ikev2: add support for GCM cipher

Type: feature Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
author: Filip Tehlar <ftehlar@cisco.com> 2019-09-18 22:43:44 +0000
committer: Damjan Marion <dmarion@me.com> 2019-09-19 16:52:40 +0000
commit: de2dd6c35653225525b071d4dc748451e0d6bd7d (patch)
tree: 05136499e2df22db663df35ab4b36865b9b259ce /src/plugins/ikev2/ikev2.c
parent: aa4438a311bad1625782691ae57202084bc40379 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index a03e761cba4..090f66c151a 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
 	      break;
 	    }
 	}
+      else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM
+	       && tr->key_len)
+	{
+	  switch (tr->key_len)
+	    {
+	    case 16:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128;
+	      break;
+	    case 24:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192;
+	      break;
+	    case 32:
+	      encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256;
+	      break;
+	    default:
+	      ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
+	      return 1;
+	      break;
+	    }
+	}
       else
 	{
 	  ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
author	Filip Tehlar <ftehlar@cisco.com>	2019-09-18 22:43:44 +0000
committer	Damjan Marion <dmarion@me.com>	2019-09-19 16:52:40 +0000
commit	de2dd6c35653225525b071d4dc748451e0d6bd7d (patch)
tree	05136499e2df22db663df35ab4b36865b9b259ce /src/plugins/ikev2/ikev2.c
parent	aa4438a311bad1625782691ae57202084bc40379 (diff)