examples/ipsec-secgw: add 3des-cbc support

Message ID 1532512183-13939-1-git-send-email-hemant.agrawal@nxp.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series examples/ipsec-secgw: add 3des-cbc support |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Hemant Agrawal July 25, 2018, 9:49 a.m. UTC
  Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst |  3 ++-
 examples/ipsec-secgw/esp.c               |  3 +++
 examples/ipsec-secgw/sa.c                | 11 ++++++++++-
 3 files changed, 15 insertions(+), 2 deletions(-)
  

Comments

De Lara Guarch, Pablo Aug. 1, 2018, 4:19 p.m. UTC | #1
Hi Hemant,

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Hemant Agrawal
> Sent: Wednesday, July 25, 2018 10:50 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Hemant Agrawal <hemant.agrawal@nxp.com>
> Subject: [dpdk-dev] [PATCH] examples/ipsec-secgw: add 3des-cbc support
> 
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>

I am deferring this patch to 18.11, as only fixes and doc patches are allowed at this stage.

Thanks,
Pablo
  
Akhil Goyal Aug. 23, 2018, 1:06 p.m. UTC | #2
On 7/25/2018 3:19 PM, Hemant Agrawal wrote:
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>   doc/guides/sample_app_ug/ipsec_secgw.rst |  3 ++-
>   examples/ipsec-secgw/esp.c               |  3 +++
>   examples/ipsec-secgw/sa.c                | 11 ++++++++++-
>   3 files changed, 15 insertions(+), 2 deletions(-)
>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
  
Akhil Goyal Aug. 23, 2018, 1:55 p.m. UTC | #3
On 7/25/2018 3:19 PM, Hemant Agrawal wrote:
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>   doc/guides/sample_app_ug/ipsec_secgw.rst |  3 ++-
>   examples/ipsec-secgw/esp.c               |  3 +++
>   examples/ipsec-secgw/sa.c                | 11 ++++++++++-
>   3 files changed, 15 insertions(+), 2 deletions(-)
>
>
Applied to dpdk-next-crypto

Thanks
  

Patch

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 46696f2..4869a01 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -67,7 +67,7 @@  Constraints
 
 *  No IPv6 options headers.
 *  No AH mode.
-*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
+*  Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1 and NULL.
 *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
 *  No chained mbufs.
 
@@ -397,6 +397,7 @@  where each options means:
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
    * *aes-256-cbc*: AES-CBC 256-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
+   * *3des-cbc*: 3DES-CBC 192-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index ee9e590..e33232c 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -96,6 +96,7 @@  esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			/* Copy IV at the end of crypto operation */
 			rte_memcpy(iv_ptr, iv, sa->iv_len);
@@ -326,6 +327,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	} else {
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			memset(iv, 0, sa->iv_len);
 			break;
@@ -387,6 +389,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	} else {
 		switch (sa->cipher_algo) {
 		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			sym_cop->cipher.data.offset = ip_hdr_len +
 				sizeof(struct esp_hdr);
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 4ab8e09..d2d3550 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -81,6 +81,13 @@  const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 8,
 		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
 		.key_len = 20
+	},
+	{
+		.keyword = "3des-cbc",
+		.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+		.iv_len = 8,
+		.block_size = 8,
+		.key_len = 24
 	}
 };
 
@@ -327,7 +334,8 @@  parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (status->status < 0)
 				return;
 
-			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC ||
+				algo->algo == RTE_CRYPTO_CIPHER_3DES_CBC)
 				rule->salt = (uint32_t)rte_rand();
 
 			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
@@ -810,6 +818,7 @@  sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 		} else {
 			switch (sa->cipher_algo) {
 			case RTE_CRYPTO_CIPHER_NULL:
+			case RTE_CRYPTO_CIPHER_3DES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CBC:
 				iv_length = sa->iv_len;
 				break;