[v4] examples/ipsec-secgw: support 192/256 AES key sizes
diff mbox series

Message ID 1586241042-30178-1-git-send-email-anoobj@marvell.com
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series
  • [v4] examples/ipsec-secgw: support 192/256 AES key sizes
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/iol-testing success Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph April 7, 2020, 6:30 a.m. UTC
Adding support for the following,
1. AES-192-GCM
2. AES-256-GCM
3. AES-192-CBC

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---

v4:
* Reverted to v2 as suggested by Akhil.
* Added additional check in print routines to make sure correct key size is
  printed.
* Updated incorrect documentation of 'aead_key'

v3:
* Fixed incorrect AES-GCM key length being printed during app startup
* Introduced new macro 'SALT_SIZE' to make the usage more obvious (AES-GCM
  key has key following 4 byte salt)
* Minor cleanup for the existing code.

v2:
* Updated doc and release notes

 doc/guides/rel_notes/release_20_05.rst   |  7 +++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst | 10 +++++++---
 examples/ipsec-secgw/ipsec.h             |  2 +-
 examples/ipsec-secgw/sa.c                | 28 +++++++++++++++++++++++++++-
 4 files changed, 42 insertions(+), 5 deletions(-)

Comments

Akhil Goyal April 15, 2020, 6:15 p.m. UTC | #1
> 
> Adding support for the following,
> 1. AES-192-GCM
> 2. AES-256-GCM
> 3. AES-192-CBC
> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
> 
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Akhil Goyal April 17, 2020, 9:03 p.m. UTC | #2
> 
> 
> >
> > Adding support for the following,
> > 1. AES-192-GCM
> > 2. AES-256-GCM
> > 3. AES-192-CBC
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> >
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Applied to dpdk-next-crypto

Thanks.

Patch
diff mbox series

diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index 6b1a7c5..8cfcef2 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -81,6 +81,13 @@  New Features
   by making use of the event device capabilities. The event mode currently supports
   only inline IPsec protocol offload.
 
+* **Added 192/256 AES key sizes in ipsec-secgw application.**
+
+  Updated ipsec-secgw application to support the following key sizes,
+    - AES-192-CBC
+    - AES-192-GCM
+    - AES-256-GCM
+
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 038f593..c02d16a 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -538,6 +538,7 @@  where each options means:
 
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
+   * *aes-192-cbc*: AES-CBC 192-bit algorithm
    * *aes-256-cbc*: AES-CBC 256-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
    * *3des-cbc*: 3DES-CBC 192-bit algorithm
@@ -593,6 +594,8 @@  where each options means:
  * Available options:
 
    * *aes-128-gcm*: AES-GCM 128-bit algorithm
+   * *aes-192-gcm*: AES-GCM 192-bit algorithm
+   * *aes-256-gcm*: AES-GCM 256-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -604,11 +607,12 @@  where each options means:
    Must be followed by <aead_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
-   The number of bytes should be as same as the specified AEAD algorithm
-   key size.
+   Last 4 bytes of the provided key will be used as 'salt' and so, the
+   number of bytes should be same as the sum of specified AEAD algorithm
+   key size and salt size (4 bytes).
 
    For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
-   A1:B2:C3:D4*
+   A1:B2:C3:D4:A1:B2:C3:D4*
 
 ``<mode>``
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index f8f29f9..46a974e 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -72,7 +72,7 @@  struct ip_addr {
 	} ip;
 };
 
-#define MAX_KEY_SIZE		32
+#define MAX_KEY_SIZE		36
 
 /*
  * application wide SA parameters
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index a6bf5e8..5e3a7aa 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -77,6 +77,13 @@  const struct supported_cipher_algo cipher_algos[] = {
 		.key_len = 16
 	},
 	{
+		.keyword = "aes-192-cbc",
+		.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+		.iv_len = 16,
+		.block_size = 16,
+		.key_len = 24
+	},
+	{
 		.keyword = "aes-256-cbc",
 		.algo = RTE_CRYPTO_CIPHER_AES_CBC,
 		.iv_len = 16,
@@ -130,6 +137,24 @@  const struct supported_aead_algo aead_algos[] = {
 		.key_len = 20,
 		.digest_len = 16,
 		.aad_len = 8,
+	},
+	{
+		.keyword = "aes-192-gcm",
+		.algo = RTE_CRYPTO_AEAD_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 28,
+		.digest_len = 16,
+		.aad_len = 8,
+	},
+	{
+		.keyword = "aes-256-gcm",
+		.algo = RTE_CRYPTO_AEAD_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 36,
+		.digest_len = 16,
+		.aad_len = 8,
 	}
 };
 
@@ -753,7 +778,8 @@  print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 	}
 
 	for (i = 0; i < RTE_DIM(aead_algos); i++) {
-		if (aead_algos[i].algo == sa->aead_algo) {
+		if (aead_algos[i].algo == sa->aead_algo &&
+				aead_algos[i].key_len-4 == sa->cipher_key_len) {
 			printf("%s ", aead_algos[i].keyword);
 			break;
 		}