From 51acc16b51313383614ba14f374c9be4f61999a9 Mon Sep 17 00:00:00 2001
From: Fan Zhang <roy.fan.zhang@intel.com>
Date: Wed, 20 Mar 2019 15:38:36 +0000
Subject: [PATCH] ipsec: support 3DES-CBC

This patch adds triple-des CBC mode cipher algorithm to ipsec
library.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/rel_notes/release_19_05.rst |  2 +-
 lib/librte_ipsec/sa.c                  | 40 ++++++++++++++------------
 lib/librte_ipsec/sa.h                  |  6 ++++
 3 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_05.rst b/doc/guides/rel_notes/release_19_05.rst
index a581a713c7..d11bb5a2ba 100644
--- a/doc/guides/rel_notes/release_19_05.rst
+++ b/doc/guides/rel_notes/release_19_05.rst
@@ -97,7 +97,7 @@ New Features
 
 * **Updated the IPsec library.**
 
-  The IPsec library has been updated with AES-CTR cipher algorithm
+  The IPsec library has been updated with AES-CTR and 3DES-CBC cipher algorithms
   support. The related ipsec-secgw test scripts have been added.
 
 * **Updated the testpmd application.**
diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c
index e34dd320a0..2eb6bae075 100644
--- a/lib/librte_ipsec/sa.c
+++ b/lib/librte_ipsec/sa.c
@@ -238,6 +238,7 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen)
 		sa->ctp.cipher.length = 0;
 		break;
 	case ALGO_TYPE_AES_CBC:
+	case ALGO_TYPE_3DES_CBC:
 		sa->ctp.cipher.offset = sa->hdr_len + sizeof(struct esp_hdr);
 		sa->ctp.cipher.length = sa->iv_len;
 		break;
@@ -307,6 +308,13 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,
 			sa->algo_type = ALGO_TYPE_AES_CTR;
 			break;
 
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+			/* RFC 1851 */
+			sa->pad_align = IPSEC_PAD_3DES_CBC;
+			sa->iv_len = IPSEC_3DES_IV_SIZE;
+			sa->algo_type = ALGO_TYPE_3DES_CBC;
+			break;
+
 		default:
 			return -EINVAL;
 		}
@@ -476,6 +484,19 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop,
 	sop = cop->sym;
 
 	switch (algo_type) {
+	case ALGO_TYPE_AES_CBC:
+		/* Cipher-Auth (AES-CBC *) case */
+	case ALGO_TYPE_3DES_CBC:
+		/* Cipher-Auth (3DES-CBC *) case */
+	case ALGO_TYPE_NULL:
+		/* NULL case */
+		sop->cipher.data.offset = sa->ctp.cipher.offset + hlen;
+		sop->cipher.data.length = sa->ctp.cipher.length + plen;
+		sop->auth.data.offset = sa->ctp.auth.offset + hlen;
+		sop->auth.data.length = sa->ctp.auth.length + plen;
+		sop->auth.digest.data = icv->va;
+		sop->auth.digest.phys_addr = icv->pa;
+		break;
 	case ALGO_TYPE_AES_GCM:
 		/* AEAD (AES_GCM) case */
 		sop->aead.data.offset = sa->ctp.cipher.offset + hlen;
@@ -490,15 +511,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop,
 			sa->iv_ofs);
 		aead_gcm_iv_fill(gcm, ivp[0], sa->salt);
 		break;
-	case ALGO_TYPE_AES_CBC:
-		/* Cipher-Auth (AES-CBC *) case */
-		sop->cipher.data.offset = sa->ctp.cipher.offset + hlen;
-		sop->cipher.data.length = sa->ctp.cipher.length + plen;
-		sop->auth.data.offset = sa->ctp.auth.offset + hlen;
-		sop->auth.data.length = sa->ctp.auth.length + plen;
-		sop->auth.digest.data = icv->va;
-		sop->auth.digest.phys_addr = icv->pa;
-		break;
 	case ALGO_TYPE_AES_CTR:
 		/* Cipher-Auth (AES-CTR *) case */
 		sop->cipher.data.offset = sa->ctp.cipher.offset + hlen;
@@ -512,15 +524,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop,
 			sa->iv_ofs);
 		aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt);
 		break;
-	case ALGO_TYPE_NULL:
-		/* NULL case */
-		sop->cipher.data.offset = sa->ctp.cipher.offset + hlen;
-		sop->cipher.data.length = sa->ctp.cipher.length + plen;
-		sop->auth.data.offset = sa->ctp.auth.offset + hlen;
-		sop->auth.data.length = sa->ctp.auth.length + plen;
-		sop->auth.digest.data = icv->va;
-		sop->auth.digest.phys_addr = icv->pa;
-		break;
 	default:
 		break;
 	}
@@ -873,6 +876,7 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop,
 		aead_gcm_iv_fill(gcm, ivp[0], sa->salt);
 		break;
 	case ALGO_TYPE_AES_CBC:
+	case ALGO_TYPE_3DES_CBC:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
 		sop->cipher.data.length = clen;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h
index 12c061ee6f..c3a0d84bcf 100644
--- a/lib/librte_ipsec/sa.h
+++ b/lib/librte_ipsec/sa.h
@@ -14,6 +14,7 @@
 /* padding alignment for different algorithms */
 enum {
 	IPSEC_PAD_DEFAULT = 4,
+	IPSEC_PAD_3DES_CBC = 8,
 	IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,
 	IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,
 	IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,
@@ -24,6 +25,10 @@ enum {
 enum {
 	IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,
 	IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),
+	/* TripleDES supports IV size of 32bits or 64bits but he library
+	 * only supports 64bits.
+	 */
+	IPSEC_3DES_IV_SIZE = sizeof(uint64_t),
 };
 
 /* these definitions probably has to be in rte_crypto_sym.h */
@@ -57,6 +62,7 @@ struct replay_sqn {
 /*IPSEC SA supported algorithms */
 enum sa_algo_type	{
 	ALGO_TYPE_NULL = 0,
+	ALGO_TYPE_3DES_CBC,
 	ALGO_TYPE_AES_CBC,
 	ALGO_TYPE_AES_CTR,
 	ALGO_TYPE_AES_GCM,
-- 
2.20.1