diff options
| author |   Radu Nicolau <radu.nicolau@intel.com> | 2016-11-29 11:00:30 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion.lists@gmail.com> | 2016-11-30 20:37:45 +0000 |
| commit | 6929ea9225cf229ed59a480ceefb972b85971e50 (patch) | |
| tree | 9366bec3e281de9cfe20fd3c58cb357c26ab6e43 /vnet/vnet/ipsec/ipsec_cli.c | |
| parent | 2fee4c8fadd31979bd3e72c51d276773d17798d1 (diff) | |
Enabling AES-GCM-128 with 16B ICV support
Change-Id: Ib57b6f6b71ba14952ad77477a4df3ab33b36fef4
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Diffstat (limited to 'vnet/vnet/ipsec/ipsec_cli.c')
| -rw-r--r-- | vnet/vnet/ipsec/ipsec_cli.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/vnet/vnet/ipsec/ipsec_cli.c b/vnet/vnet/ipsec/ipsec_cli.c index 8920924d04e..7ab85d4aefb 100644 --- a/vnet/vnet/ipsec/ipsec_cli.c +++ b/vnet/vnet/ipsec/ipsec_cli.c @@ -99,7 +99,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, &sa.crypto_alg)) { if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || - sa.crypto_alg > IPSEC_CRYPTO_ALG_AES_CBC_256) + sa.crypto_alg >= IPSEC_CRYPTO_N_ALG) return clib_error_return (0, "unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, sa.crypto_alg); } @@ -109,8 +109,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg, &sa.integ_alg)) { +#if DPDK_CRYPTO==1 + if (sa.integ_alg < IPSEC_INTEG_ALG_NONE || +#else if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 || - sa.integ_alg > IPSEC_INTEG_ALG_SHA_512_256) +#endif + sa.integ_alg >= IPSEC_INTEG_N_ALG) return clib_error_return (0, "unsupported integ-alg: '%U'", format_ipsec_integ_alg, sa.integ_alg); } @@ -137,6 +141,23 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, format_unformat_error, line_input); } +#if DPDK_CRYPTO==1 + /*Special cases, aes-gcm-128 encryption */ + if (sa.crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) + { + if (sa.integ_alg != IPSEC_INTEG_ALG_NONE + && sa.integ_alg != IPSEC_INTEG_ALG_AES_GCM_128) + return clib_error_return (0, + "unsupported: aes-gcm-128 crypto-alg needs none as integ-alg"); + else /*set integ-alg internally to aes-gcm-128 */ + sa.integ_alg = IPSEC_INTEG_ALG_AES_GCM_128; + } + else if (sa.integ_alg == IPSEC_INTEG_ALG_AES_GCM_128) + return clib_error_return (0, "unsupported integ-alg: aes-gcm-128"); + else if (sa.integ_alg == IPSEC_INTEG_ALG_NONE) + return clib_error_return (0, "unsupported integ-alg: none"); +#endif + unformat_free (line_input); if (sa.crypto_key_len > sizeof (sa.crypto_key)) |