[dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation

De Lara Guarch, Pablo pablo.de.lara.guarch at intel.com
Wed Sep 28 05:51:06 CEST 2016

Previous message: [dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
Next message: [dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Sergio,

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, September 23, 2016 12:45 AM
> To: dev at dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
> 
> NIST SP800-38A recommends two methods to generate unpredictable IVs
> (Initilisation Vector) for CBC mode:
> 1) Apply the forward function to a nonce (ie. counter)
> 2) Use a FIPS-approved random number generator
> 
> This patch implements the first recommended method by using the forward
> function to generate the IV.
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>

[...]

> +static inline void *
> +get_cop(struct rte_mbuf *m)
> +{
> +	struct ipsec_mbuf_metadata *priv = get_priv(m);
> +
> +	return &priv->cop;
> +}

This function is not used in anywhere. Should it be called somewhere to get the crypto op?

> +
> +static inline void *
> +get_sym_cop(struct rte_crypto_op *cop)
> +{
> +	return (cop + 1);

Why is this cop + 1? Am I missing something obvious?
Maybe it is worth a comment here (I noticed this was already in the previous code, but I don't understand it :))
> +}
> +
>  int
>  inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t
> sa_idx);
> 
> --
> 2.5.5

Thanks,
Pablo

Previous message: [dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
Next message: [dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: change CBC IV generation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list