examples/ipsec-secgw: support 192/256 AES key sizes

[dpdk.git] / examples / ipsec-secgw / sa.c

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 4822d6b..5e3a7aa 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -76,6 +76,13 @@ const struct supported_cipher_algo cipher_algos[] = {
                .block_size = 16,
                .key_len = 16
        },
+       {
+               .keyword = "aes-192-cbc",
+               .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+               .iv_len = 16,
+               .block_size = 16,
+               .key_len = 24
+       },
        {
                .keyword = "aes-256-cbc",
                .algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -130,19 +137,37 @@ const struct supported_aead_algo aead_algos[] = {
                .key_len = 20,
                .digest_len = 16,
                .aad_len = 8,
+       },
+       {
+               .keyword = "aes-192-gcm",
+               .algo = RTE_CRYPTO_AEAD_AES_GCM,
+               .iv_len = 8,
+               .block_size = 4,
+               .key_len = 28,
+               .digest_len = 16,
+               .aad_len = 8,
+       },
+       {
+               .keyword = "aes-256-gcm",
+               .algo = RTE_CRYPTO_AEAD_AES_GCM,
+               .iv_len = 8,
+               .block_size = 4,
+               .key_len = 36,
+               .digest_len = 16,
+               .aad_len = 8,
        }
 };
 
 #define SA_INIT_NB     128
 
-static struct ipsec_sa *sa_out;
+struct ipsec_sa *sa_out;
+uint32_t nb_sa_out;
 static uint32_t sa_out_sz;
-static uint32_t nb_sa_out;
 static struct ipsec_sa_cnt sa_out_cnt;
 
-static struct ipsec_sa *sa_in;
+struct ipsec_sa *sa_in;
+uint32_t nb_sa_in;
 static uint32_t sa_in_sz;
-static uint32_t nb_sa_in;
 static struct ipsec_sa_cnt sa_in_cnt;
 
 static const struct supported_cipher_algo *
@@ -669,9 +694,11 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        if (status->status < 0)
                                return;
                        fb = ipsec_get_fallback_session(rule);
-                       if (strcmp(tokens[ti], "lookaside-none") == 0) {
+                       if (strcmp(tokens[ti], "lookaside-none") == 0)
                                fb->type = RTE_SECURITY_ACTION_TYPE_NONE;
-                       } else {
+                       else if (strcmp(tokens[ti], "cpu-crypto") == 0)
+                               fb->type = RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO;
+                       else {
                                APP_CHECK(0, status, "unrecognized fallback "
                                        "type %s.", tokens[ti]);
                                return;
@@ -751,7 +778,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
        }
 
        for (i = 0; i < RTE_DIM(aead_algos); i++) {
-               if (aead_algos[i].algo == sa->aead_algo) {
+               if (aead_algos[i].algo == sa->aead_algo &&
+                               aead_algos[i].key_len-4 == sa->cipher_key_len) {
                        printf("%s ", aead_algos[i].keyword);
                        break;
                }
@@ -826,19 +854,6 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
        printf("\n");
 }
 
-struct ipsec_xf {
-       struct rte_crypto_sym_xform a;
-       struct rte_crypto_sym_xform b;
-};
-
-struct sa_ctx {
-       void *satbl; /* pointer to array of rte_ipsec_sa objects*/
-       struct ipsec_sad sad;
-       struct ipsec_xf *xf;
-       uint32_t nb_sa;
-       struct ipsec_sa sa[];
-};
-
 static struct sa_ctx *
 sa_create(const char *name, int32_t socket_id, uint32_t nb_sa)
 {