?nBHyWTxPHc23wwdq/xLXTvSwaHdMASOcSozSKPjUzoVCG1UdyE5WbDs9ImBQ?= =?us-ascii?Q?Vj3s6JlMxAdColCYu7RdmF8D0fMBUh1jEflMPKUvxYXyhD0ckYLpliXmlO9t?= =?us-ascii?Q?vJuRLQCBlUJd66Lrt5xulYUurd34njbg6w0CIHTRG+LHujjc2de7I/6r9iAE?= =?us-ascii?Q?kF0ihpCxEwkLC0vXJqT154nRUtjEayjrrJkpBl9skgWK1Iycn8sptH9uX/E3?= =?us-ascii?Q?dXK0R5KYovtGltEF5b1Mk4yzInEq6MyvhvsrKZiYyT6ZaxuNaAcvZgKQ8e5M?= =?us-ascii?Q?rg6wQ6PRpmkO0SRkkO/3CDJLmPG9pUtFe7RHlajiL1AmgEX5yrvErkOTqu+7?= =?us-ascii?Q?JQ7a59AzohY3zjwe7T0Cd3XfOwNyAnnS3ZofEIcl/hrAHRLJQEpPSDhPQSkD?= =?us-ascii?Q?bbInuYRyARq/l2gavuk5EftIVn+ru3VI6tPoLoNK+8Z38TXErgLstgL0+v1X?= =?us-ascii?Q?LAcGdhdkSF5wGB+5lpqPW3cnGpcboj6iJwE7JkGZqO8Wm6LxDpEXJAXCAwZx?= =?us-ascii?Q?pNBPwKO3sioeSaHp9iWyatZhNvKSTklyECOukKVo01VtS+sUKN8wyzx5jhIQ?= =?us-ascii?Q?/j/Ipu1HIA0Q3ii/EPc6vjVuGUmNhXVaZVSZ393k+XdZ2UteYD5XIOevOVb3?= =?us-ascii?Q?uaiOPGCRwZL99p1oNbAjowmTXCXXmksZa9uphzYxdb+wIDunUfxcsJYLBfLZ?= =?us-ascii?Q?j15bumHSpnftPhc9Tal0HCcy3MqMeq4k6gpqWJQwtl4NnZ7KnIUOr8gDaUWd?= =?us-ascii?Q?S4+EOZZJuXxLVkL95v3cka2qshkUaEn8PxYMH7V5cUb3L+2cTXQ/2nW/kJAK?= =?us-ascii?Q?dl+ewbkxUA=3D=3D?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: fabf6958-e1a7-4626-2ebf-08da37b6d38b X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB8198.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2022 03:39:20.1535 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BKH9ayyyyxQxBScNOZ/rsAWs4LypYhcsIw/Tb1kUUlv/GyCYYisnqoS1NDxqdNSb X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR04MB6937 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org ipsec-secgw application is updated to support DES-CBC ciphering and XCBC-MAC authentication based IPsec functionality. Signed-off-by: Gagandeep Singh --- doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++-- examples/ipsec-secgw/esp.c | 5 +++++ examples/ipsec-secgw/sa.c | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index d93acf0667..5cb6a69a27 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -115,8 +115,9 @@ Constraints * No IPv6 options headers. * No AH mode. -* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1, - AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC, + HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 + and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). Compiling the Application @@ -566,6 +567,7 @@ where each options means: * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm * *3des-cbc*: 3DES-CBC 192-bit algorithm + * *des-cbc*: DES-CBC 64-bit algorithm * Syntax: *cipher_algo * @@ -593,6 +595,7 @@ where each options means: * *null*: NULL algorithm * *sha1-hmac*: HMAC SHA1 algorithm + * *aes-xcbc-mac*: AES XCBC MAC algorithm ```` diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index bd233752c8..b72a5604c8 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: /* Copy IV at the end of crypto operation */ @@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + payload_len; @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: memset(iv, 0, sa->iv_len); @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: sym_cop->cipher.data.offset = ip_hdr_len + @@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + pad_payload_len; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 3b0bc5a2cf..0b27f11fc0 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = { .iv_len = 8, .block_size = 8, .key_len = 24 + }, + { + .keyword = "des-cbc", + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .iv_len = 8, + .block_size = 8, + .key_len = 8 } }; @@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: case RTE_CRYPTO_CIPHER_AES_CTR: -- 2.25.1