Closed rider8581 closed 3 years ago
I read the code of dpdk cryptodev, however, it is too difficult for me to use. I have no dpdk installed and to customize dpdk code for my project is taking too much time....
Please have a look here https://github.com/intel/intel-ipsec-mb/blob/master/test/chained_test.c to see example of programming interface for AES-CBC-128 HMAC-SHA1 that is identical to your configuration
Thank you for your kind response. Yeah, I checked it and it seems like the IV is manually set. When I decrypt ESP packet, I need to get IV from ESP header. https://github.com/intel/intel-ipsec-mb/blob/master/test/ipsec_xvalid.c Do you think this example can get the IV from ESP header? Or any other examples which can decrypt or encrypt the ESP packets?
As to packet format, you may need to look into spec like this https://tools.ietf.org/html/rfc3602#section-3 or some example ipsec network stacks (example https://doc.dpdk.org/guides/sample_app_ug/ipsec_secgw.html).
The library is rather agnostic when it comes to the protocol above and it can be used with IPsec or TLS or something else.
https://doc.dpdk.org/guides/sample_app_ug/ipsec_secgw.html I checked and ran this example, however it is based on dpdk so I cannot use it for my project. Please let me know if there are any other IPsec implementation based on intel-ipsec-mb.
Right but you can have a look as to how IV is extracted from the packet.
Yes, I know it. But it would take a lot of time to implement the ESP protocol by myself. Please let me know if there are any examples of IPSec implementation based on intel-ipsec-mb. (without dpdk)
I am aware of DPDK, VPP and 6Wind implementations
Could you give me the reference of VPP and 6Wind?
Thank you for your comment. I checked the projects which you sent me, however, all those are big projects which cover their own memory management and I cannot use them because I have to run my application on Graphene-SGX(https://github.com/oscarlab/graphene). I can capture the ESP packet and I need the simple code which can decrypt it and encrypt the plain-IP packets into ESP packets to respond. Are there any other examples?
Sorry but I am not aware of other samples other than the ones I shared earlier. If you find something then please take a minute to post an update here. Thanks
Let me close this issue. Feel free to re-open or post an update at any time. Thanks
I am developing a kind of ipsec gateway and using this library as a encryption/decryption engine.
I have to encrypt and decrypt the payload data based on configuration like following:
SP IPv4 rules
sp ipv4 out esp protect 7 pri 1 dst 0.0.0.0/0 sport 0:65535 dport 0:65535
sp ipv4 in esp protect 8 pri 1 dst 0.0.0.0/0 sport 0:65535 dport 0:65535
SA rules
sa out 7 cipher_algo aes-128-cbc \ cipher_key AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB \ auth_algo sha1-hmac auth_key C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1:C1 \ mode ipv4-tunnel src 169.254.9.10 dst 169.254.9.9
sa in 8 cipher_algo aes-128-cbc \ cipher_key 12:12:12:12:12:12:12:12:12:12:12:12:12:12:12:12 \ auth_algo sha1-hmac auth_key B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5:B5 \ mode ipv4-tunnel src 169.254.9.9 dst 169.254.9.10
Routing rules
rt ipv4 dst 169.254.9.0/24 port 0
Neighbour rules
neigh port 0 54:B2:03:8C:F3:64
There are too many parameters and I cannot find any sample code to initialize the mb_mgr and fill the job parameters based on the above configuration.
Help me, Help me, please... Any guides or sample code would be helpful to me.