examples/ipsec-secgw: set AES-CTR IV length to 16
Checks
Commit Message
Set AES-CTR IV length as 16 instead of taking from
SA config option since the application populates
16B IV in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
examples/ipsec-secgw/sa.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
@@ -1319,9 +1319,14 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
case RTE_CRYPTO_CIPHER_NULL:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
- case RTE_CRYPTO_CIPHER_AES_CTR:
iv_length = sa->iv_len;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ /* Length includes 8B per packet IV, 4B nonce and
+ * 4B counter as populated in datapath.
+ */
+ iv_length = 16;
+ break;
default:
RTE_LOG(ERR, IPSEC_ESP,
"unsupported cipher algorithm %u\n",