ikev2: add support for GCM cipher

Type: feature Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit de2dd6c35653225525b071d4dc748451e0d6bd7d)
author: Filip Tehlar <ftehlar@cisco.com> 2019-09-18 22:43:44 +0000
committer: Andrew Yourtchenko <ayourtch@gmail.com> 2019-09-30 15:29:23 +0000
commit: 2fa9f679c89d2d25d0a2024e9faaedbd73cbbb61 (patch)
tree: a06ccdfc92cea0dc8d4fc55b48115dd9415dc892 /src/plugins/ikev2/ikev2.c
parent: bc49679802727e5fde7b451702cfb6a1a39eda40 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index a03e761cba4..090f66c151a 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
 	      break;
 	    }
 	}
+      else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM
+	       && tr->key_len)
+	{
+	  switch (tr->key_len)
+	    {
+	    case 16:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128;
+	      break;
+	    case 24:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192;
+	      break;
+	    case 32:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256;
+	      break;
+	    default:
+	      ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
+	      return 1;
+	      break;
+	    }
+	}
       else
 	{
 	  ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
author	Filip Tehlar <ftehlar@cisco.com>	2019-09-18 22:43:44 +0000
committer	Andrew Yourtchenko <ayourtch@gmail.com>	2019-09-30 15:29:23 +0000
commit	2fa9f679c89d2d25d0a2024e9faaedbd73cbbb61 (patch)
tree	a06ccdfc92cea0dc8d4fc55b48115dd9415dc892 /src/plugins/ikev2/ikev2.c
parent	bc49679802727e5fde7b451702cfb6a1a39eda40 (diff)