GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/50351/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 50351,
    "url": "https://patches.dpdk.org/api/patches/50351/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20190218163254.56905-2-roy.fan.zhang@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20190218163254.56905-2-roy.fan.zhang@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20190218163254.56905-2-roy.fan.zhang@intel.com",
    "date": "2019-02-18T16:32:51",
    "name": "[1/4] ipsec: add AES-CTR algorithm support",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "8d7b04e6cc9ed2a1eb1799d66bbd1ea79b01ad4d",
    "submitter": {
        "id": 304,
        "url": "https://patches.dpdk.org/api/people/304/?format=api",
        "name": "Fan Zhang",
        "email": "roy.fan.zhang@intel.com"
    },
    "delegate": {
        "id": 6690,
        "url": "https://patches.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20190218163254.56905-2-roy.fan.zhang@intel.com/mbox/",
    "series": [
        {
            "id": 3477,
            "url": "https://patches.dpdk.org/api/series/3477/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=3477",
            "date": "2019-02-18T16:32:50",
            "name": "ipsec: add AES-CTR and 3DES-CBC support",
            "version": 1,
            "mbox": "https://patches.dpdk.org/series/3477/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/50351/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/50351/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@dpdk.org",
        "Delivered-To": "patchwork@dpdk.org",
        "Received": [
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 271947CBC;\n\tMon, 18 Feb 2019 17:33:48 +0100 (CET)",
            "from mga06.intel.com (mga06.intel.com [134.134.136.31])\n\tby dpdk.org (Postfix) with ESMTP id C68AB58EC\n\tfor <dev@dpdk.org>; Mon, 18 Feb 2019 17:33:45 +0100 (CET)",
            "from fmsmga005.fm.intel.com ([10.253.24.32])\n\tby orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t18 Feb 2019 08:33:45 -0800",
            "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.136])\n\tby fmsmga005.fm.intel.com with ESMTP; 18 Feb 2019 08:33:43 -0800"
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.58,385,1544515200\"; d=\"scan'208\";a=\"321348938\"",
        "From": "Fan Zhang <roy.fan.zhang@intel.com>",
        "To": "dev@dpdk.org",
        "Cc": "akhil.goyal@nxp.com, konstantin.ananyev@intel.com,\n\troy.fan.zhang@intel.com",
        "Date": "Mon, 18 Feb 2019 16:32:51 +0000",
        "Message-Id": "<20190218163254.56905-2-roy.fan.zhang@intel.com>",
        "X-Mailer": "git-send-email 2.14.5",
        "In-Reply-To": "<20190218163254.56905-1-roy.fan.zhang@intel.com>",
        "References": "<20190218163254.56905-1-roy.fan.zhang@intel.com>",
        "Subject": "[dpdk-dev] [PATCH 1/4] ipsec: add AES-CTR algorithm support",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "This patch adds AES-CTR cipher algorithm support to ipsec\nlibrary.\n\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\n---\n lib/librte_ipsec/crypto.h |  17 ++++++\n lib/librte_ipsec/sa.c     | 133 ++++++++++++++++++++++++++++++++++++++--------\n lib/librte_ipsec/sa.h     |  18 +++++++\n 3 files changed, 147 insertions(+), 21 deletions(-)",
    "diff": "diff --git a/lib/librte_ipsec/crypto.h b/lib/librte_ipsec/crypto.h\nindex b5f264831..4f551e39c 100644\n--- a/lib/librte_ipsec/crypto.h\n+++ b/lib/librte_ipsec/crypto.h\n@@ -11,6 +11,16 @@\n  * by ipsec library.\n  */\n \n+/*\n+ * AES-CTR counter block format.\n+ */\n+\n+struct aesctr_cnt_blk {\n+\tuint32_t nonce;\n+\tuint64_t iv;\n+\tuint32_t cnt;\n+} __attribute__((packed));\n+\n  /*\n   * AES-GCM devices have some specific requirements for IV and AAD formats.\n   * Ideally that to be done by the driver itself.\n@@ -41,6 +51,13 @@ struct gcm_esph_iv {\n \tuint64_t iv;\n } __attribute__((packed));\n \n+static inline void\n+aes_ctr_cnt_blk_fill(struct aesctr_cnt_blk *ctr, uint64_t iv, uint32_t nonce)\n+{\n+\tctr->nonce = nonce;\n+\tctr->iv = iv;\n+\tctr->cnt = rte_cpu_to_be_32(1);\n+}\n \n static inline void\n aead_gcm_iv_fill(struct aead_gcm_iv *gcm, uint64_t iv, uint32_t salt)\ndiff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c\nindex 5f55c2a4e..e34dd320a 100644\n--- a/lib/librte_ipsec/sa.c\n+++ b/lib/librte_ipsec/sa.c\n@@ -219,18 +219,28 @@ esp_inb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)\n static void\n esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen)\n {\n+\tuint8_t algo_type;\n+\n \tsa->sqn.outb.raw = 1;\n \n \t/* these params may differ with new algorithms support */\n \tsa->ctp.auth.offset = hlen;\n \tsa->ctp.auth.length = sizeof(struct esp_hdr) + sa->iv_len + sa->sqh_len;\n-\tif (sa->aad_len != 0) {\n+\n+\talgo_type = sa->algo_type;\n+\n+\tswitch (algo_type) {\n+\tcase ALGO_TYPE_AES_GCM:\n+\tcase ALGO_TYPE_AES_CTR:\n+\tcase ALGO_TYPE_NULL:\n \t\tsa->ctp.cipher.offset = hlen + sizeof(struct esp_hdr) +\n \t\t\tsa->iv_len;\n \t\tsa->ctp.cipher.length = 0;\n-\t} else {\n+\t\tbreak;\n+\tcase ALGO_TYPE_AES_CBC:\n \t\tsa->ctp.cipher.offset = sa->hdr_len + sizeof(struct esp_hdr);\n \t\tsa->ctp.cipher.length = sa->iv_len;\n+\t\tbreak;\n \t}\n }\n \n@@ -259,26 +269,47 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \t\t\t\tRTE_IPSEC_SATP_MODE_MASK;\n \n \tif (cxf->aead != NULL) {\n-\t\t/* RFC 4106 */\n-\t\tif (cxf->aead->algo != RTE_CRYPTO_AEAD_AES_GCM)\n+\t\tswitch (cxf->aead->algo) {\n+\t\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\t\t/* RFC 4106 */\n+\t\t\tsa->aad_len = sizeof(struct aead_gcm_aad);\n+\t\t\tsa->icv_len = cxf->aead->digest_length;\n+\t\t\tsa->iv_ofs = cxf->aead->iv.offset;\n+\t\t\tsa->iv_len = sizeof(uint64_t);\n+\t\t\tsa->pad_align = IPSEC_PAD_AES_GCM;\n+\t\t\tsa->algo_type = ALGO_TYPE_AES_GCM;\n+\t\t\tbreak;\n+\t\tdefault:\n \t\t\treturn -EINVAL;\n-\t\tsa->aad_len = sizeof(struct aead_gcm_aad);\n-\t\tsa->icv_len = cxf->aead->digest_length;\n-\t\tsa->iv_ofs = cxf->aead->iv.offset;\n-\t\tsa->iv_len = sizeof(uint64_t);\n-\t\tsa->pad_align = IPSEC_PAD_AES_GCM;\n+\t\t}\n \t} else {\n \t\tsa->icv_len = cxf->auth->digest_length;\n \t\tsa->iv_ofs = cxf->cipher->iv.offset;\n \t\tsa->sqh_len = IS_ESN(sa) ? sizeof(uint32_t) : 0;\n-\t\tif (cxf->cipher->algo == RTE_CRYPTO_CIPHER_NULL) {\n+\n+\t\tswitch (cxf->cipher->algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_NULL:\n \t\t\tsa->pad_align = IPSEC_PAD_NULL;\n \t\t\tsa->iv_len = 0;\n-\t\t} else if (cxf->cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\t\tsa->algo_type = ALGO_TYPE_NULL;\n+\t\t\tbreak;\n+\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n \t\t\tsa->pad_align = IPSEC_PAD_AES_CBC;\n \t\t\tsa->iv_len = IPSEC_MAX_IV_SIZE;\n-\t\t} else\n+\t\t\tsa->algo_type = ALGO_TYPE_AES_CBC;\n+\t\t\tbreak;\n+\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\t/* RFC 3686 */\n+\t\t\tsa->pad_align = IPSEC_PAD_AES_CTR;\n+\t\t\tsa->iv_len = IPSEC_AES_CTR_IV_SIZE;\n+\t\t\tsa->algo_type = ALGO_TYPE_AES_CTR;\n+\t\t\tbreak;\n+\n+\t\tdefault:\n \t\t\treturn -EINVAL;\n+\t\t}\n \t}\n \n \tsa->udata = prm->userdata;\n@@ -438,12 +469,15 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop,\n {\n \tstruct rte_crypto_sym_op *sop;\n \tstruct aead_gcm_iv *gcm;\n+\tstruct aesctr_cnt_blk *ctr;\n+\tuint8_t algo_type = sa->algo_type;\n \n \t/* fill sym op fields */\n \tsop = cop->sym;\n \n-\t/* AEAD (AES_GCM) case */\n-\tif (sa->aad_len != 0) {\n+\tswitch (algo_type) {\n+\tcase ALGO_TYPE_AES_GCM:\n+\t\t/* AEAD (AES_GCM) case */\n \t\tsop->aead.data.offset = sa->ctp.cipher.offset + hlen;\n \t\tsop->aead.data.length = sa->ctp.cipher.length + plen;\n \t\tsop->aead.digest.data = icv->va;\n@@ -455,14 +489,40 @@ esp_outb_cop_prepare(struct rte_crypto_op *cop,\n \t\tgcm = rte_crypto_op_ctod_offset(cop, struct aead_gcm_iv *,\n \t\t\tsa->iv_ofs);\n \t\taead_gcm_iv_fill(gcm, ivp[0], sa->salt);\n-\t/* CRYPT+AUTH case */\n-\t} else {\n+\t\tbreak;\n+\tcase ALGO_TYPE_AES_CBC:\n+\t\t/* Cipher-Auth (AES-CBC *) case */\n+\t\tsop->cipher.data.offset = sa->ctp.cipher.offset + hlen;\n+\t\tsop->cipher.data.length = sa->ctp.cipher.length + plen;\n+\t\tsop->auth.data.offset = sa->ctp.auth.offset + hlen;\n+\t\tsop->auth.data.length = sa->ctp.auth.length + plen;\n+\t\tsop->auth.digest.data = icv->va;\n+\t\tsop->auth.digest.phys_addr = icv->pa;\n+\t\tbreak;\n+\tcase ALGO_TYPE_AES_CTR:\n+\t\t/* Cipher-Auth (AES-CTR *) case */\n+\t\tsop->cipher.data.offset = sa->ctp.cipher.offset + hlen;\n+\t\tsop->cipher.data.length = sa->ctp.cipher.length + plen;\n+\t\tsop->auth.data.offset = sa->ctp.auth.offset + hlen;\n+\t\tsop->auth.data.length = sa->ctp.auth.length + plen;\n+\t\tsop->auth.digest.data = icv->va;\n+\t\tsop->auth.digest.phys_addr = icv->pa;\n+\n+\t\tctr = rte_crypto_op_ctod_offset(cop, struct aesctr_cnt_blk *,\n+\t\t\tsa->iv_ofs);\n+\t\taes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt);\n+\t\tbreak;\n+\tcase ALGO_TYPE_NULL:\n+\t\t/* NULL case */\n \t\tsop->cipher.data.offset = sa->ctp.cipher.offset + hlen;\n \t\tsop->cipher.data.length = sa->ctp.cipher.length + plen;\n \t\tsop->auth.data.offset = sa->ctp.auth.offset + hlen;\n \t\tsop->auth.data.length = sa->ctp.auth.length + plen;\n \t\tsop->auth.digest.data = icv->va;\n \t\tsop->auth.digest.phys_addr = icv->pa;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n \t}\n }\n \n@@ -561,6 +621,7 @@ outb_pkt_xprepare(const struct rte_ipsec_sa *sa, rte_be64_t sqc,\n {\n \tuint32_t *psqh;\n \tstruct aead_gcm_aad *aad;\n+\tuint8_t algo_type = sa->algo_type;\n \n \t/* insert SQN.hi between ESP trailer and ICV */\n \tif (sa->sqh_len != 0) {\n@@ -572,7 +633,7 @@ outb_pkt_xprepare(const struct rte_ipsec_sa *sa, rte_be64_t sqc,\n \t * fill IV and AAD fields, if any (aad fields are placed after icv),\n \t * right now we support only one AEAD algorithm: AES-GCM .\n \t */\n-\tif (sa->aad_len != 0) {\n+\tif (algo_type == ALGO_TYPE_AES_GCM) {\n \t\taad = (struct aead_gcm_aad *)(icv->va + sa->icv_len);\n \t\taead_gcm_aad_fill(aad, sa->spi, sqc, IS_ESN(sa));\n \t}\n@@ -783,8 +844,10 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop,\n {\n \tstruct rte_crypto_sym_op *sop;\n \tstruct aead_gcm_iv *gcm;\n+\tstruct aesctr_cnt_blk *ctr;\n \tuint64_t *ivc, *ivp;\n \tuint32_t clen;\n+\tuint8_t algo_type = sa->algo_type;\n \n \tclen = plen - sa->ctp.cipher.length;\n \tif ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)\n@@ -793,8 +856,8 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop,\n \t/* fill sym op fields */\n \tsop = cop->sym;\n \n-\t/* AEAD (AES_GCM) case */\n-\tif (sa->aad_len != 0) {\n+\tswitch (algo_type) {\n+\tcase ALGO_TYPE_AES_GCM:\n \t\tsop->aead.data.offset = pofs + sa->ctp.cipher.offset;\n \t\tsop->aead.data.length = clen;\n \t\tsop->aead.digest.data = icv->va;\n@@ -808,8 +871,8 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop,\n \t\tivp = rte_pktmbuf_mtod_offset(mb, uint64_t *,\n \t\t\tpofs + sizeof(struct esp_hdr));\n \t\taead_gcm_iv_fill(gcm, ivp[0], sa->salt);\n-\t/* CRYPT+AUTH case */\n-\t} else {\n+\t\tbreak;\n+\tcase ALGO_TYPE_AES_CBC:\n \t\tsop->cipher.data.offset = pofs + sa->ctp.cipher.offset;\n \t\tsop->cipher.data.length = clen;\n \t\tsop->auth.data.offset = pofs + sa->ctp.auth.offset;\n@@ -822,7 +885,35 @@ esp_inb_tun_cop_prepare(struct rte_crypto_op *cop,\n \t\tivp = rte_pktmbuf_mtod_offset(mb, uint64_t *,\n \t\t\tpofs + sizeof(struct esp_hdr));\n \t\tcopy_iv(ivc, ivp, sa->iv_len);\n+\t\tbreak;\n+\tcase ALGO_TYPE_AES_CTR:\n+\t\tsop->cipher.data.offset = pofs + sa->ctp.cipher.offset;\n+\t\tsop->cipher.data.length = clen;\n+\t\tsop->auth.data.offset = pofs + sa->ctp.auth.offset;\n+\t\tsop->auth.data.length = plen - sa->ctp.auth.length;\n+\t\tsop->auth.digest.data = icv->va;\n+\t\tsop->auth.digest.phys_addr = icv->pa;\n+\n+\t\t/* copy iv from the input packet to the cop */\n+\t\tctr = rte_crypto_op_ctod_offset(cop, struct aesctr_cnt_blk *,\n+\t\t\tsa->iv_ofs);\n+\t\tivp = rte_pktmbuf_mtod_offset(mb, uint64_t *,\n+\t\t\tpofs + sizeof(struct esp_hdr));\n+\t\taes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt);\n+\t\tbreak;\n+\tcase ALGO_TYPE_NULL:\n+\t\tsop->cipher.data.offset = pofs + sa->ctp.cipher.offset;\n+\t\tsop->cipher.data.length = clen;\n+\t\tsop->auth.data.offset = pofs + sa->ctp.auth.offset;\n+\t\tsop->auth.data.length = plen - sa->ctp.auth.length;\n+\t\tsop->auth.digest.data = icv->va;\n+\t\tsop->auth.digest.phys_addr = icv->pa;\n+\t\tbreak;\n+\n+\tdefault:\n+\t\treturn -EINVAL;\n \t}\n+\n \treturn 0;\n }\n \ndiff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h\nindex 392e8fd7b..12c061ee6 100644\n--- a/lib/librte_ipsec/sa.h\n+++ b/lib/librte_ipsec/sa.h\n@@ -15,10 +15,17 @@\n enum {\n \tIPSEC_PAD_DEFAULT = 4,\n \tIPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,\n+\tIPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,\n \tIPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,\n \tIPSEC_PAD_NULL = IPSEC_PAD_DEFAULT,\n };\n \n+/* iv sizes for different algorithms */\n+enum {\n+\tIPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,\n+\tIPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),\n+};\n+\n /* these definitions probably has to be in rte_crypto_sym.h */\n union sym_op_ofslen {\n \tuint64_t raw;\n@@ -47,7 +54,17 @@ struct replay_sqn {\n \t__extension__ uint64_t window[0];\n };\n \n+/*IPSEC SA supported algorithms */\n+enum sa_algo_type\t{\n+\tALGO_TYPE_NULL = 0,\n+\tALGO_TYPE_AES_CBC,\n+\tALGO_TYPE_AES_CTR,\n+\tALGO_TYPE_AES_GCM,\n+\tALGO_TYPE_MAX\n+};\n+\n struct rte_ipsec_sa {\n+\n \tuint64_t type;     /* type of given SA */\n \tuint64_t udata;    /* user defined */\n \tuint32_t size;     /* size of given sa object */\n@@ -65,6 +82,7 @@ struct rte_ipsec_sa {\n \t\tunion sym_op_ofslen auth;\n \t} ctp;\n \tuint32_t salt;\n+\tuint8_t algo_type;\n \tuint8_t proto;    /* next proto */\n \tuint8_t aad_len;\n \tuint8_t hdr_len;\n",
    "prefixes": [
        "1/4"
    ]
}