Adding support for the following,
1. AES-192-GCM
2. AES-256-GCM
3. AES-192-CBC
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
v2:
* Updated doc and release notes
doc/guides/rel_notes/release_20_05.rst | 7 +++++++
doc/guides/sample_app_ug/ipsec_secgw.rst | 3 +++
examples/ipsec-secgw/ipsec.h | 2 +-
examples/ipsec-secgw/sa.c | 25 +++++++++++++++++++++++++
4 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/doc/guides/rel_notes/release_20_05.rst
b/doc/guides/rel_notes/release_20_05.rst
index 1dfcfcc..c0b0625 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -70,6 +70,13 @@ New Features
by making use of the event device capabilities. The event mode currently
supports
only inline IPsec protocol offload.
+* **Added 192/256 AES key sizes in ipsec-secgw application.**
+
+ Updated ipsec-secgw application to support the following key sizes,
+ - AES-192-CBC
+ - AES-192-GCM
+ - AES-256-GCM
+
Removed Items
-------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 038f593..f5e94bf 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -538,6 +538,7 @@ where each options means:
* *null*: NULL algorithm
* *aes-128-cbc*: AES-CBC 128-bit algorithm
+ * *aes-192-cbc*: AES-CBC 192-bit algorithm
* *aes-256-cbc*: AES-CBC 256-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
* *3des-cbc*: 3DES-CBC 192-bit algorithm
@@ -593,6 +594,8 @@ where each options means:
* Available options:
* *aes-128-gcm*: AES-GCM 128-bit algorithm
+ * *aes-192-gcm*: AES-GCM 192-bit algorithm
+ * *aes-256-gcm*: AES-GCM 256-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index f8f29f9..46a974e 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -72,7 +72,7 @@ struct ip_addr {
} ip;
};
-#define MAX_KEY_SIZE 32
+#define MAX_KEY_SIZE 36
/*
* application wide SA parameters
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 0eb52d1..0d7d460 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -77,6 +77,13 @@ const struct supported_cipher_algo cipher_algos[] = {
.key_len = 16
},
{
+ .keyword = "aes-192-cbc",
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .iv_len = 16,
+ .block_size = 16,
+ .key_len = 24
+ },
+ {
.keyword = "aes-256-cbc",
.algo = RTE_CRYPTO_CIPHER_AES_CBC,
.iv_len = 16,
@@ -130,6 +137,24 @@ const struct supported_aead_algo aead_algos[] = {
.key_len = 20,
.digest_len = 16,
.aad_len = 8,
+ },
+ {
+ .keyword = "aes-192-gcm",
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .iv_len = 8,
+ .block_size = 4,
+ .key_len = 28,
+ .digest_len = 16,
+ .aad_len = 8,
+ },
+ {
+ .keyword = "aes-256-gcm",
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .iv_len = 8,
+ .block_size = 4,
+ .key_len = 36,
+ .digest_len = 16,
+ .aad_len = 8,
}
};
--
2.7.4
