[dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64

aviadye at dev.mellanox.co.il aviadye at dev.mellanox.co.il
Tue Oct 24 14:49:00 CEST 2017

Previous message: [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm
Next message: [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Aviad Yehezkel <aviadye at mellanox.com>

According to rfc4106 the IV should be unique and can be implemented
as counter.
The changed was created because putting an analyzer on wire and
comparing packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do the same for
future debug / comparison.

Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
--
v3:
* Fix commit message.
v2:
* Fix commit message.
---
 examples/ipsec-secgw/esp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 063e63f..a63fb95 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -331,7 +331,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
 		uint8_t *aad;
 
-		*iv = sa->seq;
+		*iv = rte_cpu_to_be_64(sa->seq);
 		sym_cop->aead.data.offset = ip_hdr_len +
 			sizeof(struct esp_hdr) + sa->iv_len;
 		sym_cop->aead.data.length = pad_payload_len;
@@ -344,7 +344,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		struct cnt_blk *icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
-		icb->iv = sa->seq;
+		icb->iv = rte_cpu_to_be_64(sa->seq);
 		icb->cnt = rte_cpu_to_be_32(1);
 
 		aad = get_aad(m);
@@ -367,7 +367,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 			break;
 		case RTE_CRYPTO_CIPHER_AES_CTR:
-			*iv = sa->seq;
+			*iv = rte_cpu_to_be_64(sa->seq);
 			sym_cop->cipher.data.offset = ip_hdr_len +
 				sizeof(struct esp_hdr) + sa->iv_len;
 			sym_cop->cipher.data.length = pad_payload_len;
@@ -386,7 +386,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		struct cnt_blk *icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
-		icb->iv = sa->seq;
+		icb->iv = rte_cpu_to_be_64(sa->seq);
 		icb->cnt = rte_cpu_to_be_32(1);
 
 		switch (sa->auth_algo) {
-- 
2.7.4

Previous message: [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm
Next message: [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list