@@ -360,6 +360,9 @@ typedef struct odp_ipsec_crypto_param_t {
/** Cipher key */
odp_crypto_key_t cipher_key;
+ /** Cipher nonce/salt for CTR/GCM/CCM */
+ odp_crypto_key_t cipher_nonce;
+
/** Authentication algorithm */
odp_auth_alg_t auth_alg;
@@ -693,7 +696,9 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa);
* Outputs all supported configuration options for the algorithm. Output is
* sorted (from the smallest to the largest) first by key length, then by IV
* length. Use this information to select key lengths, etc cipher algorithm
- * options for SA creation (odp_ipsec_crypto_param_t).
+ * options for SA creation (odp_ipsec_crypto_param_t). Note, as usually IV
+ * blocks are constructed internally, the @iv_len field returns the length of
+ * the nonce (or salt) part, acquired from keying material.
*
* @param cipher Cipher algorithm
* @param[out] capa Array of capability structures for output
CTR/GCM/CCM algorithms require static IV part provided by control party. Usually it is a part of KEYMAT returned from IKE. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> --- include/odp/api/spec/ipsec.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.11.0