[PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC

Sun, 24 Apr 2022 21:15:21 -0700 

ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.

Signed-off-by: Gagandeep Singh <g.si...@nxp.com>
---
 examples/ipsec-secgw/esp.c | 5 +++++
 examples/ipsec-secgw/sa.c  | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
                switch (sa->cipher_algo) {
                case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                case RTE_CRYPTO_CIPHER_3DES_CBC:
                case RTE_CRYPTO_CIPHER_AES_CBC:
                        /* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                case RTE_CRYPTO_AUTH_NULL:
                case RTE_CRYPTO_AUTH_SHA1_HMAC:
                case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
                        sym_cop->auth.data.offset = ip_hdr_len;
                        sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
                                sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
        } else {
                switch (sa->cipher_algo) {
                case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                case RTE_CRYPTO_CIPHER_3DES_CBC:
                case RTE_CRYPTO_CIPHER_AES_CBC:
                        memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
        } else {
                switch (sa->cipher_algo) {
                case RTE_CRYPTO_CIPHER_NULL:
+               case RTE_CRYPTO_CIPHER_DES_CBC:
                case RTE_CRYPTO_CIPHER_3DES_CBC:
                case RTE_CRYPTO_CIPHER_AES_CBC:
                        sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                case RTE_CRYPTO_AUTH_NULL:
                case RTE_CRYPTO_AUTH_SHA1_HMAC:
                case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
                        sym_cop->auth.data.offset = ip_hdr_len;
                        sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
                                sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1839ac71af..8159b32a72 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
                .iv_len = 8,
                .block_size = 8,
                .key_len = 24
+       },
+       {
+               .keyword = "des-cbc",
+               .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+               .iv_len = 8,
+               .block_size = 8,
+               .key_len = 8
        }
 };
 
@@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa 
entries[],
                } else {
                        switch (sa->cipher_algo) {
                        case RTE_CRYPTO_CIPHER_NULL:
+                       case RTE_CRYPTO_CIPHER_DES_CBC:
                        case RTE_CRYPTO_CIPHER_3DES_CBC:
                        case RTE_CRYPTO_CIPHER_AES_CBC:
                        case RTE_CRYPTO_CIPHER_AES_CTR:
-- 
2.25.1

Reply via email to