Re: [vpp-dev] How to configure 256 bit crypto algorithm for ipsec

A11E51E5B111 is from one of the online examples for gcm 256. 2b7e151628aed2a6abf7158809cf4f3d2b7e151628aed2a6abf7158809cf4f3d works. Thanks for catching the mistakes. On Sun, Oct 6, 2019 at 6:28 PM Christian Hopps wrote: > So you had: crypto-key 2b7e151628aed2a6abf7158809cf4

Re: [vpp-dev] How to configure 256 bit crypto algorithm for ipsec

So you had: crypto-key 2b7e151628aed2a6abf7158809cf4f3d Now you "doubled" it and got: crypto-key A11E51E5B111 ? :) Try crypto-key 2b7e151628aed2a6abf7158809cf4f3d2b7e151628aed2a6abf7158809cf4f3d A 128 bit algorithm needs a 16 byte key (128b=16B) a 265 bit algorithm needs a 32B

Re: [vpp-dev] How to configure 256 bit crypto algorithm for ipsec

double key size does not work. ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11 crypto-key A11E51E5B111 crypto-alg aes-gcm-256 ipsec sa add 2 spi 255129 esp tunnel-src 10.10.10.11 tunnel-dst 10.10.10.10 crypto-key A11E51E5B111 crypto-alg aes-gcm-256 I got the following