> -----Original Message-----
> From: Akhil Goyal <gak...@marvell.com>
> Sent: Friday, May 13, 2022 3:24 PM
> To: Gagandeep Singh <g.si...@nxp.com>; dev@dpdk.org
> Subject: RE: [EXT] [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-
> CBC
>
> > ipsec-secgw application is updated to support DES-CBC ciphering and
> > XCBC-MAC authentication based IPsec functionality.
> >
> > Signed-off-by: Gagandeep Singh <g.si...@nxp.com>
> > ---
> > examples/ipsec-secgw/esp.c | 5 +++++
> > examples/ipsec-secgw/sa.c | 8 ++++++++
> > 2 files changed, 13 insertions(+)
> Documentation updates missing for new algos
> "doc/guides/sample_app_ug/ipsec_secgw.rst"
Ok, It appears algo SHA256_HMAC is also missing in the document.
>
> >
> > diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> > index bd233752c8..b72a5604c8 100644
> > --- a/examples/ipsec-secgw/esp.c
> > +++ b/examples/ipsec-secgw/esp.c
> > @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa
> > *sa,
> >
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > /* Copy IV at the end of crypto operation */ @@ -121,6
> +122,7 @@
> > esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > case RTE_CRYPTO_AUTH_NULL:
> > case RTE_CRYPTO_AUTH_SHA1_HMAC:
> > case RTE_CRYPTO_AUTH_SHA256_HMAC:
> > + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> > sym_cop->auth.data.offset = ip_hdr_len;
> > sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> > +
> > sa->iv_len + payload_len;
> > @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > memset(iv, 0, sa->iv_len);
> > @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > sym_cop->cipher.data.offset = ip_hdr_len + @@ -431,6
> +435,7 @@
> > esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > case RTE_CRYPTO_AUTH_NULL:
> > case RTE_CRYPTO_AUTH_SHA1_HMAC:
> > case RTE_CRYPTO_AUTH_SHA256_HMAC:
> > + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> > sym_cop->auth.data.offset = ip_hdr_len;
> > sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> > +
> > sa->iv_len + pad_payload_len;
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> > index 1839ac71af..8159b32a72 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] =
> {
> > .iv_len = 8,
> > .block_size = 8,
> > .key_len = 24
> > + },
> > + {
> > + .keyword = "des-cbc",
> > + .algo = RTE_CRYPTO_CIPHER_DES_CBC,
> > + .iv_len = 8,
> > + .block_size = 8,
> > + .key_len = 8
> > }
> > };
> >
> > @@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CTR:
> > --
> > 2.25.1
