X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_encrypt.c;h=e319a9628f47924576c5d0ec55c6dbbfab1275ee;hb=47feb1146ec3b0e1cf2ebd83cd5211e1df261194;hp=82247697cbab54dd2a8b138aba3214696414aca6;hpb=d7603d97e046d59aba6864b208c181b39fc72b52;p=vpp.git

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 82247697cba..e319a9628f4 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -280,7 +280,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  current_sa_packets = current_sa_bytes = 0;
 	  spi = clib_net_to_host_u32 (sa0->spi);
 	  block_sz = sa0->crypto_block_size;
-	  icv_sz = sa0->integ_trunc_size;
+	  icv_sz = sa0->integ_icv_size;
 	  iv_sz = sa0->crypto_iv_size;
 	}
 
@@ -425,35 +425,50 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
       esp->spi = spi;
       esp->seq = clib_net_to_host_u32 (sa0->seq);
 
-      if (sa0->crypto_enc_op_type)
+      if (sa0->crypto_enc_op_id)
 	{
 	  vnet_crypto_op_t *op;
 	  vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
-	  vnet_crypto_op_init (op, sa0->crypto_enc_op_type);
+	  vnet_crypto_op_init (op, sa0->crypto_enc_op_id);
 	  op->iv = payload - iv_sz;
 	  op->src = op->dst = payload;
 	  op->key = sa0->crypto_key.data;
 	  op->len = payload_len - icv_sz;
 	  op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
 	  op->user_data = b - bufs;
+	  op->salt = sa0->salt;
+
+	  if (ipsec_sa_is_set_IS_AEAD (sa0))
+	    {
+	      /*
+	       * construct the AAD in a scratch space in front
+	       * of the IP header.
+	       */
+	      op->aad = payload - hdr_len - sizeof (esp_aead_t);
+
+	      esp_aad_fill (op, esp, sa0);
+
+	      op->tag = payload + op->len;
+	      op->tag_len = 16;
+	    }
 	}
 
-      if (sa0->integ_op_type)
+      if (sa0->integ_op_id)
 	{
 	  vnet_crypto_op_t *op;
 	  vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES);
-	  vnet_crypto_op_init (op, sa0->integ_op_type);
+	  vnet_crypto_op_init (op, sa0->integ_op_id);
 	  op->src = payload - iv_sz - sizeof (esp_header_t);
-	  op->dst = payload + payload_len - icv_sz;
+	  op->digest = payload + payload_len - icv_sz;
 	  op->key = sa0->integ_key.data;
 	  op->key_len = sa0->integ_key.len;
-	  op->hmac_trunc_len = icv_sz;
+	  op->digest_len = icv_sz;
 	  op->len = payload_len - icv_sz + iv_sz + sizeof (esp_header_t);
 	  op->user_data = b - bufs;
 	  if (ipsec_sa_is_set_USE_ESN (sa0))
 	    {
 	      u32 seq_hi = clib_net_to_host_u32 (sa0->seq_hi);
-	      clib_memcpy_fast (op->dst, &seq_hi, sizeof (seq_hi));
+	      clib_memcpy_fast (op->digest, &seq_hi, sizeof (seq_hi));
 	      op->len += sizeof (seq_hi);
 	    }
 	}
@@ -484,7 +499,6 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
   vlib_increment_combined_counter (&ipsec_sa_counters, thread_index,
 				   current_sa_index, current_sa_packets,
 				   current_sa_bytes);
-
   esp_process_ops (vm, node, ptd->crypto_ops, bufs, nexts);
   esp_process_ops (vm, node, ptd->integ_ops, bufs, nexts);
 
@@ -574,8 +588,7 @@ VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
 {
   .arc_name = "ip4-output",
   .node_name = "esp4-encrypt-tun",
-  .runs_before = VNET_FEATURES ("ip4-frag",
-                                "adj-midchain-tx"),
+  .runs_before = VNET_FEATURES ("adj-midchain-tx"),
 };
 /* *INDENT-ON* */
 
@@ -606,8 +619,7 @@ VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) =
 {
   .arc_name = "ip6-output",
   .node_name = "esp6-encrypt-tun",
-  .runs_before = VNET_FEATURES ("ip6-frag",
-                                "adj-midchain-tx"),
+  .runs_before = VNET_FEATURES ("adj-midchain-tx"),
 };
 /* *INDENT-ON* */