[PATCH 0/3] IPSec AES-GCM support

[PATCH 0/3] IPSec AES-GCM support

[Sergio Gonzalez Monroy]

This patch set mainly introduces support for AES-GCM.

It also changes the IV generation for AES-CBC mode using the forward
function instead of randomly generating the IV.

Dependencies:
examples/ipsec-secgw: add configuration file support
http://dpdk.org/dev/patchwork/patch/15269/

examples/ipsec-secgw: add sample configuration files
http://dpdk.org/dev/patchwork/patch/15270/

Sergio Gonzalez Monroy (3):
  examples/ipsec-secgw: change CBC IV generation
  examples/ipsec-secgw: reset crypto operation status
  examples/ipsec-secgw: add AES-GCM support

 examples/ipsec-secgw/esp.c   | 144 ++++++++++++++++++++++++++++++-------------
 examples/ipsec-secgw/ipsec.c |   1 +
 examples/ipsec-secgw/ipsec.h |  42 ++++++++++++-
 examples/ipsec-secgw/sa.c    |  36 ++++++++---
 4 files changed, 172 insertions(+), 51 deletions(-)

-- 
2.5.5

[PATCH 1/3] examples/ipsec-secgw: change CBC IV generation

[Sergio Gonzalez Monroy]

NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator

This patch implements the first recommended method by using the forward
function to generate the IV.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 99 +++++++++++++++++++++++++-------------------
 examples/ipsec-secgw/ipsec.h | 33 ++++++++++++++-
 2 files changed, 88 insertions(+), 44 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 05caa77..d640ab2 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,21 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-static inline void
-random_iv_u64(uint64_t *buf, uint16_t n)
-{
-	uint32_t left = n & 0x7;
-	uint32_t i;
-
-	RTE_ASSERT((n & 0x3) == 0);
-
-	for (i = 0; i < (n >> 3); i++)
-		buf[i] = rte_rand();
-
-	if (left)
-		*((uint32_t *)&buf[i]) = (uint32_t)lrand48();
-}
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -98,22 +83,32 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		return -EINVAL;
 	}
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
+	sym_cop = get_sym_cop(cop);
 
 	sym_cop->m_src = m;
 	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, void*,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
+	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->cipher.iv.data = iv;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				 ip_hdr_len + sizeof(struct esp_hdr));
+		sym_cop->cipher.iv.length = sa->iv_len;
 
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-		sa->iv_len + payload_len;
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
@@ -282,10 +277,25 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sa->seq++;
 	esp->spi = rte_cpu_to_be_32(sa->spi);
-	esp->seq = rte_cpu_to_be_32(sa->seq);
+	esp->seq = rte_cpu_to_be_32((uint32_t)sa->seq);
 
-	if (sa->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
-		random_iv_u64((uint64_t *)(esp + 1), sa->iv_len);
+	uint64_t *iv = (uint64_t *)(esp + 1);
+
+	sym_cop = get_sym_cop(cop);
+	sym_cop->m_src = m;
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		memset(iv, 0, sa->iv_len);
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr);
+		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	/* Fill pad_len using default sequential scheme */
 	for (i = 0; i < pad_len - 2; i++)
@@ -293,22 +303,27 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
-
-	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
-			sa->iv_len;
-	sym_cop->cipher.data.length = pad_payload_len;
-
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
-			 ip_hdr_len + sizeof(struct esp_hdr));
+	struct cnt_blk *nonce = get_cnt_blk(m);
+	nonce->salt = sa->salt;
+	nonce->iv = sa->seq;
+	sym_cop->cipher.iv.data = (uint8_t *)nonce;
 	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
-
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) + sa->iv_len +
-		pad_payload_len;
+			 (uint8_t *)nonce - rte_pktmbuf_mtod(m, uint8_t *));
+	/* FIXME should be 12 for GCM, but API needs 16 */
+	sym_cop->cipher.iv.length = 16;
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + pad_payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4cc316c..d950df3 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -95,8 +95,9 @@ struct ip_addr {
 struct ipsec_sa {
 	uint32_t spi;
 	uint32_t cdev_id_qp;
+	uint64_t seq;
+	uint32_t salt;
 	struct rte_cryptodev_sym_session *crypto_session;
-	uint32_t seq;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
 	uint16_t digest_len;
@@ -116,10 +117,11 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
+	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
-};
+} __rte_cache_aligned;
 
 struct cdev_qp {
 	uint16_t id;
@@ -157,6 +159,11 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 };
 
+struct cnt_blk {
+	uint32_t salt;
+	uint64_t iv;
+};
+
 uint16_t
 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 		uint16_t nb_pkts, uint16_t len);
@@ -177,6 +184,28 @@ get_priv(struct rte_mbuf *m)
 	return RTE_PTR_ADD(m, sizeof(struct rte_mbuf));
 }
 
+static inline void *
+get_cnt_blk(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[0];
+}
+
+static inline void *
+get_cop(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->cop;
+}
+
+static inline void *
+get_sym_cop(struct rte_crypto_op *cop)
+{
+	return (cop + 1);
+}
+
 int
 inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
 
-- 
2.5.5

[PATCH 2/3] examples/ipsec-secgw: reset crypto operation status

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 1e87d0d..f49143b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,6 +124,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->sa = sa;
 
 		priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
+		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
 		priv->cop.sym = &priv->sym_cop;
-- 
2.5.5

[PATCH 3/3] examples/ipsec-secgw: add AES-GCM support

[Sergio Gonzalez Monroy]

Add support for AES-GCM (Galois-Counter Mode).

RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 59 ++++++++++++++++++++++++++++++++++++++------
 examples/ipsec-secgw/ipsec.h |  9 +++++++
 examples/ipsec-secgw/sa.c    | 36 +++++++++++++++++++++------
 3 files changed, 90 insertions(+), 14 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index d640ab2..3852c7e 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -90,6 +90,8 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
+	struct cnt_blk *nonce;
+	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
 
 	switch (sa->cipher_algo) {
@@ -99,14 +101,41 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				 ip_hdr_len + sizeof(struct esp_hdr));
 		sym_cop->cipher.iv.length = sa->iv_len;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		nonce = get_cnt_blk(m);
+		nonce->salt = sa->salt;
+		memcpy(&nonce->iv, iv, 8);
+		sym_cop->cipher.iv.data = (uint8_t *)nonce;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+			 (uint8_t *)nonce - rte_pktmbuf_mtod(m, uint8_t *));
+		/* FIXME should be 12 for GCM, but API needs 16 */
+		sym_cop->cipher.iv.length = 16;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
@@ -291,6 +320,12 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sizeof(struct esp_hdr);
 		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		*iv = sa->seq;
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr) + sa->iv_len;
+		sym_cop->cipher.data.length = pad_payload_len;
+		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
 				sa->cipher_algo);
@@ -312,16 +347,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	/* FIXME should be 12 for GCM, but API needs 16 */
 	sym_cop->cipher.iv.length = 16;
 
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
+	uint8_t *aad;
+
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + pad_payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, esp, 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index d950df3..4db6691 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -113,6 +113,7 @@ struct ipsec_sa {
 	uint16_t cipher_key_len;
 	uint8_t auth_key[MAX_KEY_SIZE];
 	uint16_t auth_key_len;
+	uint16_t aad_len;
 	struct rte_crypto_sym_xform *xforms;
 } __rte_cache_aligned;
 
@@ -193,6 +194,14 @@ get_cnt_blk(struct rte_mbuf *m)
 }
 
 static inline void *
+get_aad(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[16];
+}
+
+static inline void *
 get_cop(struct rte_mbuf *m)
 {
 	struct ipsec_mbuf_metadata *priv = get_priv(m);
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 54b5b19..67d39c9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -63,6 +63,8 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
+	uint8_t aad_len;
+	uint8_t key_not_req;
 };
 
 const struct supported_cipher_algo cipher_algos[] = {
@@ -79,6 +81,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 16,
 		.block_size = 16,
 		.key_len = 16
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 16
 	}
 };
 
@@ -87,13 +96,22 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "null",
 		.algo = RTE_CRYPTO_AUTH_NULL,
 		.digest_len = 0,
-		.key_len = 0
+		.key_len = 0,
+		.key_not_req = 1
 	},
 	{
 		.keyword = "sha1-hmac",
 		.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 		.digest_len = 12,
 		.key_len = 20
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.digest_len = 16,
+		.key_len = 16,
+		.aad_len = 8,
+		.key_not_req = 1
 	}
 };
 
@@ -255,8 +273,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->iv_len = algo->iv_len;
 			rule->cipher_key_len = algo->key_len;
 
-			/* for NULL algorithm, no cipher key should
-			 * exist */
+			/* for NULL algorithm, no cipher key required */
 			if (rule->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 				cipher_algo_p = 1;
 				continue;
@@ -307,9 +324,12 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->auth_algo = algo->algo;
 			rule->auth_key_len = algo->key_len;
 			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
 
-			/* for NULL algorithm, no auth key should exist */
-			if (rule->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			/* NULL algorithm and combined algos do not
+			 * require auth key
+			 */
+			if (algo->key_not_req) {
 				auth_algo_p = 1;
 				continue;
 			}
@@ -572,7 +592,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].a.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].a.auth.key.length =
 				sa->auth_key_len;
@@ -593,7 +614,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].b.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].b.auth.key.length =
 				sa->auth_key_len;
-- 
2.5.5

Re: [PATCH 3/3] examples/ipsec-secgw: add AES-GCM support

[De Lara Guarch, Pablo]

Hi Sergio,

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Tuesday, August 23, 2016 10:00 AM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH 3/3] examples/ipsec-secgw: add AES-GCM
> support
> 
> Add support for AES-GCM (Galois-Counter Mode).
> 
> RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

This probably deserves an update in release notes doc.

Thanks,
Pablo

[PATCH v2 0/8] IPsec Enhancements

[Sergio Gonzalez Monroy]

This patch set mainly adds support for AES-GCM and AES-CTR.

It also updates the IV generation method for AES-CBC mode using
the forward function instead of randomly generating the IV.

v2:
 - Update releas notes.
 - Initialize salt values, GCM/CTR key length now is 20B,
   16B key and 4 LSB salt.
 - Do not check SP/ACL if we have no rules.
 - Add macro for cryptodev queue size

Dependencies:
examples/ipsec-secgw: add configuration file support
http://dpdk.org/dev/patchwork/patch/16004/

examples/ipsec-secgw: add sample configuration files
http://dpdk.org/dev/patchwork/patch/16003/

Sergio Gonzalez Monroy (8):
  examples/ipsec-secgw: change CBC IV generation
  examples/ipsec-secgw: reset crypto operation status
  examples/ipsec-secgw: add AES-GCM support
  examples/ipsec-secgw: enable AES-CTR mode
  examples/ipsec-secgw: check sp only when setup
  examples/ipsec-secgw: cryptodev queue size macro
  examples/ipsec-secgw: initialize sa salt
  examples/ipsec-secgw: update release notes

 doc/guides/rel_notes/release_16_11.rst |   9 ++
 examples/ipsec-secgw/esp.c             | 146 +++++++++++++++++++++++----------
 examples/ipsec-secgw/ipsec-secgw.c     |   7 +-
 examples/ipsec-secgw/ipsec.c           |   1 +
 examples/ipsec-secgw/ipsec.h           |  42 +++++++++-
 examples/ipsec-secgw/sa.c              |  54 ++++++++++--
 6 files changed, 205 insertions(+), 54 deletions(-)

-- 
2.5.5

[PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation

[Sergio Gonzalez Monroy]

NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator

This patch implements the first recommended method by using the forward
function to generate the IV.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 99 +++++++++++++++++++++++++-------------------
 examples/ipsec-secgw/ipsec.h | 34 ++++++++++++++-
 2 files changed, 89 insertions(+), 44 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 05caa77..21b2f02 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,21 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-static inline void
-random_iv_u64(uint64_t *buf, uint16_t n)
-{
-	uint32_t left = n & 0x7;
-	uint32_t i;
-
-	RTE_ASSERT((n & 0x3) == 0);
-
-	for (i = 0; i < (n >> 3); i++)
-		buf[i] = rte_rand();
-
-	if (left)
-		*((uint32_t *)&buf[i]) = (uint32_t)lrand48();
-}
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -98,22 +83,32 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		return -EINVAL;
 	}
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
+	sym_cop = get_sym_cop(cop);
 
 	sym_cop->m_src = m;
 	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, void*,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
+	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->cipher.iv.data = iv;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				 ip_hdr_len + sizeof(struct esp_hdr));
+		sym_cop->cipher.iv.length = sa->iv_len;
 
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-		sa->iv_len + payload_len;
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
@@ -282,10 +277,25 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sa->seq++;
 	esp->spi = rte_cpu_to_be_32(sa->spi);
-	esp->seq = rte_cpu_to_be_32(sa->seq);
+	esp->seq = rte_cpu_to_be_32((uint32_t)sa->seq);
 
-	if (sa->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
-		random_iv_u64((uint64_t *)(esp + 1), sa->iv_len);
+	uint64_t *iv = (uint64_t *)(esp + 1);
+
+	sym_cop = get_sym_cop(cop);
+	sym_cop->m_src = m;
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		memset(iv, 0, sa->iv_len);
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr);
+		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	/* Fill pad_len using default sequential scheme */
 	for (i = 0; i < pad_len - 2; i++)
@@ -293,22 +303,27 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
-
-	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
-			sa->iv_len;
-	sym_cop->cipher.data.length = pad_payload_len;
-
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
-			 ip_hdr_len + sizeof(struct esp_hdr));
+	struct cnt_blk *icb = get_cnt_blk(m);
+	icb->salt = sa->salt;
+	icb->iv = sa->seq;
+	icb->cnt = rte_cpu_to_be_32(1);
+	sym_cop->cipher.iv.data = (uint8_t *)icb;
 	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
-
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) + sa->iv_len +
-		pad_payload_len;
+			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+	sym_cop->cipher.iv.length = 16;
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + pad_payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4cc316c..665c2c8 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -95,8 +95,9 @@ struct ip_addr {
 struct ipsec_sa {
 	uint32_t spi;
 	uint32_t cdev_id_qp;
+	uint64_t seq;
+	uint32_t salt;
 	struct rte_cryptodev_sym_session *crypto_session;
-	uint32_t seq;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
 	uint16_t digest_len;
@@ -116,10 +117,11 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
+	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
-};
+} __rte_cache_aligned;
 
 struct cdev_qp {
 	uint16_t id;
@@ -157,6 +159,12 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 };
 
+struct cnt_blk {
+	uint32_t salt;
+	uint64_t iv;
+	uint32_t cnt;
+} __attribute__((packed));
+
 uint16_t
 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 		uint16_t nb_pkts, uint16_t len);
@@ -177,6 +185,28 @@ get_priv(struct rte_mbuf *m)
 	return RTE_PTR_ADD(m, sizeof(struct rte_mbuf));
 }
 
+static inline void *
+get_cnt_blk(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[0];
+}
+
+static inline void *
+get_cop(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->cop;
+}
+
+static inline void *
+get_sym_cop(struct rte_crypto_op *cop)
+{
+	return (cop + 1);
+}
+
 int
 inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
 
-- 
2.5.5

[PATCH v2 2/7] examples/ipsec-secgw: reset crypto operation status

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 1e87d0d..f49143b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,6 +124,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->sa = sa;
 
 		priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
+		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
 		priv->cop.sym = &priv->sym_cop;
-- 
2.5.5

[PATCH v2 3/7] examples/ipsec-secgw: add AES-GCM support

[Sergio Gonzalez Monroy]

Add support for AES-GCM (Galois-Counter Mode).

RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 59 ++++++++++++++++++++++++++++++++++++++------
 examples/ipsec-secgw/ipsec.h |  9 +++++++
 examples/ipsec-secgw/sa.c    | 36 +++++++++++++++++++++------
 3 files changed, 90 insertions(+), 14 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 21b2f02..7ee53da 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -90,6 +90,8 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
+	struct cnt_blk *icb;
+	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
 
 	switch (sa->cipher_algo) {
@@ -99,14 +101,41 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				 ip_hdr_len + sizeof(struct esp_hdr));
 		sym_cop->cipher.iv.length = sa->iv_len;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		memcpy(&icb->iv, iv, 8);
+		icb->cnt = rte_cpu_to_be_32(1);
+		sym_cop->cipher.iv.data = (uint8_t *)icb;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->cipher.iv.length = 16;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
@@ -291,6 +320,12 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sizeof(struct esp_hdr);
 		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		*iv = sa->seq;
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr) + sa->iv_len;
+		sym_cop->cipher.data.length = pad_payload_len;
+		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
 				sa->cipher_algo);
@@ -312,16 +347,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
 	sym_cop->cipher.iv.length = 16;
 
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
+	uint8_t *aad;
+
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + pad_payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, esp, 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 665c2c8..bf72110 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -113,6 +113,7 @@ struct ipsec_sa {
 	uint16_t cipher_key_len;
 	uint8_t auth_key[MAX_KEY_SIZE];
 	uint16_t auth_key_len;
+	uint16_t aad_len;
 	struct rte_crypto_sym_xform *xforms;
 } __rte_cache_aligned;
 
@@ -194,6 +195,14 @@ get_cnt_blk(struct rte_mbuf *m)
 }
 
 static inline void *
+get_aad(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[16];
+}
+
+static inline void *
 get_cop(struct rte_mbuf *m)
 {
 	struct ipsec_mbuf_metadata *priv = get_priv(m);
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index ee88802..d5ad5af 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -63,6 +63,8 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
+	uint8_t aad_len;
+	uint8_t key_not_req;
 };
 
 const struct supported_cipher_algo cipher_algos[] = {
@@ -79,6 +81,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 16,
 		.block_size = 16,
 		.key_len = 16
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 16
 	}
 };
 
@@ -87,13 +96,22 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "null",
 		.algo = RTE_CRYPTO_AUTH_NULL,
 		.digest_len = 0,
-		.key_len = 0
+		.key_len = 0,
+		.key_not_req = 1
 	},
 	{
 		.keyword = "sha1-hmac",
 		.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 		.digest_len = 12,
 		.key_len = 20
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.digest_len = 16,
+		.key_len = 16,
+		.aad_len = 8,
+		.key_not_req = 1
 	}
 };
 
@@ -255,8 +273,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->iv_len = algo->iv_len;
 			rule->cipher_key_len = algo->key_len;
 
-			/* for NULL algorithm, no cipher key should
-			 * exist */
+			/* for NULL algorithm, no cipher key required */
 			if (rule->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 				cipher_algo_p = 1;
 				continue;
@@ -307,9 +324,12 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->auth_algo = algo->algo;
 			rule->auth_key_len = algo->key_len;
 			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
 
-			/* for NULL algorithm, no auth key should exist */
-			if (rule->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			/* NULL algorithm and combined algos do not
+			 * require auth key
+			 */
+			if (algo->key_not_req) {
 				auth_algo_p = 1;
 				continue;
 			}
@@ -572,7 +592,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].a.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].a.auth.key.length =
 				sa->auth_key_len;
@@ -593,7 +614,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].b.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].b.auth.key.length =
 				sa->auth_key_len;
-- 
2.5.5

[PATCH v2 4/7] examples/ipsec-secgw: enable AES-CTR mode

[Sergio Gonzalez Monroy]

RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.`

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c | 2 ++
 examples/ipsec-secgw/sa.c  | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 7ee53da..ec5a2e6 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -102,6 +102,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 				 ip_hdr_len + sizeof(struct esp_hdr));
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
@@ -320,6 +321,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sizeof(struct esp_hdr);
 		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		*iv = sa->seq;
 		sym_cop->cipher.data.offset = ip_hdr_len +
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index d5ad5af..00c8cce 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -88,6 +88,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 8,
 		.block_size = 4,
 		.key_len = 16
+	},
+	{
+		.keyword = "aes-128-ctr",
+		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
+		.iv_len = 8,
+		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
+		.key_len = 16
 	}
 };
 
-- 
2.5.5

[PATCH v2 5/7] examples/ipsec-secgw: check sp only when setup

[Sergio Gonzalez Monroy]

Application will segfault if there is IPv4 or IPv6 and no SP/ACL rules
for IPv4 or IPv6 respectively.

Avoid checking the ACL/SP in such cases.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8b55534..9eee96f 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -388,7 +388,7 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
 	struct rte_mbuf *m;
 	uint32_t i, j, res, sa_idx;
 
-	if (ip->num == 0)
+	if (ip->num == 0 || sp == NULL)
 		return;
 
 	rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
@@ -463,7 +463,7 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
 	struct rte_mbuf *m;
 	uint32_t i, j, sa_idx;
 
-	if (ip->num == 0)
+	if (ip->num == 0 || sp == NULL)
 		return;
 
 	rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
-- 
2.5.5

[PATCH v2 6/7] examples/ipsec-secgw: cryptodev queue size macro

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 9eee96f..5a4c9b7 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -82,6 +82,7 @@
 
 #define NB_MBUF	(32000)
 
+#define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 1024
 #define CDEV_MP_NB_OBJS 2048
 #define CDEV_MP_CACHE_SZ 64
@@ -1272,7 +1273,7 @@ cryptodevs_init(void)
 			rte_panic("Failed to initialize crypodev %u\n",
 					cdev_id);
 
-		qp_conf.nb_descriptors = CDEV_MP_NB_OBJS;
+		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 						&qp_conf, dev_conf.socket_id))
-- 
2.5.5

[PATCH v2 7/7] examples/ipsec-secgw: initialize sa salt

[Sergio Gonzalez Monroy]

This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/sa.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 00c8cce..9e2c8a9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -45,6 +45,7 @@
 #include <rte_byteorder.h>
 #include <rte_errno.h>
 #include <rte_ip.h>
+#include <rte_random.h>
 
 #include "ipsec.h"
 #include "esp.h"
@@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 		.iv_len = 8,
 		.block_size = 4,
-		.key_len = 16
+		.key_len = 20
 	},
 	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
 		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
-		.key_len = 16
+		.key_len = 20
 	}
 };
 
@@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "aes-128-gcm",
 		.algo = RTE_CRYPTO_AUTH_AES_GCM,
 		.digest_len = 16,
-		.key_len = 16,
 		.aad_len = 8,
 		.key_not_req = 1
 	}
@@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (status->status < 0)
 				return;
 
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+				rule->salt = (uint32_t)rte_rand();
+
+			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+				key_len -= 4;
+				rule->cipher_key_len = key_len;
+				memcpy(&rule->salt,
+					&rule->cipher_key[key_len], 4);
+			}
+
 			cipher_algo_p = 1;
 			continue;
 		}
-- 
2.5.5

[PATCH v2 8/8] examples/ipsec-secgw: update release notes

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 doc/guides/rel_notes/release_16_11.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/guides/rel_notes/release_16_11.rst b/doc/guides/rel_notes/release_16_11.rst
index 373053a..12f507b 100644
--- a/doc/guides/rel_notes/release_16_11.rst
+++ b/doc/guides/rel_notes/release_16_11.rst
@@ -89,6 +89,15 @@ Examples
   ipsec-secgw sample application now supports configuration file to specify
   SP, SA, and routing rules.
 
+* **ipsec-secgw: AES GCM/CTR mode support**
+
+  Support AES Counter (CTR) and Galois-Counter Mode (GCM) in IPSec ESP.
+
+* **ipsec-secgw: AES CBC IV generation**
+
+  Use cipher forward function on unique counter blocks (same approach as
+  CTR/GCM) to generate the IV instead of a random value.
+
 Other
 ~~~~~
 
-- 
2.5.5

Re: [PATCH v2 6/7] examples/ipsec-secgw: cryptodev queue size macro

[De Lara Guarch, Pablo]

Hi Sergio,

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, September 23, 2016 12:46 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v2 6/7] examples/ipsec-secgw: cryptodev queue size macro

Could you add a bit more information about this patch? I know it is simple,
but it is not clear from the title, probably because it is missing a verb.

> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
Thanks,
Pablo

Re: [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation

[De Lara Guarch, Pablo]

Hi Sergio,

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, September 23, 2016 12:45 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
> 
> NIST SP800-38A recommends two methods to generate unpredictable IVs
> (Initilisation Vector) for CBC mode:
> 1) Apply the forward function to a nonce (ie. counter)
> 2) Use a FIPS-approved random number generator
> 
> This patch implements the first recommended method by using the forward
> function to generate the IV.
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

[...]

> +static inline void *
> +get_cop(struct rte_mbuf *m)
> +{
> +	struct ipsec_mbuf_metadata *priv = get_priv(m);
> +
> +	return &priv->cop;
> +}

This function is not used in anywhere. Should it be called somewhere to get the crypto op?

> +
> +static inline void *
> +get_sym_cop(struct rte_crypto_op *cop)
> +{
> +	return (cop + 1);

Why is this cop + 1? Am I missing something obvious?
Maybe it is worth a comment here (I noticed this was already in the previous code, but I don't understand it :))
> +}
> +
>  int
>  inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t
> sa_idx);
> 
> --
> 2.5.5

Thanks,
Pablo

Re: [PATCH v2 8/8] examples/ipsec-secgw: update release notes

[De Lara Guarch, Pablo]

Hi Sergio,

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, September 23, 2016 12:46 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v2 8/8] examples/ipsec-secgw: update release notes
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> ---
>  doc/guides/rel_notes/release_16_11.rst | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_16_11.rst
> b/doc/guides/rel_notes/release_16_11.rst
> index 373053a..12f507b 100644
> --- a/doc/guides/rel_notes/release_16_11.rst
> +++ b/doc/guides/rel_notes/release_16_11.rst
> @@ -89,6 +89,15 @@ Examples
>    ipsec-secgw sample application now supports configuration file to specify
>    SP, SA, and routing rules.
> 
> +* **ipsec-secgw: AES GCM/CTR mode support**
> +
> +  Support AES Counter (CTR) and Galois-Counter Mode (GCM) in IPSec ESP.
> +
> +* **ipsec-secgw: AES CBC IV generation**
> +
> +  Use cipher forward function on unique counter blocks (same approach as
> +  CTR/GCM) to generate the IV instead of a random value.
> +
>  Other
>  ~~~~~
> 
> --
> 2.5.5

This should go under "New features" section, not under "Resolved issues".
I have seen that other people have made the same mistake,
which tells me that we might need to change this
(there are different subsections only under Resolved Issues).

Thanks,
Pablo

Re: [PATCH v2 0/8] IPsec Enhancements

[Chen, Zhaoyan]

Tested-by: Zhaoyan Chen <zhaoyan.chen@intel.com>
- Apply patch: Pass
- Compile: Pass
- OS: 3.17.4-301.fc21.x86_64
- GCC: 4.9.2

Test Case - Pass
- Test aes-cbc/ctr/gcm-sha1-hmac in ipv4 tunnel
- Test aes-cbc/ctr/gcm-sha1-hmac in ipv4 transport 
- Test aes-cbc/ctr/gcm-sha1-hmac in ipv6

But for user guide doc, it needs to be updated for new algorithm support.




> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Friday, September 23, 2016 3:45 PM
> To: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v2 0/8] IPsec Enhancements
> 
> This patch set mainly adds support for AES-GCM and AES-CTR.
> 
> It also updates the IV generation method for AES-CBC mode using the
> forward function instead of randomly generating the IV.
> 
> v2:
>  - Update releas notes.
>  - Initialize salt values, GCM/CTR key length now is 20B,
>    16B key and 4 LSB salt.
>  - Do not check SP/ACL if we have no rules.
>  - Add macro for cryptodev queue size
> 
> Dependencies:
> examples/ipsec-secgw: add configuration file support
> http://dpdk.org/dev/patchwork/patch/16004/
> 
> examples/ipsec-secgw: add sample configuration files
> http://dpdk.org/dev/patchwork/patch/16003/
> 
> Sergio Gonzalez Monroy (8):
>   examples/ipsec-secgw: change CBC IV generation
>   examples/ipsec-secgw: reset crypto operation status
>   examples/ipsec-secgw: add AES-GCM support
>   examples/ipsec-secgw: enable AES-CTR mode
>   examples/ipsec-secgw: check sp only when setup
>   examples/ipsec-secgw: cryptodev queue size macro
>   examples/ipsec-secgw: initialize sa salt
>   examples/ipsec-secgw: update release notes
> 
>  doc/guides/rel_notes/release_16_11.rst |   9 ++
>  examples/ipsec-secgw/esp.c             | 146 +++++++++++++++++++++++------
> ----
>  examples/ipsec-secgw/ipsec-secgw.c     |   7 +-
>  examples/ipsec-secgw/ipsec.c           |   1 +
>  examples/ipsec-secgw/ipsec.h           |  42 +++++++++-
>  examples/ipsec-secgw/sa.c              |  54 ++++++++++--
>  6 files changed, 205 insertions(+), 54 deletions(-)
> 
> --
> 2.5.5

Re: [PATCH v2 8/8] examples/ipsec-secgw: update release notes

[Sergio Gonzalez Monroy]

On 28/09/2016 05:05, De Lara Guarch, Pablo wrote:
> Hi Sergio,
>
>> -----Original Message-----
>> From: Gonzalez Monroy, Sergio
>> Sent: Friday, September 23, 2016 12:46 AM
>> To: dev@dpdk.org; De Lara Guarch, Pablo
>> Subject: [PATCH v2 8/8] examples/ipsec-secgw: update release notes
>>
>> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
>> ---
>>   doc/guides/rel_notes/release_16_11.rst | 9 +++++++++
>>   1 file changed, 9 insertions(+)
>>
>> diff --git a/doc/guides/rel_notes/release_16_11.rst
>> b/doc/guides/rel_notes/release_16_11.rst
>> index 373053a..12f507b 100644
>> --- a/doc/guides/rel_notes/release_16_11.rst
>> +++ b/doc/guides/rel_notes/release_16_11.rst
>> @@ -89,6 +89,15 @@ Examples
>>     ipsec-secgw sample application now supports configuration file to specify
>>     SP, SA, and routing rules.
>>
>> +* **ipsec-secgw: AES GCM/CTR mode support**
>> +
>> +  Support AES Counter (CTR) and Galois-Counter Mode (GCM) in IPSec ESP.
>> +
>> +* **ipsec-secgw: AES CBC IV generation**
>> +
>> +  Use cipher forward function on unique counter blocks (same approach as
>> +  CTR/GCM) to generate the IV instead of a random value.
>> +
>>   Other
>>   ~~~~~
>>
>> --
>> 2.5.5
> This should go under "New features" section, not under "Resolved issues".
> I have seen that other people have made the same mistake,
> which tells me that we might need to change this
> (there are different subsections only under Resolved Issues).

Will fix on v3.

Sergio

> Thanks,
> Pablo

Re: [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation

[Sergio Gonzalez Monroy]

On 28/09/2016 04:51, De Lara Guarch, Pablo wrote:
> Hi Sergio,
>
>> -----Original Message-----
>> From: Gonzalez Monroy, Sergio
>> Sent: Friday, September 23, 2016 12:45 AM
>> To: dev@dpdk.org; De Lara Guarch, Pablo
>> Subject: [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
>>
>> NIST SP800-38A recommends two methods to generate unpredictable IVs
>> (Initilisation Vector) for CBC mode:
>> 1) Apply the forward function to a nonce (ie. counter)
>> 2) Use a FIPS-approved random number generator
>>
>> This patch implements the first recommended method by using the forward
>> function to generate the IV.
>>
>> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> [...]
>
>> +static inline void *
>> +get_cop(struct rte_mbuf *m)
>> +{
>> +	struct ipsec_mbuf_metadata *priv = get_priv(m);
>> +
>> +	return &priv->cop;
>> +}
> This function is not used in anywhere. Should it be called somewhere to get the crypto op?

Indeed!
Will be removed in v3.

>> +
>> +static inline void *
>> +get_sym_cop(struct rte_crypto_op *cop)
>> +{
>> +	return (cop + 1);
> Why is this cop + 1? Am I missing something obvious?
> Maybe it is worth a comment here (I noticed this was already in the previous code, but I don't understand it :))

It is just the way the app stores the metadata.
If you look at 'struct ipsec_mbuf_metadata' you can see that sym_cop is 
just after cop.

Sergio

>> +}
>> +
>>   int
>>   inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t
>> sa_idx);
>>
>> --
>> 2.5.5
> Thanks,
> Pablo

[PATCH v3 0/9] IPsec Enhancements

[Sergio Gonzalez Monroy]

This patch set mainly adds support for AES-GCM and AES-CTR.

It also updates the IV generation method for AES-CBC mode using
the forward function instead of randomly generating the IV.

v3:
 - update sample app guide
 - remove unused function
 - improve commit messages

v2:
 - Update releas notes.
 - Initialize salt values, GCM/CTR key length now is 20B,
   16B key and 4 LSB salt.
 - Do not check SP/ACL if we have no rules.
 - Add macro for cryptodev queue size

Dependencies:
examples/ipsec-secgw: add configuration file support
http://dpdk.org/dev/patchwork/patch/16004/

examples/ipsec-secgw: add sample configuration files
http://dpdk.org/dev/patchwork/patch/16003/

Sergio Gonzalez Monroy (9):
  examples/ipsec-secgw: change CBC IV generation
  examples/ipsec-secgw: reset crypto operation status
  examples/ipsec-secgw: add AES-GCM support
  examples/ipsec-secgw: enable AES-CTR mode
  examples/ipsec-secgw: check sp only when setup
  examples/ipsec-secgw: add cryptodev queue size macro
  examples/ipsec-secgw: initialize sa salt
  examples/ipsec-secgw: update release notes
  examples/ipsec-secgw: update ipsec-secgw guide

 doc/guides/rel_notes/release_16_11.rst   |   9 ++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  15 ++--
 examples/ipsec-secgw/esp.c               | 144 ++++++++++++++++++++++---------
 examples/ipsec-secgw/ipsec-secgw.c       |   7 +-
 examples/ipsec-secgw/ipsec.c             |   1 +
 examples/ipsec-secgw/ipsec.h             |  35 +++++++-
 examples/ipsec-secgw/sa.c                |  54 ++++++++++--
 7 files changed, 207 insertions(+), 58 deletions(-)

-- 
2.5.5

[PATCH v3 1/9] examples/ipsec-secgw: change CBC IV generation

[Sergio Gonzalez Monroy]

NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator

This patch implements the first recommended method by using the forward
function to generate the IV.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 99 +++++++++++++++++++++++++-------------------
 examples/ipsec-secgw/ipsec.h | 26 +++++++++++-
 2 files changed, 81 insertions(+), 44 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 05caa77..21b2f02 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,21 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-static inline void
-random_iv_u64(uint64_t *buf, uint16_t n)
-{
-	uint32_t left = n & 0x7;
-	uint32_t i;
-
-	RTE_ASSERT((n & 0x3) == 0);
-
-	for (i = 0; i < (n >> 3); i++)
-		buf[i] = rte_rand();
-
-	if (left)
-		*((uint32_t *)&buf[i]) = (uint32_t)lrand48();
-}
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -98,22 +83,32 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		return -EINVAL;
 	}
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
+	sym_cop = get_sym_cop(cop);
 
 	sym_cop->m_src = m;
 	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, void*,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
+	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->cipher.iv.data = iv;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				 ip_hdr_len + sizeof(struct esp_hdr));
+		sym_cop->cipher.iv.length = sa->iv_len;
 
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-		sa->iv_len + payload_len;
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
@@ -282,10 +277,25 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sa->seq++;
 	esp->spi = rte_cpu_to_be_32(sa->spi);
-	esp->seq = rte_cpu_to_be_32(sa->seq);
+	esp->seq = rte_cpu_to_be_32((uint32_t)sa->seq);
 
-	if (sa->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
-		random_iv_u64((uint64_t *)(esp + 1), sa->iv_len);
+	uint64_t *iv = (uint64_t *)(esp + 1);
+
+	sym_cop = get_sym_cop(cop);
+	sym_cop->m_src = m;
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		memset(iv, 0, sa->iv_len);
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr);
+		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	/* Fill pad_len using default sequential scheme */
 	for (i = 0; i < pad_len - 2; i++)
@@ -293,22 +303,27 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	sym_cop = (struct rte_crypto_sym_op *)(cop + 1);
-
-	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
-			sa->iv_len;
-	sym_cop->cipher.data.length = pad_payload_len;
-
-	sym_cop->cipher.iv.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
-			 ip_hdr_len + sizeof(struct esp_hdr));
+	struct cnt_blk *icb = get_cnt_blk(m);
+	icb->salt = sa->salt;
+	icb->iv = sa->seq;
+	icb->cnt = rte_cpu_to_be_32(1);
+	sym_cop->cipher.iv.data = (uint8_t *)icb;
 	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 ip_hdr_len + sizeof(struct esp_hdr));
-	sym_cop->cipher.iv.length = sa->iv_len;
-
-	sym_cop->auth.data.offset = ip_hdr_len;
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) + sa->iv_len +
-		pad_payload_len;
+			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+	sym_cop->cipher.iv.length = 16;
+
+	switch (sa->cipher_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		sym_cop->auth.data.offset = ip_hdr_len;
+		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+			sa->iv_len + pad_payload_len;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
 	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4cc316c..ad96782 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -95,8 +95,9 @@ struct ip_addr {
 struct ipsec_sa {
 	uint32_t spi;
 	uint32_t cdev_id_qp;
+	uint64_t seq;
+	uint32_t salt;
 	struct rte_cryptodev_sym_session *crypto_session;
-	uint32_t seq;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
 	uint16_t digest_len;
@@ -116,10 +117,11 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
+	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
-};
+} __rte_cache_aligned;
 
 struct cdev_qp {
 	uint16_t id;
@@ -157,6 +159,12 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 };
 
+struct cnt_blk {
+	uint32_t salt;
+	uint64_t iv;
+	uint32_t cnt;
+} __attribute__((packed));
+
 uint16_t
 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 		uint16_t nb_pkts, uint16_t len);
@@ -177,6 +185,20 @@ get_priv(struct rte_mbuf *m)
 	return RTE_PTR_ADD(m, sizeof(struct rte_mbuf));
 }
 
+static inline void *
+get_cnt_blk(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[0];
+}
+
+static inline void *
+get_sym_cop(struct rte_crypto_op *cop)
+{
+	return (cop + 1);
+}
+
 int
 inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
 
-- 
2.5.5

[PATCH v3 2/9] examples/ipsec-secgw: reset crypto operation status

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 1e87d0d..f49143b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,6 +124,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->sa = sa;
 
 		priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
+		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
 		priv->cop.sym = &priv->sym_cop;
-- 
2.5.5

[PATCH v3 3/9] examples/ipsec-secgw: add AES-GCM support

[Sergio Gonzalez Monroy]

Add support for AES-GCM (Galois-Counter Mode).

RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c   | 59 ++++++++++++++++++++++++++++++++++++++------
 examples/ipsec-secgw/ipsec.h |  9 +++++++
 examples/ipsec-secgw/sa.c    | 36 +++++++++++++++++++++------
 3 files changed, 90 insertions(+), 14 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 21b2f02..7ee53da 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -90,6 +90,8 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sa->iv_len;
 	sym_cop->cipher.data.length = payload_len;
 
+	struct cnt_blk *icb;
+	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
 
 	switch (sa->cipher_algo) {
@@ -99,14 +101,41 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				 ip_hdr_len + sizeof(struct esp_hdr));
 		sym_cop->cipher.iv.length = sa->iv_len;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		memcpy(&icb->iv, iv, 8);
+		icb->cnt = rte_cpu_to_be_32(1);
+		sym_cop->cipher.iv.data = (uint8_t *)icb;
+		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
+			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->cipher.iv.length = 16;
+		break;
+	default:
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+				sa->cipher_algo);
+		return -EINVAL;
+	}
 
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
@@ -291,6 +320,12 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sizeof(struct esp_hdr);
 		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_GCM:
+		*iv = sa->seq;
+		sym_cop->cipher.data.offset = ip_hdr_len +
+			sizeof(struct esp_hdr) + sa->iv_len;
+		sym_cop->cipher.data.length = pad_payload_len;
+		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
 				sa->cipher_algo);
@@ -312,16 +347,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
 	sym_cop->cipher.iv.length = 16;
 
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
+	uint8_t *aad;
+
+	switch (sa->auth_algo) {
+	case RTE_CRYPTO_AUTH_NULL:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sym_cop->auth.data.offset = ip_hdr_len;
 		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
 			sa->iv_len + pad_payload_len;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GCM:
+		aad = get_aad(m);
+		memcpy(aad, esp, 8);
+		sym_cop->auth.aad.data = aad;
+		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				aad - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->auth.aad.length = 8;
+		break;
 	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
+		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+				sa->auth_algo);
 		return -EINVAL;
 	}
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index ad96782..dbc8c2c 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -113,6 +113,7 @@ struct ipsec_sa {
 	uint16_t cipher_key_len;
 	uint8_t auth_key[MAX_KEY_SIZE];
 	uint16_t auth_key_len;
+	uint16_t aad_len;
 	struct rte_crypto_sym_xform *xforms;
 } __rte_cache_aligned;
 
@@ -194,6 +195,14 @@ get_cnt_blk(struct rte_mbuf *m)
 }
 
 static inline void *
+get_aad(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[16];
+}
+
+static inline void *
 get_sym_cop(struct rte_crypto_op *cop)
 {
 	return (cop + 1);
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index ee88802..d5ad5af 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -63,6 +63,8 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
+	uint8_t aad_len;
+	uint8_t key_not_req;
 };
 
 const struct supported_cipher_algo cipher_algos[] = {
@@ -79,6 +81,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 16,
 		.block_size = 16,
 		.key_len = 16
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 16
 	}
 };
 
@@ -87,13 +96,22 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "null",
 		.algo = RTE_CRYPTO_AUTH_NULL,
 		.digest_len = 0,
-		.key_len = 0
+		.key_len = 0,
+		.key_not_req = 1
 	},
 	{
 		.keyword = "sha1-hmac",
 		.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 		.digest_len = 12,
 		.key_len = 20
+	},
+	{
+		.keyword = "aes-128-gcm",
+		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.digest_len = 16,
+		.key_len = 16,
+		.aad_len = 8,
+		.key_not_req = 1
 	}
 };
 
@@ -255,8 +273,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->iv_len = algo->iv_len;
 			rule->cipher_key_len = algo->key_len;
 
-			/* for NULL algorithm, no cipher key should
-			 * exist */
+			/* for NULL algorithm, no cipher key required */
 			if (rule->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 				cipher_algo_p = 1;
 				continue;
@@ -307,9 +324,12 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			rule->auth_algo = algo->algo;
 			rule->auth_key_len = algo->key_len;
 			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
 
-			/* for NULL algorithm, no auth key should exist */
-			if (rule->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			/* NULL algorithm and combined algos do not
+			 * require auth key
+			 */
+			if (algo->key_not_req) {
 				auth_algo_p = 1;
 				continue;
 			}
@@ -572,7 +592,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].a.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].a.auth.key.length =
 				sa->auth_key_len;
@@ -593,7 +614,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length = 0;
+			sa_ctx->xf[idx].b.auth.add_auth_data_length =
+				sa->aad_len;
 			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
 			sa_ctx->xf[idx].b.auth.key.length =
 				sa->auth_key_len;
-- 
2.5.5

[PATCH v3 4/9] examples/ipsec-secgw: enable AES-CTR mode

[Sergio Gonzalez Monroy]

RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.`

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/esp.c | 2 ++
 examples/ipsec-secgw/sa.c  | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 7ee53da..ec5a2e6 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -102,6 +102,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 				 ip_hdr_len + sizeof(struct esp_hdr));
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
@@ -320,6 +321,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sizeof(struct esp_hdr);
 		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		*iv = sa->seq;
 		sym_cop->cipher.data.offset = ip_hdr_len +
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index d5ad5af..00c8cce 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -88,6 +88,13 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.iv_len = 8,
 		.block_size = 4,
 		.key_len = 16
+	},
+	{
+		.keyword = "aes-128-ctr",
+		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
+		.iv_len = 8,
+		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
+		.key_len = 16
 	}
 };
 
-- 
2.5.5

[PATCH v3 5/9] examples/ipsec-secgw: check sp only when setup

[Sergio Gonzalez Monroy]

Application will segfault if there is IPv4 or IPv6 and no SP/ACL rules
for IPv4 or IPv6 respectively.

Avoid checking the ACL/SP in such cases.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8b55534..9eee96f 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -388,7 +388,7 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
 	struct rte_mbuf *m;
 	uint32_t i, j, res, sa_idx;
 
-	if (ip->num == 0)
+	if (ip->num == 0 || sp == NULL)
 		return;
 
 	rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
@@ -463,7 +463,7 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
 	struct rte_mbuf *m;
 	uint32_t i, j, sa_idx;
 
-	if (ip->num == 0)
+	if (ip->num == 0 || sp == NULL)
 		return;
 
 	rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
-- 
2.5.5

[PATCH v3 6/9] examples/ipsec-secgw: add cryptodev queue size macro

[Sergio Gonzalez Monroy]

Introduce a specific cryptodev queue size macro.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 9eee96f..5a4c9b7 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -82,6 +82,7 @@
 
 #define NB_MBUF	(32000)
 
+#define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 1024
 #define CDEV_MP_NB_OBJS 2048
 #define CDEV_MP_CACHE_SZ 64
@@ -1272,7 +1273,7 @@ cryptodevs_init(void)
 			rte_panic("Failed to initialize crypodev %u\n",
 					cdev_id);
 
-		qp_conf.nb_descriptors = CDEV_MP_NB_OBJS;
+		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 						&qp_conf, dev_conf.socket_id))
-- 
2.5.5

[PATCH v3 7/9] examples/ipsec-secgw: initialize sa salt

[Sergio Gonzalez Monroy]

This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 examples/ipsec-secgw/sa.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 00c8cce..9e2c8a9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -45,6 +45,7 @@
 #include <rte_byteorder.h>
 #include <rte_errno.h>
 #include <rte_ip.h>
+#include <rte_random.h>
 
 #include "ipsec.h"
 #include "esp.h"
@@ -87,14 +88,14 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 		.iv_len = 8,
 		.block_size = 4,
-		.key_len = 16
+		.key_len = 20
 	},
 	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
 		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
-		.key_len = 16
+		.key_len = 20
 	}
 };
 
@@ -116,7 +117,6 @@ const struct supported_auth_algo auth_algos[] = {
 		.keyword = "aes-128-gcm",
 		.algo = RTE_CRYPTO_AUTH_AES_GCM,
 		.digest_len = 16,
-		.key_len = 16,
 		.aad_len = 8,
 		.key_not_req = 1
 	}
@@ -307,6 +307,17 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (status->status < 0)
 				return;
 
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
+				rule->salt = (uint32_t)rte_rand();
+
+			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
+				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+				key_len -= 4;
+				rule->cipher_key_len = key_len;
+				memcpy(&rule->salt,
+					&rule->cipher_key[key_len], 4);
+			}
+
 			cipher_algo_p = 1;
 			continue;
 		}
-- 
2.5.5

[PATCH v3 8/9] doc: ipsec-secgw release notes

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 doc/guides/rel_notes/release_16_11.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/guides/rel_notes/release_16_11.rst b/doc/guides/rel_notes/release_16_11.rst
index cc507a9..168d589 100644
--- a/doc/guides/rel_notes/release_16_11.rst
+++ b/doc/guides/rel_notes/release_16_11.rst
@@ -59,6 +59,15 @@ New Features
   ipsec-secgw sample application now supports configuration file to specify
   SP, SA, and routing rules.
 
+* **ipsec-secgw: AES GCM/CTR mode support**
+
+  Support AES Counter (CTR) and Galois-Counter Mode (GCM) in IPSec ESP.
+
+* **ipsec-secgw: AES CBC IV generation**
+
+  Use cipher forward function on unique counter blocks (same approach as
+  CTR/GCM) to generate the IV instead of a random value.
+
 Resolved Issues
 ---------------
 
-- 
2.5.5

[PATCH v3 8/9] examples/ipsec-secgw: update release notes

[Sergio Gonzalez Monroy]

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 doc/guides/rel_notes/release_16_11.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/guides/rel_notes/release_16_11.rst b/doc/guides/rel_notes/release_16_11.rst
index cc507a9..168d589 100644
--- a/doc/guides/rel_notes/release_16_11.rst
+++ b/doc/guides/rel_notes/release_16_11.rst
@@ -59,6 +59,15 @@ New Features
   ipsec-secgw sample application now supports configuration file to specify
   SP, SA, and routing rules.
 
+* **ipsec-secgw: AES GCM/CTR mode support**
+
+  Support AES Counter (CTR) and Galois-Counter Mode (GCM) in IPSec ESP.
+
+* **ipsec-secgw: AES CBC IV generation**
+
+  Use cipher forward function on unique counter blocks (same approach as
+  CTR/GCM) to generate the IV instead of a random value.
+
 Resolved Issues
 ---------------
 
-- 
2.5.5

[PATCH v3 9/9] doc: update ipsec-secgw sample app guide

[Sergio Gonzalez Monroy]

Update sample guide to reflect support for new algorithms.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cce2fe..4f7bd7d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -79,7 +79,7 @@ Constraints
 
 *  No IPv6 options headers.
 *  No AH mode.
-*  Currently only EAS-CBC, HMAC-SHA1 and NULL.
+*  Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
 *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
 *  No chained mbufs.
 
@@ -380,9 +380,6 @@ SA rule syntax
 
 The successfully parsed SA rules will be stored in an array table.
 
-All SAs configured with AES-CBC and HMAC-SHA1 share the same values for
-cipher block size and key, and authentication digest size and key.
-
 The SA rule syntax is shown as follows:
 
 .. code-block:: console
@@ -421,6 +418,8 @@ where each options means:
 
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
+   * *aes-128-ctr*: AES-CTR 128-bit algorithm
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,10 +446,12 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
+    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
- * Authentication key, NOT available when 'null' algorithm is used
+ * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
+   is used.
 
  * Optional: No, must followed by <auth_algo> option
 
@@ -514,6 +515,10 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
+    sa in 105 cipher_algo aes-128-gcm \
+    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+    auth_algo aes-128-gcm \
+    mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
 ^^^^^^^^^^^^^^^^^^^
-- 
2.5.5

[PATCH v3 9/9] examples/ipsec-secgw: update ipsec-secgw guide

[Sergio Gonzalez Monroy]

Update sample guide to reflect support for new algorithms.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cce2fe..4f7bd7d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -79,7 +79,7 @@ Constraints
 
 *  No IPv6 options headers.
 *  No AH mode.
-*  Currently only EAS-CBC, HMAC-SHA1 and NULL.
+*  Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
 *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
 *  No chained mbufs.
 
@@ -380,9 +380,6 @@ SA rule syntax
 
 The successfully parsed SA rules will be stored in an array table.
 
-All SAs configured with AES-CBC and HMAC-SHA1 share the same values for
-cipher block size and key, and authentication digest size and key.
-
 The SA rule syntax is shown as follows:
 
 .. code-block:: console
@@ -421,6 +418,8 @@ where each options means:
 
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
+   * *aes-128-ctr*: AES-CTR 128-bit algorithm
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,10 +446,12 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
+    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
- * Authentication key, NOT available when 'null' algorithm is used
+ * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
+   is used.
 
  * Optional: No, must followed by <auth_algo> option
 
@@ -514,6 +515,10 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
+    sa in 105 cipher_algo aes-128-gcm \
+    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+    auth_algo aes-128-gcm \
+    mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
 ^^^^^^^^^^^^^^^^^^^
-- 
2.5.5

Re: [PATCH v3 0/9] IPsec Enhancements

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Thursday, September 29, 2016 8:44 AM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo
> Subject: [PATCH v3 0/9] IPsec Enhancements
> 
> This patch set mainly adds support for AES-GCM and AES-CTR.
> 
> It also updates the IV generation method for AES-CBC mode using
> the forward function instead of randomly generating the IV.
> 
> v3:
>  - update sample app guide
>  - remove unused function
>  - improve commit messages
> 
> v2:
>  - Update releas notes.
>  - Initialize salt values, GCM/CTR key length now is 20B,
>    16B key and 4 LSB salt.
>  - Do not check SP/ACL if we have no rules.
>  - Add macro for cryptodev queue size
> 
> Dependencies:
> examples/ipsec-secgw: add configuration file support
> http://dpdk.org/dev/patchwork/patch/16004/
> 
> examples/ipsec-secgw: add sample configuration files
> http://dpdk.org/dev/patchwork/patch/16003/
> 
> Sergio Gonzalez Monroy (9):
>   examples/ipsec-secgw: change CBC IV generation
>   examples/ipsec-secgw: reset crypto operation status
>   examples/ipsec-secgw: add AES-GCM support
>   examples/ipsec-secgw: enable AES-CTR mode
>   examples/ipsec-secgw: check sp only when setup
>   examples/ipsec-secgw: add cryptodev queue size macro
>   examples/ipsec-secgw: initialize sa salt
>   examples/ipsec-secgw: update release notes
>   examples/ipsec-secgw: update ipsec-secgw guide
> 
>  doc/guides/rel_notes/release_16_11.rst   |   9 ++
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  15 ++--
>  examples/ipsec-secgw/esp.c               | 144 ++++++++++++++++++++++---------
>  examples/ipsec-secgw/ipsec-secgw.c       |   7 +-
>  examples/ipsec-secgw/ipsec.c             |   1 +
>  examples/ipsec-secgw/ipsec.h             |  35 +++++++-
>  examples/ipsec-secgw/sa.c                |  54 ++++++++++--
>  7 files changed, 207 insertions(+), 58 deletions(-)
> 
> --
> 2.5.5

Series-acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Re: [PATCH v3 8/9] doc: ipsec-secgw release notes

[Mcnamara, John]

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Thursday, September 29, 2016 4:44 PM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v3 8/9] doc: ipsec-secgw release notes
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>


Acked-by: John McNamara <john.mcnamara@intel.com>

Re: [PATCH v3 9/9] doc: update ipsec-secgw sample app guide

[Mcnamara, John]

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Thursday, September 29, 2016 4:44 PM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v3 9/9] doc: update ipsec-secgw sample app
> guide
> 
> Update sample guide to reflect support for new algorithms.
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

Acked-by: John McNamara <john.mcnamara@intel.com>

Re: [PATCH v3 0/9] IPsec Enhancements

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of De Lara Guarch,
> Pablo
> Sent: Thursday, September 29, 2016 5:28 PM
> To: Gonzalez Monroy, Sergio; dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v3 0/9] IPsec Enhancements
> 
> 
> 
> > -----Original Message-----
> > From: Gonzalez Monroy, Sergio
> > Sent: Thursday, September 29, 2016 8:44 AM
> > To: dev@dpdk.org
> > Cc: De Lara Guarch, Pablo
> > Subject: [PATCH v3 0/9] IPsec Enhancements
> >
> > This patch set mainly adds support for AES-GCM and AES-CTR.
> >
> > It also updates the IV generation method for AES-CBC mode using
> > the forward function instead of randomly generating the IV.
> >
> > v3:
> >  - update sample app guide
> >  - remove unused function
> >  - improve commit messages
> >
> > v2:
> >  - Update releas notes.
> >  - Initialize salt values, GCM/CTR key length now is 20B,
> >    16B key and 4 LSB salt.
> >  - Do not check SP/ACL if we have no rules.
> >  - Add macro for cryptodev queue size
> >
> > Dependencies:
> > examples/ipsec-secgw: add configuration file support
> > http://dpdk.org/dev/patchwork/patch/16004/
> >
> > examples/ipsec-secgw: add sample configuration files
> > http://dpdk.org/dev/patchwork/patch/16003/
> >
> > Sergio Gonzalez Monroy (9):
> >   examples/ipsec-secgw: change CBC IV generation
> >   examples/ipsec-secgw: reset crypto operation status
> >   examples/ipsec-secgw: add AES-GCM support
> >   examples/ipsec-secgw: enable AES-CTR mode
> >   examples/ipsec-secgw: check sp only when setup
> >   examples/ipsec-secgw: add cryptodev queue size macro
> >   examples/ipsec-secgw: initialize sa salt
> >   examples/ipsec-secgw: update release notes
> >   examples/ipsec-secgw: update ipsec-secgw guide
> >
> >  doc/guides/rel_notes/release_16_11.rst   |   9 ++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst |  15 ++--
> >  examples/ipsec-secgw/esp.c               | 144 ++++++++++++++++++++++---------
> >  examples/ipsec-secgw/ipsec-secgw.c       |   7 +-
> >  examples/ipsec-secgw/ipsec.c             |   1 +
> >  examples/ipsec-secgw/ipsec.h             |  35 +++++++-
> >  examples/ipsec-secgw/sa.c                |  54 ++++++++++--
> >  7 files changed, 207 insertions(+), 58 deletions(-)
> >
> > --
> > 2.5.5
> 
> Series-acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Applied to dpdk-next-crypto.
Thanks,

Pablo