From: Fan Zhang Date: Wed, 20 Mar 2019 15:38:36 +0000 (+0000) Subject: ipsec: support 3DES-CBC X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=51acc16b51313383614ba14f374c9be4f61999a9;p=dpdk.git ipsec: support 3DES-CBC This patch adds triple-des CBC mode cipher algorithm to ipsec library. Signed-off-by: Fan Zhang Acked-by: Konstantin Ananyev Acked-by: Akhil Goyal --- diff --git a/doc/guides/rel_notes/release_19_05.rst b/doc/guides/rel_notes/release_19_05.rst index a581a713c7..d11bb5a2ba 100644 --- a/doc/guides/rel_notes/release_19_05.rst +++ b/doc/guides/rel_notes/release_19_05.rst @@ -97,7 +97,7 @@ New Features * **Updated the IPsec library.** - The IPsec library has been updated with AES-CTR cipher algorithm + The IPsec library has been updated with AES-CTR and 3DES-CBC cipher algorithms support. The related ipsec-secgw test scripts have been added. * **Updated the testpmd application.** diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c index e34dd320a0..2eb6bae075 100644 --- a/lib/librte_ipsec/sa.c +++ b/lib/librte_ipsec/sa.c @@ -238,6 +238,7 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) sa->ctp.cipher.length = 0; break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES_CBC: sa->ctp.cipher.offset = sa->hdr_len + sizeof(struct esp_hdr); sa->ctp.cipher.length = sa->iv_len; break; @@ -307,6 +308,13 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, sa->algo_type = ALGO_TYPE_AES_CTR; break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + /* RFC 1851 */ + sa->pad_align = IPSEC_PAD_3DES_CBC; + sa->iv_len = IPSEC_3DES_IV_SIZE; + sa->algo_type = ALGO_TYPE_3DES_CBC; + break; + default: return -EINVAL; } @@ -476,6 +484,19 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sop = cop->sym; switch (algo_type) { + case ALGO_TYPE_AES_CBC: + /* Cipher-Auth (AES-CBC *) case */ + case ALGO_TYPE_3DES_CBC: + /* Cipher-Auth (3DES-CBC *) case */ + case ALGO_TYPE_NULL: + /* NULL case */ + sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; + sop->cipher.data.length = sa->ctp.cipher.length + plen; + sop->auth.data.offset = sa->ctp.auth.offset + hlen; + sop->auth.data.length = sa->ctp.auth.length + plen; + sop->auth.digest.data = icv->va; + sop->auth.digest.phys_addr = icv->pa; + break; case ALGO_TYPE_AES_GCM: /* AEAD (AES_GCM) case */ sop->aead.data.offset = sa->ctp.cipher.offset + hlen; @@ -490,15 +511,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; - case ALGO_TYPE_AES_CBC: - /* Cipher-Auth (AES-CBC *) case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; case ALGO_TYPE_AES_CTR: /* Cipher-Auth (AES-CTR *) case */ sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; @@ -512,15 +524,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt); break; - case ALGO_TYPE_NULL: - /* NULL case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; default: break; } @@ -873,6 +876,7 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop, aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES_CBC: sop->cipher.data.offset = pofs + sa->ctp.cipher.offset; sop->cipher.data.length = clen; sop->auth.data.offset = pofs + sa->ctp.auth.offset; diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h index 12c061ee6f..c3a0d84bcf 100644 --- a/lib/librte_ipsec/sa.h +++ b/lib/librte_ipsec/sa.h @@ -14,6 +14,7 @@ /* padding alignment for different algorithms */ enum { IPSEC_PAD_DEFAULT = 4, + IPSEC_PAD_3DES_CBC = 8, IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE, IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT, IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT, @@ -24,6 +25,10 @@ enum { enum { IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE, IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t), + /* TripleDES supports IV size of 32bits or 64bits but he library + * only supports 64bits. + */ + IPSEC_3DES_IV_SIZE = sizeof(uint64_t), }; /* these definitions probably has to be in rte_crypto_sym.h */ @@ -57,6 +62,7 @@ struct replay_sqn { /*IPSEC SA supported algorithms */ enum sa_algo_type { ALGO_TYPE_NULL = 0, + ALGO_TYPE_3DES_CBC, ALGO_TYPE_AES_CBC, ALGO_TYPE_AES_CTR, ALGO_TYPE_AES_GCM,