From d97918ec678c4086001840e7263ba9ac3504ce24 Mon Sep 17 00:00:00 2001
From: Damjan Marion <damarion@cisco.com>
Date: Thu, 25 Apr 2019 18:28:31 +0200
Subject: crypto, ipsec: change GCM IV handling

- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code

- fixes GCM unit tests

- GCM IV is constructed out of simple counter, per RFC4106 section 3.1

Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
---
 src/vnet/ipsec/ipsec_sa.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/vnet/ipsec/ipsec_sa.h')

diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index bde09589672..661b54a6ce9 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -167,6 +167,7 @@ typedef struct
 
   /* Salt used in GCM modes - stored in network byte order */
   u32 salt;
+  u64 gcm_iv_counter;
 } ipsec_sa_t;
 
 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
-- 
cgit 1.2.3-korg