> ipsec-secgw application is updated to support
> DES-CBC ciphering and XCBC-MAC authentication
> based IPsec functionality.
>
> Signed-off-by: Gagandeep Singh <g.si...@nxp.com>
> ---
> examples/ipsec-secgw/esp.c | 5 +++++
> examples/ipsec-secgw/sa.c | 8 ++++++++
> 2 files changed, 13 insertions(+)
Documentation updates missing for new algos
"doc/guides/sample_app_ug/ipsec_secgw.rst"
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index bd233752c8..b72a5604c8 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> /* Copy IV at the end of crypto operation */
> @@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> case RTE_CRYPTO_AUTH_NULL:
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> sym_cop->auth.data.offset = ip_hdr_len;
> sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> +
> sa->iv_len + payload_len;
> @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> memset(iv, 0, sa->iv_len);
> @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> sym_cop->cipher.data.offset = ip_hdr_len +
> @@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> case RTE_CRYPTO_AUTH_NULL:
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> sym_cop->auth.data.offset = ip_hdr_len;
> sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> +
> sa->iv_len + pad_payload_len;
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 1839ac71af..8159b32a72 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
> .iv_len = 8,
> .block_size = 8,
> .key_len = 24
> + },
> + {
> + .keyword = "des-cbc",
> + .algo = RTE_CRYPTO_CIPHER_DES_CBC,
> + .iv_len = 8,
> + .block_size = 8,
> + .key_len = 8
> }
> };
>
> @@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CTR:
> --
> 2.25.1
