commit 84e665848675afdc8e76fcbfb2bd65bccd4f25a8
author Benoît Ganne <bganne@cisco.com> Fri Mar 10 17:33:03 2023 +0100
committer Beno�t Ganne <bganne@cisco.com> Tue Aug 08 10:16:26 2023 +0000
tree dffd7c6fcd73a6a8c0d56470539b83bc1deed32e
parent 96600f907743729d25be38db292e093279e97d54

ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMAC

Type: improvement

Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>

src/vnet/ipsec/ipsec_sa.c

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 80e61d0..98160cd 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -136,6 +136,13 @@
     {
       ipsec_sa_set_IS_CTR (sa);
     }
+  else if (IPSEC_CRYPTO_ALG_IS_NULL_GMAC (crypto_alg))
+    {
+      sa->integ_icv_size = im->crypto_algs[crypto_alg].icv_size;
+      ipsec_sa_set_IS_CTR (sa);
+      ipsec_sa_set_IS_AEAD (sa);
+      ipsec_sa_set_IS_NULL_GMAC (sa);
+    }
 }
 
 void
@@ -416,7 +423,7 @@
   err = ipsec_check_support_cb (im, sa);
   if (err)
     {
-      clib_warning ("%s", err->what);
+      clib_warning ("%v", err->what);
       pool_put (ipsec_sa_pool, sa);
       return VNET_API_ERROR_UNIMPLEMENTED;
     }