examples/ipsec-secgw: fix auth IV length

[ upstream commit 56af18587ef8beace28de1054643752922f7a696 ] Currently, cipher IV length is getting used to set auth xform IV length. Auth IV is needed for AES-GMAC case, and in all other cases, auth IV should be 0. Used a separate auth IV length to separate out cipher and auth cases. Fixes: 9413c39 ("examples/ipsec-secgw: support additional algorithms") Signed-off-by: Akhil Goyal <gakhil@marvell.com> Acked-by: Kai Ji <kai.ji@intel.com>
kevintraynor · Mar 15, 2023 · f18e07d · f18e07d
1 parent c414933
commit f18e07d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
@@ -1223,6 +1223,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 	struct ipsec_sa *sa;
 	uint32_t i, idx;
 	uint16_t iv_length, aad_length;
+	uint16_t auth_iv_length = 0;
 	int inline_status;
 	int32_t rc;
 	struct rte_ipsec_session *ips;
@@ -1315,7 +1316,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			/* AES_GMAC uses salt like AEAD algorithms */
 			if (sa->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC)
-				iv_length = 12;
+				auth_iv_length = 12;
 
 			if (inbound) {
 				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1339,7 +1340,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa_ctx->xf[idx].a.auth.op =
 					RTE_CRYPTO_AUTH_OP_VERIFY;
 				sa_ctx->xf[idx].a.auth.iv.offset = IV_OFFSET;
-				sa_ctx->xf[idx].a.auth.iv.length = iv_length;
+				sa_ctx->xf[idx].a.auth.iv.length = auth_iv_length;
 
 			} else { /* outbound */
 				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1363,7 +1364,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa_ctx->xf[idx].b.auth.op =
 					RTE_CRYPTO_AUTH_OP_GENERATE;
 				sa_ctx->xf[idx].b.auth.iv.offset = IV_OFFSET;
-				sa_ctx->xf[idx].b.auth.iv.length = iv_length;
+				sa_ctx->xf[idx].b.auth.iv.length = auth_iv_length;
 
 			}