diff options
| author |   Radu Nicolau <radu.nicolau@intel.com> | 2016-11-29 11:00:30 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion.lists@gmail.com> | 2016-11-30 20:37:45 +0000 |
| commit | 6929ea9225cf229ed59a480ceefb972b85971e50 (patch) | |
| tree | 9366bec3e281de9cfe20fd3c58cb357c26ab6e43 /vpp | |
| parent | 2fee4c8fadd31979bd3e72c51d276773d17798d1 (diff) | |
Enabling AES-GCM-128 with 16B ICV support
Change-Id: Ib57b6f6b71ba14952ad77477a4df3ab33b36fef4
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Diffstat (limited to 'vpp')
| -rw-r--r-- | vpp/vpp-api/api.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c index 8f0165a124e..1da0729f4f1 100644 --- a/vpp/vpp-api/api.c +++ b/vpp/vpp-api/api.c @@ -6566,7 +6566,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.protocol = mp->protocol; /* check for unsupported crypto-alg */ if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 || - mp->crypto_algorithm > IPSEC_CRYPTO_ALG_AES_CBC_256) + mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, mp->crypto_algorithm); @@ -6577,14 +6577,48 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.crypto_key_len = mp->crypto_key_length; clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key)); /* check for unsupported integ-alg */ +#if DPDK_CRYPTO==1 + if (mp->integrity_algorithm < IPSEC_INTEG_ALG_NONE || +#else if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 || - mp->integrity_algorithm > IPSEC_INTEG_ALG_SHA_512_256) +#endif + mp->integrity_algorithm >= IPSEC_INTEG_N_ALG) { clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg, mp->integrity_algorithm); rv = VNET_API_ERROR_UNIMPLEMENTED; goto out; } + +#if DPDK_CRYPTO==1 + /*Special cases, aes-gcm-128 encryption */ + if (mp->crypto_algorithm == IPSEC_CRYPTO_ALG_AES_GCM_128) + { + if (mp->integrity_algorithm != IPSEC_INTEG_ALG_NONE + && mp->integrity_algorithm != IPSEC_INTEG_ALG_AES_GCM_128) + { + clib_warning + ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg"); + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto out; + } + else /*set integ-alg internally to aes-gcm-128 */ + mp->integrity_algorithm = IPSEC_INTEG_ALG_AES_GCM_128; + } + else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_AES_GCM_128) + { + clib_warning ("unsupported integ-alg: aes-gcm-128"); + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto out; + } + else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_NONE) + { + clib_warning ("unsupported integ-alg: none"); + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto out; + } +#endif + sa.integ_alg = mp->integrity_algorithm; sa.integ_key_len = mp->integrity_key_length; clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key)); |