From 6929ea9225cf229ed59a480ceefb972b85971e50 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau@intel.com>
Date: Tue, 29 Nov 2016 11:00:30 +0000
Subject: Enabling AES-GCM-128 with 16B ICV support

Change-Id: Ib57b6f6b71ba14952ad77477a4df3ab33b36fef4
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 vpp/vpp-api/api.c | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

(limited to 'vpp')

diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c
index 8f0165a1..1da0729f 100644
--- a/vpp/vpp-api/api.c
+++ b/vpp/vpp-api/api.c
@@ -6566,7 +6566,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
   sa.protocol = mp->protocol;
   /* check for unsupported crypto-alg */
   if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
-      mp->crypto_algorithm > IPSEC_CRYPTO_ALG_AES_CBC_256)
+      mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
     {
       clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
 		    mp->crypto_algorithm);
@@ -6577,14 +6577,48 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
   sa.crypto_key_len = mp->crypto_key_length;
   clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
   /* check for unsupported integ-alg */
+#if DPDK_CRYPTO==1
+  if (mp->integrity_algorithm < IPSEC_INTEG_ALG_NONE ||
+#else
   if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 ||
-      mp->integrity_algorithm > IPSEC_INTEG_ALG_SHA_512_256)
+#endif
+      mp->integrity_algorithm >= IPSEC_INTEG_N_ALG)
     {
       clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
 		    mp->integrity_algorithm);
       rv = VNET_API_ERROR_UNIMPLEMENTED;
       goto out;
     }
+
+#if DPDK_CRYPTO==1
+  /*Special cases, aes-gcm-128 encryption */
+  if (mp->crypto_algorithm == IPSEC_CRYPTO_ALG_AES_GCM_128)
+    {
+      if (mp->integrity_algorithm != IPSEC_INTEG_ALG_NONE
+	  && mp->integrity_algorithm != IPSEC_INTEG_ALG_AES_GCM_128)
+	{
+	  clib_warning
+	    ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
+	  rv = VNET_API_ERROR_UNIMPLEMENTED;
+	  goto out;
+	}
+      else			/*set integ-alg internally to aes-gcm-128 */
+	mp->integrity_algorithm = IPSEC_INTEG_ALG_AES_GCM_128;
+    }
+  else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_AES_GCM_128)
+    {
+      clib_warning ("unsupported integ-alg: aes-gcm-128");
+      rv = VNET_API_ERROR_UNIMPLEMENTED;
+      goto out;
+    }
+  else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_NONE)
+    {
+      clib_warning ("unsupported integ-alg: none");
+      rv = VNET_API_ERROR_UNIMPLEMENTED;
+      goto out;
+    }
+#endif
+
   sa.integ_alg = mp->integrity_algorithm;
   sa.integ_key_len = mp->integrity_key_length;
   clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
-- 
cgit 1.2.3-korg