From f18e07dad7c766e4f2283a89b51e1d71471aa11d Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Thu, 16 Feb 2023 19:54:40 +0530 Subject: [PATCH] examples/ipsec-secgw: fix auth IV length [ upstream commit 56af18587ef8beace28de1054643752922f7a696 ] Currently, cipher IV length is getting used to set auth xform IV length. Auth IV is needed for AES-GMAC case, and in all other cases, auth IV should be 0. Used a separate auth IV length to separate out cipher and auth cases. Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms") Signed-off-by: Akhil Goyal Acked-by: Kai Ji --- examples/ipsec-secgw/sa.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 2f8b9bce27..49d16f055b 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1223,6 +1223,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], struct ipsec_sa *sa; uint32_t i, idx; uint16_t iv_length, aad_length; + uint16_t auth_iv_length = 0; int inline_status; int32_t rc; struct rte_ipsec_session *ips; @@ -1315,7 +1316,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], /* AES_GMAC uses salt like AEAD algorithms */ if (sa->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) - iv_length = 12; + auth_iv_length = 12; if (inbound) { sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -1339,7 +1340,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa_ctx->xf[idx].a.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; sa_ctx->xf[idx].a.auth.iv.offset = IV_OFFSET; - sa_ctx->xf[idx].a.auth.iv.length = iv_length; + sa_ctx->xf[idx].a.auth.iv.length = auth_iv_length; } else { /* outbound */ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -1363,7 +1364,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa_ctx->xf[idx].b.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; sa_ctx->xf[idx].b.auth.iv.offset = IV_OFFSET; - sa_ctx->xf[idx].b.auth.iv.length = iv_length; + sa_ctx->xf[idx].b.auth.iv.length = auth_iv_length; }