crypto, ipsec: change GCM IV handling - nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>

commit: d97918ec678c4086001840e7263ba9ac3504ce24 [log] [tgz]
author: Damjan Marion <damarion@cisco.com> Thu Apr 25 18:28:31 2019 +0200
committer: Florin Coras <florin.coras@gmail.com> Fri Apr 26 14:13:00 2019 +0000
tree: b490f0318dc8bae6b7d8f90f789c416414bf0b17
parent: aaed170828dfdb3d62295b76fd617f794dc76b3f [diff] [blame]
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index bde0958..661b54a 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h

@@ -167,6 +167,7 @@
 
   /* Salt used in GCM modes - stored in network byte order */
   u32 salt;
+  u64 gcm_iv_counter;
 } ipsec_sa_t;
 
 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
commit	d97918ec678c4086001840e7263ba9ac3504ce24	[log] [tgz]
author	Damjan Marion <damarion@cisco.com>	Thu Apr 25 18:28:31 2019 +0200
committer	Florin Coras <florin.coras@gmail.com>	Fri Apr 26 14:13:00 2019 +0000
tree	b490f0318dc8bae6b7d8f90f789c416414bf0b17
parent	aaed170828dfdb3d62295b76fd617f794dc76b3f [diff] [blame]