Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Enabling AES-GCM-128 with 16B ICV support
[vpp.git] / vpp-api-test / vat / api_format.c
diff --git a/vpp-api-test/vat/api_format.c b/vpp-api-test/vat/api_format.c
index 8522428..800fa2b 100644 (file)
--- a/vpp-api-test/vat/api_format.c
+++ b/vpp-api-test/vat/api_format.c
@@ -11732,7 +11732,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
            (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
        {
          if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
-             crypto_alg > IPSEC_INTEG_ALG_SHA_512_256)
+             crypto_alg >= IPSEC_CRYPTO_N_ALG)
            {
              clib_warning ("unsupported crypto-alg: '%U'",
                            format_ipsec_crypto_alg, crypto_alg);
@@ -11745,8 +11745,12 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
        if (unformat
            (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
        {
+#if DPDK_CRYPTO==1
+         if (integ_alg < IPSEC_INTEG_ALG_NONE ||
+#else
          if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
-             integ_alg > IPSEC_INTEG_ALG_SHA_512_256)
+#endif
+             integ_alg >= IPSEC_INTEG_N_ALG)
            {
              clib_warning ("unsupported integ-alg: '%U'",
                            format_ipsec_integ_alg, integ_alg);
@@ -11763,6 +11767,33 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
 
     }
 
+#if DPDK_CRYPTO==1
+  /*Special cases, aes-gcm-128 encryption */
+  if (crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+    {
+      if (integ_alg != IPSEC_INTEG_ALG_NONE
+         && integ_alg != IPSEC_INTEG_ALG_AES_GCM_128)
+       {
+         clib_warning
+           ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
+         return -99;
+       }
+      else                     /*set integ-alg internally to aes-gcm-128 */
+       integ_alg = IPSEC_INTEG_ALG_AES_GCM_128;
+    }
+  else if (integ_alg == IPSEC_INTEG_ALG_AES_GCM_128)
+    {
+      clib_warning ("unsupported integ-alg: aes-gcm-128");
+      return -99;
+    }
+  else if (integ_alg == IPSEC_INTEG_ALG_NONE)
+    {
+      clib_warning ("unsupported integ-alg: none");
+      return -99;
+    }
+#endif
+
+
   M (IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry);
 
   mp->sad_id = ntohl (sad_id);
Vector Packet Processing