[v2] examples/ipsec-secgw: set AES-CTR IV length to 16
Checks
Commit Message
Set AES-CTR IV length as 16 instead of taking from
SA config option since the application populates
16B IV in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
v2:
* Rebased v1
examples/ipsec-secgw/sa.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Comments
Hi Radu,
> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
>
> Set AES-CTR IV length as 16 instead of taking from
> SA config option since the application populates
> 16B IV in the datapath. AES-CTR requires 16B IV
> constructed from nonce and counter.
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Do you have a comment on this?
Hi
On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> Hi Radu,
>
>> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
>>
>> Set AES-CTR IV length as 16 instead of taking from
>> SA config option since the application populates
>> 16B IV in the datapath. AES-CTR requires 16B IV
>> constructed from nonce and counter.
>>
>> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> Do you have a comment on this?
No real objection, only that there is already an inconsistency in the
definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and
256 are 16 bytes. Maybe it would be better to change the 128 bit variant
definition? In any case:
Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
Hi Radu,
Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to 16 and
revert below change?
Thanks
Tejasree
> -----Original Message-----
> From: Nicolau, Radu <radu.nicolau@intel.com>
> Sent: Wednesday, February 1, 2023 8:08 PM
> To: Akhil Goyal <gakhil@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Tejasree Kondoj
> <ktejasree@marvell.com>
> Subject: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to
> 16
>
> External Email
>
> ----------------------------------------------------------------------
> Hi
>
> On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> > Hi Radu,
> >
> >> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
> >>
> >> Set AES-CTR IV length as 16 instead of taking from SA config option
> >> since the application populates 16B IV in the datapath. AES-CTR
> >> requires 16B IV constructed from nonce and counter.
> >>
> >> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Do you have a comment on this?
>
> No real objection, only that there is already an inconsistency in the
> definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and
> 256 are 16 bytes. Maybe it would be better to change the 128 bit variant
> definition? In any case:
>
> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
Hi Tejasree, I think it will make more sense but I will let Akhil decide.
-----Original Message-----
From: Tejasree Kondoj <ktejasree@marvell.com>
Sent: Tuesday, February 21, 2023 4:38 PM
To: Nicolau, Radu <radu.nicolau@intel.com>; Akhil Goyal <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
Subject: RE: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
Hi Radu,
Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to 16 and revert below change?
Thanks
Tejasree
> -----Original Message-----
> From: Nicolau, Radu <radu.nicolau@intel.com>
> Sent: Wednesday, February 1, 2023 8:08 PM
> To: Akhil Goyal <gakhil@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Tejasree Kondoj
> <ktejasree@marvell.com>
> Subject: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV
> length to
> 16
>
> External Email
>
> ----------------------------------------------------------------------
> Hi
>
> On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> > Hi Radu,
> >
> >> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to
> >> 16
> >>
> >> Set AES-CTR IV length as 16 instead of taking from SA config option
> >> since the application populates 16B IV in the datapath. AES-CTR
> >> requires 16B IV constructed from nonce and counter.
> >>
> >> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Do you have a comment on this?
>
> No real objection, only that there is already an inconsistency in the
> definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and
> 256 are 16 bytes. Maybe it would be better to change the 128 bit
> variant definition? In any case:
>
> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
> Hi Tejasree, I think it will make more sense but I will let Akhil decide.
>
> Hi Radu,
>
> Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to
> 16 and revert below change?
>
It is ok to do that, but make sure to add a comment that it includes 4B nonce and 4B counter.
@@ -1328,9 +1328,14 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
- case RTE_CRYPTO_CIPHER_AES_CTR:
iv_length = sa->iv_len;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ /* Length includes 8B per packet IV, 4B nonce and
+ * 4B counter as populated in datapath.
+ */
+ iv_length = 16;
+ break;
default:
RTE_LOG(ERR, IPSEC_ESP,
"unsupported cipher algorithm %u\n",