From patchwork Fri May 20 04:20:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gagandeep Singh X-Patchwork-Id: 111468 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AC865A0503; Fri, 20 May 2022 06:21:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0AB3A42823; Fri, 20 May 2022 06:21:29 +0200 (CEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2085.outbound.protection.outlook.com [40.107.22.85]) by mails.dpdk.org (Postfix) with ESMTP id AF58740395 for ; Fri, 20 May 2022 06:21:27 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AH48QEIKRynNOZFlJG2fn9I5fmxDz03wYNtjR0R7WUAL1uApNIyVlaMBGZKBMPIvsAVlccnSO2fpw9nd+NfJ1h/9bSR6OsGDb518PNugWJ+0VKvJsUZvgjhT5JMGmz5zGYaqFPKGujGSeMs+2/e0mrFyAWmjero6+xJqn0LWPpA9uUSae+W50H/51UKd/JIL8O0eltRRC6Xpr1FoRQduKt2EvVOkm6w6BqewznCFzboyoBdVIBuNuYqsb2Nlf1n1tIcCihQHP2jWXTFYvbNaFJL63qGAoXml24O5Mdxd/a1yo33+DtY+QvFNySYUfdEGzvPBSTM9oLTpqPM5FsSkNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ruug58ZfqzbJAtrAvgqBLn39i6fiH0I4yv2+ju+Rx/4=; b=HgD1K9b3IvrDJNhBSmwmJwaDHDOUnB11cjmsSCxGHhaoan9B2XQ6E8TfpmvX0h9yK1H9urDtSZt1jUV2pBgPBBgxsYAz7qYY2E3ZZbducdVVgyLOJYyX/z3PZKNSlINLTvBr6ymI83S2AyfGgcd6U4cNN8OdlDW1b+eaPQVhkHVxKfLAVtf3M0OhP4Y749GCTXr4pjJ2bKC7lkVTCgOkqFeEWfsMTQHr7XlhIzsHNEkXZuPmw3i+QxmwrhJHIOFXUQ9/tHCB/VVa1bzScM3G+nnJYXZgXLkhSgsduRirfQxieJqSZQxQ7dKKJAFW89DX/rtXMi+fVHRRFsLFfkZ+8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ruug58ZfqzbJAtrAvgqBLn39i6fiH0I4yv2+ju+Rx/4=; b=TcxyrCoI0/tlFMTdU6TdiXqqZYgrH7G7uGgKyyz103iy8oByP3CopONaPdzJ8ykwt1FhQOMpAWDDNsCmxPHvu2OqFnqJCUzMM00dlX9QjaFvWwxl1+ie1FIj39uG/FlibqaDXpImOmpoNvRbDnaZvPCWFWLpBtVRCtbjA3hwNwU= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8194.eurprd04.prod.outlook.com (2603:10a6:20b:3e6::7) by GV1PR04MB9149.eurprd04.prod.outlook.com (2603:10a6:150:24::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.23; Fri, 20 May 2022 04:21:26 +0000 Received: from AM9PR04MB8194.eurprd04.prod.outlook.com ([fe80::c1b2:4c14:c10a:3dde]) by AM9PR04MB8194.eurprd04.prod.outlook.com ([fe80::c1b2:4c14:c10a:3dde%8]) with mapi id 15.20.5273.017; Fri, 20 May 2022 04:21:26 +0000 From: Gagandeep Singh To: gakhil@marvell.com, dev@dpdk.org Cc: Gagandeep Singh Subject: [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Date: Fri, 20 May 2022 09:50:59 +0530 Message-Id: <20220520042104.3784908-3-g.singh@nxp.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220520042104.3784908-1-g.singh@nxp.com> References: <20220517033858.40394-2-g.singh@nxp.com> <20220520042104.3784908-1-g.singh@nxp.com> X-ClientProxiedBy: SI2PR04CA0005.apcprd04.prod.outlook.com (2603:1096:4:197::16) To AM9PR04MB8194.eurprd04.prod.outlook.com (2603:10a6:20b:3e6::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3ff60e35-b64f-4c38-32a0-08da3a1834a3 X-MS-TrafficTypeDiagnostic: GV1PR04MB9149:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bXPa5TqjW5iR8LPMe70Wu5Gh2P7iYAeanr9DyPB3lJaKtNVvPA384r6tEJvhA/FuNRQ/vfYzZf2duNQd771il/ulWk+cxvfCZHG/v5Pe1aPjM1Qqb1/dqCFYXs0IZTBX5SAfg5Sw+uaHvuF5+2Z8uBcCGtcs+Ixul6jZVoJK2GF68EZE3gAw4yfaQcAolwDOxQ9q7ONhMRbl7fMYzR7LpBwAzs3VZ8ap5tWpSD4YuoztcVUxN/NDBh4x2Wci+dMBacGuO6/Ah8yV0yBmR0waFA5/OZrOUNukCWFvVNTwzdzgQJA5O/4r0zg0mbnqIcef+zeyb0edc0I5A9GBSAeq8M2B8IFlvC5iLIv0E82915KPT9F+0Wpbr24tXNeKl3VOcbLwpZRvO/rwXfsrdAvhqsSA0EyCBo0R/qFGvScrqaBKbjVxvdsIQAbRQeNOc9skPtuu38FB9C2SbcxVongR1pmYQJS3ufSECiLPA24+oVcdpOT9YFvtiRPA1uMOT1QAsHxOLtoblJi/rdxeF6IWpOCAO05OZth5m+pcTM1d59zsJqKgBuL1iAaIqfQQvaiICp70O3f3vQrTRJWt1RW+y9jkzo0wOQBdvQgVbuY6ZNL5r0/y1UewVBccRD4HYmjHdNMA45zYS0brk8ndNKSnMJdcR+yhhd1Jseg37/6uCitL0SG7qUHcU7aGLcJmgXJ5+jIeVQ/XLwqMYLF4VFjrMA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM9PR04MB8194.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38350700002)(66946007)(2906002)(55236004)(6666004)(36756003)(508600001)(38100700002)(8676002)(66556008)(6486002)(6506007)(1076003)(8936002)(26005)(5660300002)(2616005)(316002)(66476007)(52116002)(4326008)(86362001)(83380400001)(186003)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: YmPL9y999i/tKw0OH/OSnBm1O0l4zhgLtxOReAo0xy4+j9tf5ympuysYNmN0aBrO767XOVRryFu6Kg9d6HYTulQ0sCpgxRtp16RGok0b/oWkDnFiIzxYa1Wvvcl5l1P96+E54I6AMf0n4ZUT4VJy3e6rqdOPGK/evo/LAtGOOOAt7a/PIJLa2jvZiz4Ba1o3QCUqW9eNcaYVl1HTL9ifc8yFWL15YnbpBEPHpHA3zC5Gtn8FOPChIIZ5PtqrCa6TdGygQt4lUYZAOo1cS0CXZ8panD/jAvySoeYdIXR/BloANllTIoqpr4hn/tNRmnGilFwwZhQudqHa8cy9I5Y8BCr4mT/D3nF2VA4nw2VijOCmm3WY5bBPmpxZESYhHyysWUVQSkAi4kfFpdQsAQ42JexBbl2En2Jv20T3PKajjX/W6+UyiYBLBlWo1PoBhEsYdhqC0ceLtG8zHdYfxvYNyz0u80AKD/zEsc6jtZIqyW0ryIKs/ifTeke8gRFHzMPzHHmatqC2am2QTUVALPR2G/Mnb4CufetaqfCQd5HMOTW4gd1yx4aXqXtVoSm+/pfJA7aqa0fzak7rtS1rSQnWe9MTLl6R3oc6H63i9S1wB+WuJr624M9XzoOvRfqdDsChRsHedzAA8kiDLcW3f6Ht8cl3CDV46x2ej2yix6tG1ars7igYaAZb9Bwd2lUnU7Ap5skcqYV19qp77DHqROF3zXr/fvP7G+n+AwFCsXrCybc+0bBzIEa+Ub/ic5mCwU3ltWkNLhcQq4GakKSKE7PXuisdt/q4+zZ71Yvhff1kSswd4Qjb69JFf8WJdMmk0sAgWX0zJc4LSOsz1DhrwrlGDJD4X0//H6eEzncgHRjNQW6H9t3Cc7RCx/b0sv4QGmq1Aak9EtMuXt9iXmc0f4MOHdaaqD+gDtX280wItFqqpFAB6PSpYkEn94fleYlSiA1JoS2i+oLwAoqSQT8AN/koKLSMOVgwb9owrz/td4vxrPF+e1QEftsiVYEBW1JRoqPy9oY/lvnGIrtHQ1l6VbCA2x1R0zOX2c20zA906jC9mlLpcLkEpbaP144ke3vFW6fu+aPOGYqPLLU9+e/Oiw2QWqG+Uzmkid4iS5tsCRC0gbam4f1ixpzHpx8JTH4kAOn4UDcFA5RM1BSkyBI3idcxntO+h9FXhzrCsdHC2GhQs25/LBFrRub4/CqiTtC7S9H2y4emAwKCIQCPrF8Xne6JceWU2A0wAp2yLH0ax4GYsif6a4A2UZMeMyZrmrkw3Qzi5WQ6BpdoPBlOE7Xnc/9Jp0oeuSr40H4AWtwgXsAYQUjItlPvNx+vENCLP1ld+ZvWDLIKzWj/KELuiNUCVve/dlOVZ82kO/IfHwhNUjF4qG0sd9OY+Sqf2kWnBztvvbmxcBcsZtMIrf7xGZo0l9xGTnWh1BLE9w941aHDaqdKPOefMvofzmzeyT+0qBKNA+y1ccKO2U9G2P1SL6UITDgzoJ/98CAaILbVki3b/EZD8NUH8NV16f3pLW6OMJL6fV/Nk6ve4+umDvLOZgFyEU1ciGi6ipjXD58/LzH+O9KPhNfWBK8aX+mtt5rh0b85PJDRckVscTFDk4MDxVpucb5IumzR5R8Ffk8cgO59DGiD766nLCaliPQWPJOJKBjrRfeezklq4p/1GYs5YQIMkQSNhAnR58gm2XvUS7lVDIqwZMXVuwT1Oa/o54Emjs6ZhAR5ODEpy0xx/vNVUZKIGnrx8w== X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3ff60e35-b64f-4c38-32a0-08da3a1834a3 X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8194.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2022 04:21:26.5895 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jtEzA+TiKkkJK5tifCFehu7LXSwtqvsRtaVknYsyhSsxDgHojbpxnKzMVB2uHPV9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR04MB9149 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org ipsec-secgw application is updated to support DES-CBC ciphering and XCBC-MAC authentication based IPsec functionality. Signed-off-by: Gagandeep Singh Acked-by: Akhil Goyal --- doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++-- examples/ipsec-secgw/esp.c | 5 +++++ examples/ipsec-secgw/sa.c | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index d93acf0667..5cb6a69a27 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -115,8 +115,9 @@ Constraints * No IPv6 options headers. * No AH mode. -* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1, - AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC, + HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 + and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). Compiling the Application @@ -566,6 +567,7 @@ where each options means: * *aes-256-cbc*: AES-CBC 256-bit algorithm * *aes-128-ctr*: AES-CTR 128-bit algorithm * *3des-cbc*: 3DES-CBC 192-bit algorithm + * *des-cbc*: DES-CBC 64-bit algorithm * Syntax: *cipher_algo * @@ -593,6 +595,7 @@ where each options means: * *null*: NULL algorithm * *sha1-hmac*: HMAC SHA1 algorithm + * *aes-xcbc-mac*: AES XCBC MAC algorithm ```` diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index bd233752c8..b72a5604c8 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: /* Copy IV at the end of crypto operation */ @@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + payload_len; @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: memset(iv, 0, sa->iv_len); @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: sym_cop->cipher.data.offset = ip_hdr_len + @@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1_HMAC: case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: sym_cop->auth.data.offset = ip_hdr_len; sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) + sa->iv_len + pad_payload_len; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 3b0bc5a2cf..0b27f11fc0 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = { .iv_len = 8, .block_size = 8, .key_len = 24 + }, + { + .keyword = "des-cbc", + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .iv_len = 8, + .block_size = 8, + .key_len = 8 } }; @@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_DES_CBC: case RTE_CRYPTO_CIPHER_3DES_CBC: case RTE_CRYPTO_CIPHER_AES_CBC: case RTE_CRYPTO_CIPHER_AES_CTR: