Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 3ea8c5c)
wireguard: add flag to check hmac for decryption 79/33479/3
authorGabriel Oginski <gabrielx.oginski@intel.com>
Thu, 12 Aug 2021 13:04:03 +0000 (14:04 +0100)
committerFan Zhang <roy.fan.zhang@intel.com>
Fri, 13 Aug 2021 08:36:09 +0000 (08:36 +0000)
Type: fix

Originally the decryption doesn't check the hmac for chacha20-poly1305.

This patch fixes the problem by adding flag to crypto op to check hmac.

Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b

src/plugins/wireguard/wireguard_noise.c patch | blob | history

diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 850be2c..7b4c019 100755 (executable)
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm,
     {
       op->tag = src + src_len - NOISE_AUTHTAG_LEN;
       src_len -= NOISE_AUTHTAG_LEN;
+      op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
     }
   else
     op->tag = tag_;
Vector Packet Processing