[PATCH] examples/ipsec-secgw: fix AES-CTR IV length

[Tejasree Kondoj]

Set AES-CTR IV length to 8 in SA config as it is
used for per packet IV length and set it to 16
in xform since the application populates 16B IV
in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.

Fixes: 5ff7502f345e ("examples/ipsec-secgw: set AES-CTR IV length to 16")

Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
 examples/ipsec-secgw/sa.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 5f5d2685f6..63eadb3393 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -96,10 +96,8 @@ const struct supported_cipher_algo cipher_algos[] = {
 	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
-		/* iv_len includes 8B per packet IV, 4B nonce
-		 * and 4B counter
-		 */
-		.iv_len = 16,
+		/* Per packet IV length */
+		.iv_len = 8,
 		.block_size = 4,
 		.key_len = 20
 	},
@@ -1332,9 +1330,14 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			case RTE_CRYPTO_CIPHER_DES_CBC:
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CBC:
-			case RTE_CRYPTO_CIPHER_AES_CTR:
 				iv_length = sa->iv_len;
 				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				/* Length includes 8B per packet IV, 4B nonce and
+				 * 4B counter as populated in datapath.
+				 */
+				iv_length = 16;
+				break;
 			default:
 				RTE_LOG(ERR, IPSEC_ESP,
 						"unsupported cipher algorithm %u\n",
-- 
2.25.1