From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6119441CB2 for ; Thu, 16 Feb 2023 15:25:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4E52242D62; Thu, 16 Feb 2023 15:25:03 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id BEB2340E03; Thu, 16 Feb 2023 15:25:00 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31GEMgH3027452; Thu, 16 Feb 2023 06:24:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=D4/OLIKlLHHKVCjVrwarg6peUWebbvBFDaiBXaFjaoY=; b=jEjwbTvKlL4x130m7h1eoXNsSjk3N4e+FDfWkKd9MCSXnc+Pv2bG8cSvMZEDcRX2+1Gs kOFEsC2SGP1rNcCrOACGBgccY4GT3d03OGg4wJ5SnVhIrje3yFCekqiBzqj5UFwDOSFU lHWwYglAVJjnu1kTaY0p7u6BzBvTvU/n+dbKUrIWjj8ShH5r2NZ1b8fO5ImOq3XzLHdp yWfsH3j24VRz9zFDeE8QKlw+gJty6QCRQ131qTndonWePTa7wIqCnS0GG6Gtt+DIsSmg fSLE6w+/F6PVG28DXVjhX5dVbaMf5GcUF86hFYaWz4jx4k1Xgo7Upb1lt1/TGS0LNZ1x tw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3nsg888xmu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Feb 2023 06:24:55 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 16 Feb 2023 06:24:53 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 16 Feb 2023 06:24:53 -0800 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 242443F7089; Thu, 16 Feb 2023 06:24:49 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , Akhil Goyal , Subject: [PATCH 1/3] examples/ipsec-secgw: fix auth IV length Date: Thu, 16 Feb 2023 19:54:40 +0530 Message-ID: <20230216142442.3657742-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: oEN7bJP3BZVtlkOpgHO1DLukuS7o23mP X-Proofpoint-GUID: oEN7bJP3BZVtlkOpgHO1DLukuS7o23mP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-16_10,2023-02-16_01,2023-02-09_01 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Currently, cipher IV length is getting used to set auth xform IV length. Auth IV is needed for AES-GMAC case, and in all other cases, auth IV should be 0. Used a separate auth IV length to separate out cipher and auth cases. Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms") Cc: stable@dpdk.org Signed-off-by: Akhil Goyal --- examples/ipsec-secgw/sa.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 7da9444a7b..001762bea9 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1247,6 +1247,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], struct ipsec_sa *sa; uint32_t i, idx; uint16_t iv_length, aad_length; + uint16_t auth_iv_length = 0; int inline_status; int32_t rc; struct rte_ipsec_session *ips; @@ -1340,7 +1341,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], /* AES_GMAC uses salt like AEAD algorithms */ if (sa->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) - iv_length = 12; + auth_iv_length = 12; if (inbound) { sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -1364,7 +1365,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa_ctx->xf[idx].a.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; sa_ctx->xf[idx].a.auth.iv.offset = IV_OFFSET; - sa_ctx->xf[idx].a.auth.iv.length = iv_length; + sa_ctx->xf[idx].a.auth.iv.length = auth_iv_length; } else { /* outbound */ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -1388,7 +1389,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa_ctx->xf[idx].b.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; sa_ctx->xf[idx].b.auth.iv.offset = IV_OFFSET; - sa_ctx->xf[idx].b.auth.iv.length = iv_length; + sa_ctx->xf[idx].b.auth.iv.length = auth_iv_length; } -- 2.25.1