[dpdk-dev] [PATCH v5 1/5] ipsec: support AES-CTR
Akhil Goyal
akhil.goyal at nxp.com
Fri Mar 22 14:01:12 CET 2019
Hi Konstantin,
On 3/22/2019 6:16 PM, Ananyev, Konstantin wrote:
> Hi Akhil,
>
>> On 3/20/2019 9:08 PM, Fan Zhang wrote:
>>> This patch adds AES-CTR cipher algorithm support to ipsec
>>> library.
>>>
>>> Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
>>> Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
>>> Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
>>> ---
>>> lib/librte_ipsec/crypto.h | 17 ++++++
>>> lib/librte_ipsec/sa.c | 133 ++++++++++++++++++++++++++++++++++++++--------
>>> lib/librte_ipsec/sa.h | 18 +++++++
>>> 3 files changed, 147 insertions(+), 21 deletions(-)
>>>
>>> diff --git a/lib/librte_ipsec/crypto.h b/lib/librte_ipsec/crypto.h
>>> index b5f264831..4f551e39c 100644
>>> --- a/lib/librte_ipsec/crypto.h
>>> +++ b/lib/librte_ipsec/crypto.h
>>> @@ -11,6 +11,16 @@
>>> * by ipsec library.
>>> */
>>>
>>> +/*
>>> + * AES-CTR counter block format.
>>> + */
>>> +
>>> +struct aesctr_cnt_blk {
>>> + uint32_t nonce;
>>> + uint64_t iv;
>>> + uint32_t cnt;
>>> +} __attribute__((packed));
>>> +
>> In the v3 I gave a comment on this structure. It is not fixed.
>> I believe cnt should be before iv.
> Could you explain, what makes you think that way?
> https://tools.ietf.org/html/rfc3686#section-4
> clearly stays that format of the counter block should be the following:
> nonce; IV; counter.
> Original ipsec-secgw app uses the same format:
> struct cnt_blk {
> uint32_t salt;
> uint64_t iv;
> uint32_t cnt;
> } __attribute__((packed));
>
> So I believe format above is correct one.
> Again this series introduces new test-case specially for CTR algo:
> examples/ipsec-secgw/test/*ctr*.sh
> and they do pass on both aesni_mb and QAT device.
> Konstantin
Got it. Thanks for correcting me.
More information about the dev
mailing list