From 1bc489ca096bd80064032a9ce06f7dcb9d0d525e Mon Sep 17 00:00:00 2001 From: Hemant Agrawal Date: Wed, 25 Jul 2018 15:19:43 +0530 Subject: [PATCH] examples/ipsec-secgw: support 3DES-CBC Signed-off-by: Hemant Agrawal Acked-by: Akhil Goyal --- doc/guides/sample_app_ug/ipsec_secgw.rst | 3 ++- examples/ipsec-secgw/esp.c | 3 +++ examples/ipsec-secgw/sa.c | 11 ++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 46696f2a68..4869a011dd 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -67,7 +67,7 @@ Constraints * No IPv6 options headers. * No AH mode. -* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1 and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). * No chained mbufs. @@ -397,6 +397,7 @@ where each options means: * *aes-128-cbc*: AES-CBC 128-bit algorithm * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm + * *3des-cbc*: 3DES-CBC 192-bit algorithm * Syntax: *cipher_algo * diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index ee9e590a67..e33232c989 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -96,6 +96,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: /* Copy IV at the end of crypto operation */ rte_memcpy(iv_ptr, iv, sa->iv_len); @@ -326,6 +327,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: memset(iv, 0, sa->iv_len); break; @@ -387,6 +389,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr); diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 4ab8e098a2..d2d3550a4f 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -81,6 +81,13 @@ const struct supported_cipher_algo cipher_algos[] = { .iv_len = 8, .block_size = 16, /* XXX AESNI MB limition, should be 4 */ .key_len = 20 + }, + { + .keyword = "3des-cbc", + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .iv_len = 8, + .block_size = 8, + .key_len = 24 } }; @@ -327,7 +334,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, if (status->status < 0) return; - if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC) + if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC || + algo->algo == RTE_CRYPTO_CIPHER_3DES_CBC) rule->salt = (uint32_t)rte_rand(); if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) { @@ -810,6 +818,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: iv_length = sa->iv_len; break; -- 2.20.1