From 6929ea9225cf229ed59a480ceefb972b85971e50 Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Tue, 29 Nov 2016 11:00:30 +0000 Subject: Enabling AES-GCM-128 with 16B ICV support Change-Id: Ib57b6f6b71ba14952ad77477a4df3ab33b36fef4 Signed-off-by: Radu Nicolau --- vpp-api-test/Makefile.am | 2 +- vpp-api-test/configure.ac | 8 ++++++++ vpp-api-test/vat/api_format.c | 35 +++++++++++++++++++++++++++++++++-- 3 files changed, 42 insertions(+), 3 deletions(-) (limited to 'vpp-api-test') diff --git a/vpp-api-test/Makefile.am b/vpp-api-test/Makefile.am index d59c7e27f5c..27466fad2ca 100644 --- a/vpp-api-test/Makefile.am +++ b/vpp-api-test/Makefile.am @@ -13,7 +13,7 @@ AUTOMAKE_OPTIONS = foreign subdir-objects -AM_CFLAGS = -Wall @Q_PLATFORM_DEFINE@ @Q_PLATFORM_PLUGPATH@ @DPDK@ +AM_CFLAGS = -Wall @Q_PLATFORM_DEFINE@ @Q_PLATFORM_PLUGPATH@ @DPDK@ @DPDK_CRYPTO@ libvatplugin_la_SOURCES = \ vat/plugin_api.c diff --git a/vpp-api-test/configure.ac b/vpp-api-test/configure.ac index 4c200458930..cf0af125253 100644 --- a/vpp-api-test/configure.ac +++ b/vpp-api-test/configure.ac @@ -24,9 +24,17 @@ AC_ARG_WITH(dpdk, [with_dpdk=1], [with_dpdk=0]) +AC_ARG_WITH(dpdk_crypto, + AC_HELP_STRING([--with-dpdk-crypto],[Use DPDK cryptodev]), + [with_dpdk_crypto=1], + [with_dpdk_crypto=0]) + AC_SUBST(Q_PLATFORM_DEFINE,[-DQ_PLATFORM_${with_q_platform}]) AC_SUBST(Q_PLATFORM_PLUGPATH,[-DQ_PLUGIN_PREFIX=${with_q_plugin_prefix}]) AC_SUBST(DPDK,[-DDPDK=${with_dpdk}]) AM_CONDITIONAL(WITH_DPDK, test "$with_dpdk" = "1") +AC_SUBST(DPDK_CRYPTO,[-DDPDK_CRYPTO=${with_dpdk_crypto}]) +AM_CONDITIONAL(WITH_DPDK_CRYPTO, test "$with_dpdk_crypto" = "1") + AC_OUTPUT([Makefile]) diff --git a/vpp-api-test/vat/api_format.c b/vpp-api-test/vat/api_format.c index 8522428ea88..800fa2b3df0 100644 --- a/vpp-api-test/vat/api_format.c +++ b/vpp-api-test/vat/api_format.c @@ -11732,7 +11732,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg)) { if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || - crypto_alg > IPSEC_INTEG_ALG_SHA_512_256) + crypto_alg >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, crypto_alg); @@ -11745,8 +11745,12 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) if (unformat (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg)) { +#if DPDK_CRYPTO==1 + if (integ_alg < IPSEC_INTEG_ALG_NONE || +#else if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 || - integ_alg > IPSEC_INTEG_ALG_SHA_512_256) +#endif + integ_alg >= IPSEC_INTEG_N_ALG) { clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg, integ_alg); @@ -11763,6 +11767,33 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) } +#if DPDK_CRYPTO==1 + /*Special cases, aes-gcm-128 encryption */ + if (crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) + { + if (integ_alg != IPSEC_INTEG_ALG_NONE + && integ_alg != IPSEC_INTEG_ALG_AES_GCM_128) + { + clib_warning + ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg"); + return -99; + } + else /*set integ-alg internally to aes-gcm-128 */ + integ_alg = IPSEC_INTEG_ALG_AES_GCM_128; + } + else if (integ_alg == IPSEC_INTEG_ALG_AES_GCM_128) + { + clib_warning ("unsupported integ-alg: aes-gcm-128"); + return -99; + } + else if (integ_alg == IPSEC_INTEG_ALG_NONE) + { + clib_warning ("unsupported integ-alg: none"); + return -99; + } +#endif + + M (IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry); mp->sad_id = ntohl (sad_id); -- cgit 1.2.3-korg