ipsec: allow null/null for crypto/integ algorithms pair

Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>

diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 3574f3e..5933cf9 100644 (file)
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -555,6 +555,7 @@ dpdk_ipsec_check_support (ipsec_sa_t * sa)
   if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
     switch (sa->crypto_alg)
       {
+      case IPSEC_CRYPTO_ALG_NONE:
       case IPSEC_CRYPTO_ALG_AES_GCM_128:
       case IPSEC_CRYPTO_ALG_AES_GCM_192:
       case IPSEC_CRYPTO_ALG_AES_GCM_256:

diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index 7e17c9a..924986e 100644 (file)
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -15168,7 +15168,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
        if (unformat
            (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
        {
-         if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+         if (crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
              crypto_alg >= IPSEC_CRYPTO_N_ALG)
            {
              clib_warning ("unsupported crypto-alg: '%U'",
@@ -15182,7 +15182,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
        if (unformat
            (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
        {
-         if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+         if (integ_alg < IPSEC_INTEG_ALG_NONE ||
              integ_alg >= IPSEC_INTEG_N_ALG)
            {
              clib_warning ("unsupported integ-alg: '%U'",
@@ -15340,7 +15340,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam)
        if (unformat
            (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
        {
-         if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+         if (crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
              crypto_alg >= IPSEC_CRYPTO_N_ALG)
            {
              errmsg ("unsupported crypto-alg: '%U'\n",
@@ -15352,7 +15352,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam)
        if (unformat
            (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
        {
-         if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+         if (integ_alg < IPSEC_INTEG_ALG_NONE ||
              integ_alg >= IPSEC_INTEG_N_ALG)
            {
              errmsg ("unsupported integ-alg: '%U'\n",

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 6fb4f55..74f993a 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -194,7 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
   sa.spi = ntohl (mp->spi);
   sa.protocol = mp->protocol;
   /* check for unsupported crypto-alg */
-  if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+  if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE ||
       mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
     {
       clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 09134e3..ef57d52 100644 (file)
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -106,7 +106,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
            (line_input, "crypto-alg %U", unformat_ipsec_crypto_alg,
             &sa.crypto_alg))
        {
-         if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+         if (sa.crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
              sa.crypto_alg >= IPSEC_CRYPTO_N_ALG)
            {
              error = clib_error_return (0, "unsupported crypto-alg: '%U'",
@@ -121,7 +121,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg,
                         &sa.integ_alg))
        {
-         if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+         if (sa.integ_alg < IPSEC_INTEG_ALG_NONE ||
              sa.integ_alg >= IPSEC_INTEG_N_ALG)
            {
              error = clib_error_return (0, "unsupported integ-alg: '%U'",