wireguard: add flag to check hmac for decryption

Type: fix

Originally the decryption doesn't check the hmac for chacha20-poly1305.

This patch fixes the problem by adding flag to crypto op to check hmac.

Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b

diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 850be2c..7b4c019 100755 (executable)
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm,
     {
       op->tag = src + src_len - NOISE_AUTHTAG_LEN;
       src_len -= NOISE_AUTHTAG_LEN;
+      op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
     }
   else
     op->tag = tag_;