From: Gabriel Oginski <gabrielx.oginski@intel.com>
Date: Thu, 12 Aug 2021 13:04:03 +0000 (+0100)
Subject: wireguard: add flag to check hmac for decryption
X-Git-Tag: v22.02-rc0~128
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=078d258034cef5b4ca74d9deb37b2684cc77d060;p=vpp.git

wireguard: add flag to check hmac for decryption

Type: fix

Originally the decryption doesn't check the hmac for chacha20-poly1305.

This patch fixes the problem by adding flag to crypto op to check hmac.

Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b
---

diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 850be2c86c8..7b4c01942bc 100755
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm,
     {
       op->tag = src + src_len - NOISE_AUTHTAG_LEN;
       src_len -= NOISE_AUTHTAG_LEN;
+      op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
     }
   else
     op->tag = tag_;