diff mbox series

[v2] examples/ipsec-secgw: set AES-CTR IV length to 16

Message ID	20221215054211.1919093-1-ktejasree@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Tejasree Kondoj <ktejasree@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Radu Nicolau <radu.nicolau@intel.com> CC: Anoob Joseph <anoobj@marvell.com>, <dev@dpdk.org> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16 Date: Thu, 15 Dec 2022 11:12:11 +0530 Message-ID: <20221215054211.1919093-1-ktejasree@marvell.com> In-Reply-To: <20221215035805.1777924-1-ktejasree@marvell.com> References: <20221215035805.1777924-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v2] examples/ipsec-secgw: set AES-CTR IV length to 16 \| [v2] examples/ipsec-secgw: set AES-CTR IV length to 16

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/intel-Testing	success	Testing PASS
ci/iol-broadcom-Functional	fail	Functional Testing issues
ci/github-robot: build	success	github build: passed
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS

Commit Message

Tejasree Kondoj Dec. 15, 2022, 5:42 a.m. UTC

  Set AES-CTR IV length as 16 instead of taking from
SA config option since the application populates
16B IV in the datapath. AES-CTR requires 16B IV
constructed from nonce and counter.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---

v2:
* Rebased v1

 examples/ipsec-secgw/sa.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Akhil Goyal Feb. 1, 2023, 2:16 p.m. UTC | #1

Hi Radu,

> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
> 
> Set AES-CTR IV length as 16 instead of taking from
> SA config option since the application populates
> 16B IV in the datapath. AES-CTR requires 16B IV
> constructed from nonce and counter.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Do you have a comment on this?

Radu Nicolau Feb. 1, 2023, 2:37 p.m. UTC | #2

Hi

On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> Hi Radu,
>
>> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
>>
>> Set AES-CTR IV length as 16 instead of taking from
>> SA config option since the application populates
>> 16B IV in the datapath. AES-CTR requires 16B IV
>> constructed from nonce and counter.
>>
>> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> Do you have a comment on this?

No real objection, only that there is already an inconsistency in the 
definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and 
256 are 16 bytes. Maybe it would be better to change the 128 bit variant 
definition? In any case:

Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>

Tejasree Kondoj Feb. 21, 2023, 4:37 p.m. UTC | #3

Hi Radu,

Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to 16 and
revert below change?

Thanks
Tejasree

> -----Original Message-----
> From: Nicolau, Radu <radu.nicolau@intel.com>
> Sent: Wednesday, February 1, 2023 8:08 PM
> To: Akhil Goyal <gakhil@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Tejasree Kondoj
> <ktejasree@marvell.com>
> Subject: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to
> 16
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi
> 
> On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> > Hi Radu,
> >
> >> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16
> >>
> >> Set AES-CTR IV length as 16 instead of taking from SA config option
> >> since the application populates 16B IV in the datapath. AES-CTR
> >> requires 16B IV constructed from nonce and counter.
> >>
> >> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Do you have a comment on this?
> 
> No real objection, only that there is already an inconsistency in the
> definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and
> 256 are 16 bytes. Maybe it would be better to change the 128 bit variant
> definition? In any case:
> 
> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>

Radu Nicolau Feb. 22, 2023, 9:56 a.m. UTC | #4

Hi Tejasree, I think it will make more sense but I will let Akhil decide.

-----Original Message-----
From: Tejasree Kondoj <ktejasree@marvell.com> 
Sent: Tuesday, February 21, 2023 4:38 PM
To: Nicolau, Radu <radu.nicolau@intel.com>; Akhil Goyal <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
Subject: RE: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 16

Hi Radu,

Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to 16 and revert below change?

Thanks
Tejasree

> -----Original Message-----
> From: Nicolau, Radu <radu.nicolau@intel.com>
> Sent: Wednesday, February 1, 2023 8:08 PM
> To: Akhil Goyal <gakhil@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Tejasree Kondoj 
> <ktejasree@marvell.com>
> Subject: [EXT] Re: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV 
> length to
> 16
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi
> 
> On 2/1/2023 2:16 PM, Akhil Goyal wrote:
> > Hi Radu,
> >
> >> Subject: [PATCH v2] examples/ipsec-secgw: set AES-CTR IV length to 
> >> 16
> >>
> >> Set AES-CTR IV length as 16 instead of taking from SA config option 
> >> since the application populates 16B IV in the datapath. AES-CTR 
> >> requires 16B IV constructed from nonce and counter.
> >>
> >> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Do you have a comment on this?
> 
> No real objection, only that there is already an inconsistency in the 
> definitions of the aes-xxx-ctr entries, 128 bit IV is 8 bytes, 192 and
> 256 are 16 bytes. Maybe it would be better to change the 128 bit 
> variant definition? In any case:
> 
> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>

Akhil Goyal Feb. 22, 2023, 1:43 p.m. UTC | #5

> Hi Tejasree, I think it will make more sense but I will let Akhil decide.
> 
> Hi Radu,
> 
> Shall I change AES-128-CTR iv_len field in cipher_algos struct of sa.c from 8 to
> 16 and revert below change?
> 
It is ok to do that, but make sure to add a comment that it includes 4B nonce and 4B counter.

diff mbox series

Patch

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7da9444a7b..5bb73a9137 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1328,9 +1328,14 @@  sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			case RTE_CRYPTO_CIPHER_DES_CBC:
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
 			case RTE_CRYPTO_CIPHER_AES_CBC:
-			case RTE_CRYPTO_CIPHER_AES_CTR:
 				iv_length = sa->iv_len;
 				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				/* Length includes 8B per packet IV, 4B nonce and
+				 * 4B counter as populated in datapath.
+				 */
+				iv_length = 16;
+				break;
 			default:
 				RTE_LOG(ERR, IPSEC_ESP,
 						"unsupported cipher algorithm %u\n",