patches for DPDK stable branches
 help / color / mirror / Atom feed
* [PATCH 1/3] examples/ipsec-secgw: fix auth IV length
@ 2023-02-16 14:24 Akhil Goyal
  2023-02-21 13:13 ` Ji, Kai
  0 siblings, 1 reply; 3+ messages in thread
From: Akhil Goyal @ 2023-02-16 14:24 UTC (permalink / raw)
  To: dev
  Cc: radu.nicolau, anoobj, g.singh, hemant.agrawal, kai.ji,
	ruifeng.wang, sunilprakashrao.uttarwar, rnagadheeraj, matan,
	Akhil Goyal, stable

Currently, cipher IV length is getting used to set auth
xform IV length. Auth IV is needed for AES-GMAC case,
and in all other cases, auth IV should be 0.
Used a separate auth IV length to separate out cipher and auth cases.

Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 examples/ipsec-secgw/sa.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7da9444a7b..001762bea9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1247,6 +1247,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 	struct ipsec_sa *sa;
 	uint32_t i, idx;
 	uint16_t iv_length, aad_length;
+	uint16_t auth_iv_length = 0;
 	int inline_status;
 	int32_t rc;
 	struct rte_ipsec_session *ips;
@@ -1340,7 +1341,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			/* AES_GMAC uses salt like AEAD algorithms */
 			if (sa->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC)
-				iv_length = 12;
+				auth_iv_length = 12;
 
 			if (inbound) {
 				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1364,7 +1365,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa_ctx->xf[idx].a.auth.op =
 					RTE_CRYPTO_AUTH_OP_VERIFY;
 				sa_ctx->xf[idx].a.auth.iv.offset = IV_OFFSET;
-				sa_ctx->xf[idx].a.auth.iv.length = iv_length;
+				sa_ctx->xf[idx].a.auth.iv.length = auth_iv_length;
 
 			} else { /* outbound */
 				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1388,7 +1389,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa_ctx->xf[idx].b.auth.op =
 					RTE_CRYPTO_AUTH_OP_GENERATE;
 				sa_ctx->xf[idx].b.auth.iv.offset = IV_OFFSET;
-				sa_ctx->xf[idx].b.auth.iv.length = iv_length;
+				sa_ctx->xf[idx].b.auth.iv.length = auth_iv_length;
 
 			}
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-02-27 17:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-16 14:24 [PATCH 1/3] examples/ipsec-secgw: fix auth IV length Akhil Goyal
2023-02-21 13:13 ` Ji, Kai
2023-02-27 17:34   ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).