From 078d258034cef5b4ca74d9deb37b2684cc77d060 Mon Sep 17 00:00:00 2001
From: Gabriel Oginski <gabrielx.oginski@intel.com>
Date: Thu, 12 Aug 2021 14:04:03 +0100
Subject: [PATCH] wireguard: add flag to check hmac for decryption

Type: fix

Originally the decryption doesn't check the hmac for chacha20-poly1305.

This patch fixes the problem by adding flag to crypto op to check hmac.

Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b
---
 src/plugins/wireguard/wireguard_noise.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 850be2c86c8..7b4c01942bc 100755
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm,
     {
       op->tag = src + src_len - NOISE_AUTHTAG_LEN;
       src_len -= NOISE_AUTHTAG_LEN;
+      op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
     }
   else
     op->tag = tag_;
-- 
2.16.6