ipsec: make pre-shared keys harder to misuse

[vpp.git] / src / vnet / ipsec / ipsec.c

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index e95bd16..86cb898 100644 (file)
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -408,10 +408,7 @@ ipsec_set_async_mode (u32 is_enabled)
 
   /* change SA crypto op data */
   pool_foreach (sa, ipsec_sa_pool)
-    {
-      sa->crypto_op_data =
-       (is_enabled ? sa->async_op_data.data : sa->sync_op_data.data);
-    }
+    ipsec_sa_set_async_mode (sa, is_enabled);
 }
 
 static void
@@ -579,6 +576,13 @@ ipsec_init (vlib_main_t * vm)
   a->block_align = 1;
   a->icv_size = 16;
 
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_CHACHA20_POLY1305;
+  a->enc_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC;
+  a->dec_op_id = VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC;
+  a->alg = VNET_CRYPTO_ALG_CHACHA20_POLY1305;
+  a->iv_size = 8;
+  a->icv_size = 16;
+
   vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
   ipsec_main_integ_alg_t *i;