From 84e665848675afdc8e76fcbfb2bd65bccd4f25a8 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Fri, 10 Mar 2023 17:33:03 +0100
Subject: ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMAC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type: improvement

Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/ipsec/ipsec.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'src/vnet/ipsec/ipsec.c')

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 14fc697e2eb..f8c39c327ed 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -562,6 +562,30 @@ ipsec_init (vlib_main_t * vm)
   a->iv_size = 8;
   a->icv_size = 16;
 
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_128;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_128_NULL_GMAC_DEC;
+  a->alg = VNET_CRYPTO_ALG_AES_128_GCM;
+  a->iv_size = 8;
+  a->block_align = 1;
+  a->icv_size = 16;
+
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_192;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_192_NULL_GMAC_DEC;
+  a->alg = VNET_CRYPTO_ALG_AES_192_GCM;
+  a->iv_size = 8;
+  a->block_align = 1;
+  a->icv_size = 16;
+
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_NULL_GMAC_256;
+  a->enc_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_AES_256_NULL_GMAC_DEC;
+  a->alg = VNET_CRYPTO_ALG_AES_256_GCM;
+  a->iv_size = 8;
+  a->block_align = 1;
+  a->icv_size = 16;
+
   vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
   ipsec_main_integ_alg_t *i;
 
-- 
cgit 1.2.3-korg