From 490b92738f3cc1c8d534abd6dee8dba942cb652d Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Fri, 22 Jan 2021 18:03:09 +0100
Subject: ipsec: add support for AES CTR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type: feature

Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/ipsec/esp.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/vnet/ipsec/esp.h')

diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index d24b5ea4102..51386e68844 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -58,6 +58,18 @@ typedef CLIB_PACKED (struct {
 }) ip6_and_esp_header_t;
 /* *INDENT-ON* */
 
+/**
+ * AES counter mode nonce
+ */
+typedef struct
+{
+  u32 salt;
+  u64 iv;
+  u32 ctr; /* counter: 1 in big-endian for ctr, unused for gcm */
+} __clib_packed esp_ctr_nonce_t;
+
+STATIC_ASSERT_SIZEOF (esp_ctr_nonce_t, 16);
+
 /**
  * AES GCM Additional Authentication data
  */
@@ -196,6 +208,7 @@ typedef struct
 } esp_decrypt_packet_data_t;
 
 STATIC_ASSERT_SIZEOF (esp_decrypt_packet_data_t, 3 * sizeof (u64));
+STATIC_ASSERT_OFFSET_OF (esp_decrypt_packet_data_t, seq, sizeof (u64));
 
 /* we are forced to store the decrypt post data into 2 separate places -
    vlib_opaque and opaque2. */
-- 
cgit 1.2.3-korg