From 32b13bba2e3013a1b2a67eca8fe6a177d8e927ed Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Thu, 11 Apr 2019 15:14:07 +0000
Subject: IPSEC: support GCM in ESP

Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 47feb1146ec3b0e1cf2ebd83cd5211e1df261194)
---
 src/vnet/ipsec/esp_encrypt.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/vnet/ipsec/esp_encrypt.c')

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index fbc5166b946..e319a9628f4 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -436,6 +436,21 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  op->len = payload_len - icv_sz;
 	  op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
 	  op->user_data = b - bufs;
+	  op->salt = sa0->salt;
+
+	  if (ipsec_sa_is_set_IS_AEAD (sa0))
+	    {
+	      /*
+	       * construct the AAD in a scratch space in front
+	       * of the IP header.
+	       */
+	      op->aad = payload - hdr_len - sizeof (esp_aead_t);
+
+	      esp_aad_fill (op, esp, sa0);
+
+	      op->tag = payload + op->len;
+	      op->tag_len = 16;
+	    }
 	}
 
       if (sa0->integ_op_id)
-- 
cgit 1.2.3-korg