[lng-odp] [PATCH API-NEXT v13 17/18] linux-gen: ipsec: add AES-CTR cipher support

[Github ODP bot]

From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>

Add support for encrypting packets with AES-CTR cipher.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede
 **/
 platform/linux-generic/include/odp_ipsec_internal.h |  1 +
 platform/linux-generic/odp_ipsec.c                  | 13 +++++++++++++
 platform/linux-generic/odp_ipsec_sad.c              |  7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 81ecec08e..cfedb7c08 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -128,6 +128,7 @@ struct ipsec_sa_s {
                        unsigned        dec_ttl : 1;
                        unsigned        copy_dscp : 1;
                        unsigned        copy_df : 1;
+                       unsigned        aes_ctr_iv : 1;
 
                        /* Only for outbound */
                        unsigned        use_counter_iv : 1;
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 832c62c94..24b14dc83 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -351,6 +351,13 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
                        goto err;
                }
 
+               if (ipsec_sa->aes_ctr_iv) {
+                       iv[12] = 0;
+                       iv[13] = 0;
+                       iv[14] = 0;
+                       iv[15] = 1;
+               }
+
                hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len;
                trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len;
 
@@ -743,6 +750,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
                        memcpy(iv + ipsec_sa->salt_length, &ctr,
                               ipsec_sa->esp_iv_len);
 
+                       if (ipsec_sa->aes_ctr_iv) {
+                               iv[12] = 0;
+                               iv[13] = 0;
+                               iv[14] = 0;
+                               iv[15] = 1;
+                       }
                } else if (ipsec_sa->esp_iv_len) {
                        uint32_t len;
 
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index ca42838cd..d5efb095c 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -333,6 +333,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
                ipsec_sa->esp_block_len = 16;
                crypto_param.iv.length = 16;
                break;
+       case ODP_CIPHER_ALG_AES_CTR:
+               ipsec_sa->use_counter_iv = 1;
+               ipsec_sa->aes_ctr_iv = 1;
+               ipsec_sa->esp_iv_len = 8;
+               ipsec_sa->esp_block_len = 16;
+               crypto_param.iv.length = 16;
+               break;
 #if ODP_DEPRECATED_API
        case ODP_CIPHER_ALG_AES128_GCM:
 #endif