From patchwork Wed Mar 20 15:38:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fan Zhang X-Patchwork-Id: 51408 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9F46F1B1FD; Wed, 20 Mar 2019 16:41:24 +0100 (CET) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 7B6A41B131 for ; Wed, 20 Mar 2019 16:41:18 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Mar 2019 08:41:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,249,1549958400"; d="scan'208";a="153475742" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.136]) by fmsmga002.fm.intel.com with ESMTP; 20 Mar 2019 08:41:15 -0700 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Date: Wed, 20 Mar 2019 15:38:36 +0000 Message-Id: <20190320153838.60419-4-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.14.5 In-Reply-To: <20190320153838.60419-1-roy.fan.zhang@intel.com> References: <20190320135108.50909-1-roy.fan.zhang@intel.com> <20190320153838.60419-1-roy.fan.zhang@intel.com> Subject: [dpdk-dev] [PATCH v5 3/5] ipsec: support 3DES-CBC X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds triple-des CBC mode cipher algorithm to ipsec library. Signed-off-by: Fan Zhang Acked-by: Konstantin Ananyev --- lib/librte_ipsec/sa.c | 40 ++++++++++++++++++++++------------------ lib/librte_ipsec/sa.h | 6 ++++++ 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c index e34dd320a..2eb6bae07 100644 --- a/lib/librte_ipsec/sa.c +++ b/lib/librte_ipsec/sa.c @@ -238,6 +238,7 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) sa->ctp.cipher.length = 0; break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES_CBC: sa->ctp.cipher.offset = sa->hdr_len + sizeof(struct esp_hdr); sa->ctp.cipher.length = sa->iv_len; break; @@ -307,6 +308,13 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, sa->algo_type = ALGO_TYPE_AES_CTR; break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + /* RFC 1851 */ + sa->pad_align = IPSEC_PAD_3DES_CBC; + sa->iv_len = IPSEC_3DES_IV_SIZE; + sa->algo_type = ALGO_TYPE_3DES_CBC; + break; + default: return -EINVAL; } @@ -476,6 +484,19 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sop = cop->sym; switch (algo_type) { + case ALGO_TYPE_AES_CBC: + /* Cipher-Auth (AES-CBC *) case */ + case ALGO_TYPE_3DES_CBC: + /* Cipher-Auth (3DES-CBC *) case */ + case ALGO_TYPE_NULL: + /* NULL case */ + sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; + sop->cipher.data.length = sa->ctp.cipher.length + plen; + sop->auth.data.offset = sa->ctp.auth.offset + hlen; + sop->auth.data.length = sa->ctp.auth.length + plen; + sop->auth.digest.data = icv->va; + sop->auth.digest.phys_addr = icv->pa; + break; case ALGO_TYPE_AES_GCM: /* AEAD (AES_GCM) case */ sop->aead.data.offset = sa->ctp.cipher.offset + hlen; @@ -490,15 +511,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; - case ALGO_TYPE_AES_CBC: - /* Cipher-Auth (AES-CBC *) case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; case ALGO_TYPE_AES_CTR: /* Cipher-Auth (AES-CTR *) case */ sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; @@ -512,15 +524,6 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop, sa->iv_ofs); aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt); break; - case ALGO_TYPE_NULL: - /* NULL case */ - sop->cipher.data.offset = sa->ctp.cipher.offset + hlen; - sop->cipher.data.length = sa->ctp.cipher.length + plen; - sop->auth.data.offset = sa->ctp.auth.offset + hlen; - sop->auth.data.length = sa->ctp.auth.length + plen; - sop->auth.digest.data = icv->va; - sop->auth.digest.phys_addr = icv->pa; - break; default: break; } @@ -873,6 +876,7 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop, aead_gcm_iv_fill(gcm, ivp[0], sa->salt); break; case ALGO_TYPE_AES_CBC: + case ALGO_TYPE_3DES_CBC: sop->cipher.data.offset = pofs + sa->ctp.cipher.offset; sop->cipher.data.length = clen; sop->auth.data.offset = pofs + sa->ctp.auth.offset; diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h index 12c061ee6..c3a0d84bc 100644 --- a/lib/librte_ipsec/sa.h +++ b/lib/librte_ipsec/sa.h @@ -14,6 +14,7 @@ /* padding alignment for different algorithms */ enum { IPSEC_PAD_DEFAULT = 4, + IPSEC_PAD_3DES_CBC = 8, IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE, IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT, IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT, @@ -24,6 +25,10 @@ enum { enum { IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE, IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t), + /* TripleDES supports IV size of 32bits or 64bits but he library + * only supports 64bits. + */ + IPSEC_3DES_IV_SIZE = sizeof(uint64_t), }; /* these definitions probably has to be in rte_crypto_sym.h */ @@ -57,6 +62,7 @@ struct replay_sqn { /*IPSEC SA supported algorithms */ enum sa_algo_type { ALGO_TYPE_NULL = 0, + ALGO_TYPE_3DES_CBC, ALGO_TYPE_AES_CBC, ALGO_TYPE_AES_CTR, ALGO_TYPE_AES_GCM,