[PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16

Tejasree Kondoj Wed, 14 Dec 2022 21:42:23 -0800

Set AES-CTR IV length as 16 instead of taking from
SA config option since the application populates
16B IV in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.


Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---

v2:
* Rebased v1

 examples/ipsec-secgw/sa.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7da9444a7b..5bb73a9137 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1328,9 +1328,14 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct 
ipsec_sa entries[],
                        case RTE_CRYPTO_CIPHER_DES_CBC:
                        case RTE_CRYPTO_CIPHER_3DES_CBC:
                        case RTE_CRYPTO_CIPHER_AES_CBC:
-                       case RTE_CRYPTO_CIPHER_AES_CTR:
                                iv_length = sa->iv_len;
                                break;
+                       case RTE_CRYPTO_CIPHER_AES_CTR:
+                               /* Length includes 8B per packet IV, 4B nonce 
and
+                                * 4B counter as populated in datapath.
+                                */
+                               iv_length = 16;
+                               break;
                        default:
                                RTE_LOG(ERR, IPSEC_ESP,
                                                "unsupported cipher algorithm 
%u\n",
-- 
2.25.1

[PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16

Reply via email to