ipsec: add support for AES CTR

Type: feature Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a Signed-off-by: Benoît Ganne <bganne@cisco.com>
author: Benoît Ganne <bganne@cisco.com> 2021-01-22 18:03:09 +0100
committer: Neale Ranns <neale@graphiant.com> 2021-02-05 12:52:07 +0000
commit: 490b92738f3cc1c8d534abd6dee8dba942cb652d (patch)
tree: 84c72b4573e73ed63b31f80d0289c8efa1a5e0d5 /src/vnet/ipsec/esp.h
parent: b8ce5b784c8852f274ac25a22ee6d8806c2fab2e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index d24b5ea4102..51386e68844 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -59,6 +59,18 @@ typedef CLIB_PACKED (struct {
 /* *INDENT-ON* */
 
 /**
+ * AES counter mode nonce
+ */
+typedef struct
+{
+  u32 salt;
+  u64 iv;
+  u32 ctr; /* counter: 1 in big-endian for ctr, unused for gcm */
+} __clib_packed esp_ctr_nonce_t;
+
+STATIC_ASSERT_SIZEOF (esp_ctr_nonce_t, 16);
+
+/**
  * AES GCM Additional Authentication data
  */
 typedef struct esp_aead_t_
@@ -196,6 +208,7 @@ typedef struct
 } esp_decrypt_packet_data_t;
 
 STATIC_ASSERT_SIZEOF (esp_decrypt_packet_data_t, 3 * sizeof (u64));
+STATIC_ASSERT_OFFSET_OF (esp_decrypt_packet_data_t, seq, sizeof (u64));
 
 /* we are forced to store the decrypt post data into 2 separate places -
    vlib_opaque and opaque2. */
author	Benoît Ganne <bganne@cisco.com>	2021-01-22 18:03:09 +0100
committer	Neale Ranns <neale@graphiant.com>	2021-02-05 12:52:07 +0000
commit	490b92738f3cc1c8d534abd6dee8dba942cb652d (patch)
tree	84c72b4573e73ed63b31f80d0289c8efa1a5e0d5 /src/vnet/ipsec/esp.h
parent	b8ce5b784c8852f274ac25a22ee6d8806c2fab2e (diff)