summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp_encrypt.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-11 15:14:07 +0000
committerNeale Ranns <nranns@cisco.com>2019-04-17 00:12:05 +0000
commit32b13bba2e3013a1b2a67eca8fe6a177d8e927ed (patch)
tree97dbae11a361e7537be09329c80ae7c3a3acb799 /src/vnet/ipsec/esp_encrypt.c
parent07a4d675c8d1b1bc19fa1846369f610ab91a9aba (diff)
IPSEC: support GCM in ESP
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 47feb1146ec3b0e1cf2ebd83cd5211e1df261194)
Diffstat (limited to 'src/vnet/ipsec/esp_encrypt.c')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index fbc5166b946..e319a9628f4 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -436,6 +436,21 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
op->len = payload_len - icv_sz;
op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
op->user_data = b - bufs;
+ op->salt = sa0->salt;
+
+ if (ipsec_sa_is_set_IS_AEAD (sa0))
+ {
+ /*
+ * construct the AAD in a scratch space in front
+ * of the IP header.
+ */
+ op->aad = payload - hdr_len - sizeof (esp_aead_t);
+
+ esp_aad_fill (op, esp, sa0);
+
+ op->tag = payload + op->len;
+ op->tag_len = 16;
+ }
}
if (sa0->integ_op_id)