[PATCH] examples/ipsec-secgw: set AES-CTR IV length to 16

Tejasree Kondoj ktejasree at marvell.com
Thu Dec 15 04:58:05 CET 2022

Previous message (by thread): [PATCH 2/2] app/testpmd: add disable-flow-flush parameter
Next message (by thread): [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Set AES-CTR IV length as 16 instead of taking from
SA config option since the application populates
16B IV in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.

Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
 examples/ipsec-secgw/sa.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 024831c177..cee29008ba 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1319,9 +1319,14 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			case RTE_CRYPTO_CIPHER_NULL:
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CBC:
-			case RTE_CRYPTO_CIPHER_AES_CTR:
 				iv_length = sa->iv_len;
 				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				/* Length includes 8B per packet IV, 4B nonce and
+				 * 4B counter as populated in datapath.
+				 */
+				iv_length = 16;
+				break;
 			default:
 				RTE_LOG(ERR, IPSEC_ESP,
 						"unsupported cipher algorithm %u\n",
-- 
2.25.1

Previous message (by thread): [PATCH 2/2] app/testpmd: add disable-flow-flush parameter
Next message (by thread): [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list