From 72454dd4c5196594b366883bbf732c9e067c64ec Mon Sep 17 00:00:00 2001
From: “mukeshyadav1984” <mukyadav@cisco.com>
Date: Tue, 28 Nov 2017 10:52:34 -0800
Subject: DES-CBC/3DES-CBC support for VPP IPSec Core
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: I876f215b129e5e59d3acc6447ce40458cc341eba
Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
---
 src/vnet/ipsec/esp_decrypt.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

(limited to 'src/vnet/ipsec/esp_decrypt.c')

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index fac40358f16..a769e6bd51a 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -81,8 +81,8 @@ format_esp_decrypt_trace (u8 * s, va_list * args)
 }
 
 always_inline void
-esp_decrypt_aes_cbc (ipsec_crypto_alg_t alg,
-		     u8 * in, u8 * out, size_t in_len, u8 * key, u8 * iv)
+esp_decrypt_cbc (ipsec_crypto_alg_t alg,
+		 u8 * in, u8 * out, size_t in_len, u8 * key, u8 * iv)
 {
   ipsec_proto_main_t *em = &ipsec_proto_main;
   u32 thread_index = vlib_get_thread_index ();
@@ -246,11 +246,15 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 	  /* add old buffer to the recycle list */
 	  vec_add1 (recycle, i_bi0);
 
-	  if (sa0->crypto_alg >= IPSEC_CRYPTO_ALG_AES_CBC_128 &&
-	      sa0->crypto_alg <= IPSEC_CRYPTO_ALG_AES_CBC_256)
+	  if ((sa0->crypto_alg >= IPSEC_CRYPTO_ALG_AES_CBC_128 &&
+	       sa0->crypto_alg <= IPSEC_CRYPTO_ALG_AES_CBC_256) ||
+	      (sa0->crypto_alg >= IPSEC_CRYPTO_ALG_DES_CBC &&
+	       sa0->crypto_alg <= IPSEC_CRYPTO_ALG_3DES_CBC))
 	    {
-	      const int BLOCK_SIZE = 16;
-	      const int IV_SIZE = 16;
+	      const int BLOCK_SIZE =
+		em->ipsec_proto_main_crypto_algs[sa0->crypto_alg].block_size;;
+	      const int IV_SIZE =
+		em->ipsec_proto_main_crypto_algs[sa0->crypto_alg].iv_size;
 	      esp_footer_t *f0;
 	      u8 ip_hdr_size = 0;
 
@@ -298,13 +302,13 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		    }
 		}
 
-	      esp_decrypt_aes_cbc (sa0->crypto_alg,
-				   esp0->data + IV_SIZE,
-				   (u8 *) vlib_buffer_get_current (o_b0) +
-				   ip_hdr_size, BLOCK_SIZE * blocks,
-				   sa0->crypto_key, esp0->data);
+	      esp_decrypt_cbc (sa0->crypto_alg,
+			       esp0->data + IV_SIZE,
+			       (u8 *) vlib_buffer_get_current (o_b0) +
+			       ip_hdr_size, BLOCK_SIZE * blocks,
+			       sa0->crypto_key, esp0->data);
 
-	      o_b0->current_length = (blocks * 16) - 2 + ip_hdr_size;
+	      o_b0->current_length = (blocks * BLOCK_SIZE) - 2 + ip_hdr_size;
 	      o_b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
 	      f0 =
 		(esp_footer_t *) ((u8 *) vlib_buffer_get_current (o_b0) +
-- 
cgit 1.2.3-korg