IPSEC: support GCM in ESP

[vpp.git] / src / vnet / ipsec / esp_encrypt.c

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index fbc5166..e319a96 100644 (file)
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -436,6 +436,21 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
          op->len = payload_len - icv_sz;
          op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
          op->user_data = b - bufs;
+         op->salt = sa0->salt;
+
+         if (ipsec_sa_is_set_IS_AEAD (sa0))
+           {
+             /*
+              * construct the AAD in a scratch space in front
+              * of the IP header.
+              */
+             op->aad = payload - hdr_len - sizeof (esp_aead_t);
+
+             esp_aad_fill (op, esp, sa0);
+
+             op->tag = payload + op->len;
+             op->tag_len = 16;
+           }
        }
 
       if (sa0->integ_op_id)