examples/ipsec-secgw: support XCBC-MAC/DES-CBC

author Gagandeep Singh <g.singh@nxp.com>

Fri, 20 May 2022 04:20:59 +0000 (09:50 +0530)

committer Akhil Goyal <gakhil@marvell.com>

Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
author Gagandeep Singh <g.singh@nxp.com>
Fri, 20 May 2022 04:20:59 +0000 (09:50 +0530)
committer Akhil Goyal <gakhil@marvell.com>
Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst

index d93acf06676b368639f00f038e5b97e3d4eb502b..5cb6a69a27df18b36f47aa307a9af59fe60bef74 100644 (file)
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -115,8 +115,9 @@ Constraints
  
  *  No IPv6 options headers.
  *  No AH mode.
-*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1,
-   AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL.
+*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
+   HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
+   and NULL.
  *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
  
  Compiling the Application
@@ -566,6 +567,7 @@ where each options means:
     * *aes-256-cbc*: AES-CBC 256-bit algorithm
     * *aes-128-ctr*: AES-CTR 128-bit algorithm
     * *3des-cbc*: 3DES-CBC 192-bit algorithm
+   * *des-cbc*: DES-CBC 64-bit algorithm
  
   * Syntax: *cipher_algo <your algorithm>*
  
@@ -593,6 +595,7 @@ where each options means:
  
      * *null*: NULL algorithm
      * *sha1-hmac*: HMAC SHA1 algorithm
+    * *aes-xcbc-mac*: AES XCBC MAC algorithm
  
  ``<auth_key>``
  
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c

index bd233752c83e26e14554f97df8518c039fa8d15c..b72a5604c80b8cd747e2faedb6b67df1ee3a3533 100644 (file)
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
  
                 switch (sa->cipher_algo) {
                 case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                 case RTE_CRYPTO_CIPHER_3DES_CBC:
                 case RTE_CRYPTO_CIPHER_AES_CBC:
                         /* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                 case RTE_CRYPTO_AUTH_NULL:
                 case RTE_CRYPTO_AUTH_SHA1_HMAC:
                 case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
                         sym_cop->auth.data.offset = ip_hdr_len;
                         sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
                                 sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
         } else {
                 switch (sa->cipher_algo) {
                 case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                 case RTE_CRYPTO_CIPHER_3DES_CBC:
                 case RTE_CRYPTO_CIPHER_AES_CBC:
                         memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
         } else {
                 switch (sa->cipher_algo) {
                 case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                 case RTE_CRYPTO_CIPHER_3DES_CBC:
                 case RTE_CRYPTO_CIPHER_AES_CBC:
                         sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                 case RTE_CRYPTO_AUTH_NULL:
                 case RTE_CRYPTO_AUTH_SHA1_HMAC:
                 case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
                         sym_cop->auth.data.offset = ip_hdr_len;
                         sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
                                 sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c

index 3b0bc5a2cfb39d2076b1b646b7279e12038c3119..0b27f11fc0232217addbf04a9ae5b6ee6efe683c 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
                 .iv_len = 8,
                 .block_size = 8,
                 .key_len = 24
+       },
+       {
+               .keyword = "des-cbc",
+               .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+               .iv_len = 8,
+               .block_size = 8,
+               .key_len = 8
         }
  };
  
@@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
                 } else {
                         switch (sa->cipher_algo) {
                         case RTE_CRYPTO_CIPHER_NULL:
+                       case RTE_CRYPTO_CIPHER_DES_CBC:
                         case RTE_CRYPTO_CIPHER_3DES_CBC:
                         case RTE_CRYPTO_CIPHER_AES_CBC:
                         case RTE_CRYPTO_CIPHER_AES_CTR:
author	Gagandeep Singh <g.singh@nxp.com>
	Fri, 20 May 2022 04:20:59 +0000 (09:50 +0530)
committer	Akhil Goyal <gakhil@marvell.com>
	Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
doc/guides/sample_app_ug/ipsec_secgw.rst		patch \| blob \| history
examples/ipsec-secgw/esp.c		patch \| blob \| history
examples/ipsec-secgw/sa.c		patch \| blob \| history