[dpdk-dev] [PATCH v5 1/5] ipsec: support AES-CTR
Ananyev, Konstantin
konstantin.ananyev at intel.com
Fri Mar 22 13:46:49 CET 2019
Hi Akhil,
>
> On 3/20/2019 9:08 PM, Fan Zhang wrote:
> > This patch adds AES-CTR cipher algorithm support to ipsec
> > library.
> >
> > Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
> > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> > ---
> > lib/librte_ipsec/crypto.h | 17 ++++++
> > lib/librte_ipsec/sa.c | 133 ++++++++++++++++++++++++++++++++++++++--------
> > lib/librte_ipsec/sa.h | 18 +++++++
> > 3 files changed, 147 insertions(+), 21 deletions(-)
> >
> > diff --git a/lib/librte_ipsec/crypto.h b/lib/librte_ipsec/crypto.h
> > index b5f264831..4f551e39c 100644
> > --- a/lib/librte_ipsec/crypto.h
> > +++ b/lib/librte_ipsec/crypto.h
> > @@ -11,6 +11,16 @@
> > * by ipsec library.
> > */
> >
> > +/*
> > + * AES-CTR counter block format.
> > + */
> > +
> > +struct aesctr_cnt_blk {
> > + uint32_t nonce;
> > + uint64_t iv;
> > + uint32_t cnt;
> > +} __attribute__((packed));
> > +
> In the v3 I gave a comment on this structure. It is not fixed.
> I believe cnt should be before iv.
Could you explain, what makes you think that way?
https://tools.ietf.org/html/rfc3686#section-4
clearly stays that format of the counter block should be the following:
nonce; IV; counter.
Original ipsec-secgw app uses the same format:
struct cnt_blk {
uint32_t salt;
uint64_t iv;
uint32_t cnt;
} __attribute__((packed));
So I believe format above is correct one.
Again this series introduces new test-case specially for CTR algo:
examples/ipsec-secgw/test/*ctr*.sh
and they do pass on both aesni_mb and QAT device.
Konstantin
More information about the dev
mailing list