validation: ipsec: disable anti-replay with null authentication

Set antireplay_ws to zero to disable anti-replay service when an inbound SA without integrity protection is created. The anti-replay service is not used in IPsec without integrity protection and therefore some ODP implementations may not support SAs that have null auth algorithm but anti-replay enabled. This change also enables a future API change that would require zero antireplay_ws with null authentication. Signed-off-by: Srujana Challa <schalla@marvell.com> Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>
author: Srujana Challa <schalla@marvell.com> 2023-05-05 17:46:50 +0530
committer: Matias Elo <matias.elo@nokia.com> 2023-05-17 09:57:49 +0300
commit: 822056b616886ce3516b62c6b17b8d36a95dd9f7 (patch)
tree: 6439b6abf96dac53c029f346063be91d4bc674e0 /test
parent: 2118ba7c9587cc997eee612bf4fe962d21595c46 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index 7169bcd17..87ca465fb 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -395,7 +395,10 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 	param->dir = dir;
 	if (dir == ODP_IPSEC_DIR_INBOUND) {
 		param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI;
-		param->inbound.antireplay_ws = capa.max_antireplay_ws;
+		if (auth_alg == ODP_AUTH_ALG_NULL)
+			param->inbound.antireplay_ws = 0;
+		else
+			param->inbound.antireplay_ws = capa.max_antireplay_ws;
 	}
 	param->proto = proto;
author	Srujana Challa <schalla@marvell.com>	2023-05-05 17:46:50 +0530
committer	Matias Elo <matias.elo@nokia.com>	2023-05-17 09:57:49 +0300
commit	822056b616886ce3516b62c6b17b8d36a95dd9f7 (patch)
tree	6439b6abf96dac53c029f346063be91d4bc674e0 /test
parent	2118ba7c9587cc997eee612bf4fe962d21595c46 (diff)