All of lore.kernel.org
 help / color / mirror / Atom feed
From: Gagandeep Singh <g.singh@nxp.com>
To: gakhil@marvell.com, dev@dpdk.org
Cc: Gagandeep Singh <g.singh@nxp.com>
Subject: [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
Date: Tue, 17 May 2022 09:08:53 +0530	[thread overview]
Message-ID: <20220517033858.40394-3-g.singh@nxp.com> (raw)
In-Reply-To: <20220517033858.40394-1-g.singh@nxp.com>

ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++--
 examples/ipsec-secgw/esp.c               | 5 +++++
 examples/ipsec-secgw/sa.c                | 8 ++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index d93acf0667..5cb6a69a27 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -115,8 +115,9 @@ Constraints
 
 *  No IPv6 options headers.
 *  No AH mode.
-*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1,
-   AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL.
+*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
+   HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
+   and NULL.
 *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
 
 Compiling the Application
@@ -566,6 +567,7 @@ where each options means:
    * *aes-256-cbc*: AES-CBC 256-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
    * *3des-cbc*: 3DES-CBC 192-bit algorithm
+   * *des-cbc*: DES-CBC 64-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -593,6 +595,7 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
+    * *aes-xcbc-mac*: AES XCBC MAC algorithm
 
 ``<auth_key>``
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_DES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			/* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		case RTE_CRYPTO_AUTH_NULL:
 		case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 			sym_cop->auth.data.offset = ip_hdr_len;
 			sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
 				sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	} else {
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_DES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	} else {
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_DES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		case RTE_CRYPTO_AUTH_NULL:
 		case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 			sym_cop->auth.data.offset = ip_hdr_len;
 			sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
 				sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 3b0bc5a2cf..0b27f11fc0 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 8,
 		.block_size = 8,
 		.key_len = 24
+	},
+	{
+		.keyword = "des-cbc",
+		.algo = RTE_CRYPTO_CIPHER_DES_CBC,
+		.iv_len = 8,
+		.block_size = 8,
+		.key_len = 8
 	}
 };
 
@@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 		} else {
 			switch (sa->cipher_algo) {
 			case RTE_CRYPTO_CIPHER_NULL:
+			case RTE_CRYPTO_CIPHER_DES_CBC:
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CTR:
-- 
2.25.1


  parent reply	other threads:[~2022-05-17  3:39 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-25  4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
2022-04-25  4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-13  9:49   ` [EXT] " Akhil Goyal
2022-04-25  4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
2022-05-13  9:54   ` [EXT] " Akhil Goyal
2022-05-16  9:45     ` Gagandeep Singh
2022-04-25  4:14 ` [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-04-25  4:14 ` [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver Gagandeep Singh
2022-04-25  4:14 ` [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-04-25  4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh
2022-05-13 10:26   ` [EXT] " Akhil Goyal
2022-05-16  7:25     ` Gagandeep Singh
2022-04-25  4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-13 10:46   ` [EXT] " Akhil Goyal
2022-05-16  7:27     ` Gagandeep Singh
2022-05-13  9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal
2022-05-16  7:14   ` Gagandeep Singh
2022-05-16  7:26     ` Anoob Joseph
2022-05-16  7:54       ` Gagandeep Singh
2022-05-17  3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-17  3:38   ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-20  4:20     ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-20  4:20       ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-26 13:52         ` [EXT] " Akhil Goyal
2022-05-30  4:31           ` Gagandeep Singh
2022-05-30  6:04             ` Akhil Goyal
2022-05-31 18:14               ` Akhil Goyal
2022-06-06  4:00         ` [PATCH v4] " Gagandeep Singh
2022-06-15 16:06           ` [EXT] " Akhil Goyal
2022-05-20  4:20       ` [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
2022-05-26 13:54         ` [EXT] " Akhil Goyal
2022-05-20  4:21       ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-05-26 13:55         ` [EXT] " Akhil Goyal
2022-05-20  4:21       ` [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
2022-05-26 13:56         ` [EXT] " Akhil Goyal
2022-05-20  4:21       ` [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-05-26 13:58         ` [EXT] " Akhil Goyal
2022-05-20  4:21       ` [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-26 13:59         ` [EXT] " Akhil Goyal
2022-05-20  4:21       ` [PATCH v3 7/7] doc: add missing authentication algorithm Gagandeep Singh
2022-05-26 14:00         ` [EXT] " Akhil Goyal
2022-05-17  3:38   ` Gagandeep Singh [this message]
2022-05-17  3:38   ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
2022-05-17 16:32     ` Stephen Hemminger
2022-05-18  4:23       ` Gagandeep Singh
2022-05-17  3:38   ` [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
2022-05-17  3:38   ` [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
2022-05-17  3:38   ` [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-17  3:38   ` [PATCH v2 7/7] doc: add missing authentication algorithm Gagandeep Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220517033858.40394-3-g.singh@nxp.com \
    --to=g.singh@nxp.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.