From 47feb1146ec3b0e1cf2ebd83cd5211e1df261194 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Thu, 11 Apr 2019 15:14:07 +0000
Subject: IPSEC: support GCM in ESP

Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vnet/ipsec/ipsec.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

(limited to 'src/vnet/ipsec/ipsec.c')

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index dc2f4cdbb60..73c5cf4d7ab 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -38,13 +38,6 @@ ipsec_check_ah_support (ipsec_sa_t * sa)
 static clib_error_t *
 ipsec_check_esp_support (ipsec_sa_t * sa)
 {
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
-    return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192)
-    return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg");
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
-    return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg");
-
   return 0;
 }
 
@@ -293,6 +286,24 @@ ipsec_init (vlib_main_t * vm)
   a->dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC;
   a->iv_size = a->block_size = 16;
 
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
+  a->iv_size = a->block_size = 8;
+  a->icv_size = 16;
+
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
+  a->iv_size = a->block_size = 8;
+  a->icv_size = 16;
+
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
+  a->iv_size = a->block_size = 8;
+  a->icv_size = 16;
+
   vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
   ipsec_main_integ_alg_t *i;
 
-- 
cgit 1.2.3-korg