From: Sergio Gonzalez Monroy Date: Thu, 29 Sep 2016 15:44:10 +0000 (+0100) Subject: examples/ipsec-secgw: add AES-CTR X-Git-Tag: spdx-start~5702 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=4470c22de2e1;p=dpdk.git examples/ipsec-secgw: add AES-CTR RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.` Signed-off-by: Sergio Gonzalez Monroy Acked-by: Pablo de Lara --- diff --git a/doc/guides/rel_notes/release_16_11.rst b/doc/guides/rel_notes/release_16_11.rst index 3779f133d7..905186a93d 100644 --- a/doc/guides/rel_notes/release_16_11.rst +++ b/doc/guides/rel_notes/release_16_11.rst @@ -87,7 +87,7 @@ New Features * configuration file * AES CBC IV generation with cipher forward function - * AES GCM mode + * AES GCM/CTR mode Resolved Issues diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 503f6748a0..885c77e397 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -79,7 +79,7 @@ Constraints * No IPv6 options headers. * No AH mode. -* Supported algorithms: AES-CBC, AES-GCM, HMAC-SHA1 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). * No chained mbufs. @@ -418,6 +418,7 @@ where each options means: * *null*: NULL algorithm * *aes-128-cbc*: AES-CBC 128-bit algorithm + * *aes-128-ctr*: AES-CTR 128-bit algorithm * *aes-128-gcm*: AES-GCM 128-bit algorithm * Syntax: *cipher_algo * diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 7ee53da5b3..ec5a2e627e 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -102,6 +102,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, ip_hdr_len + sizeof(struct esp_hdr)); sym_cop->cipher.iv.length = sa->iv_len; break; + case RTE_CRYPTO_CIPHER_AES_CTR: case RTE_CRYPTO_CIPHER_AES_GCM: icb = get_cnt_blk(m); icb->salt = sa->salt; @@ -320,6 +321,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, sizeof(struct esp_hdr); sym_cop->cipher.data.length = pad_payload_len + sa->iv_len; break; + case RTE_CRYPTO_CIPHER_AES_CTR: case RTE_CRYPTO_CIPHER_AES_GCM: *iv = sa->seq; sym_cop->cipher.data.offset = ip_hdr_len + diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index d5ad5af70d..00c8cceed7 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -88,6 +88,13 @@ const struct supported_cipher_algo cipher_algos[] = { .iv_len = 8, .block_size = 4, .key_len = 16 + }, + { + .keyword = "aes-128-ctr", + .algo = RTE_CRYPTO_CIPHER_AES_CTR, + .iv_len = 8, + .block_size = 16, /* XXX AESNI MB limition, should be 4 */ + .key_len = 16 } };