aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-04-22 14:57:11 +0200
committerTobias Brunner <tobias@strongswan.org>2013-05-03 15:13:57 +0200
commit051fc25d926399b65d0b0caf95d1f6a6acb26e2a (patch)
tree12aefe5165df9f1972f99d2e8123c075e8747967
parent24a8d1253fe40b85de9788f35d7926e3166e2bcf (diff)
downloadstrongswan-051fc25d926399b65d0b0caf95d1f6a6acb26e2a.tar.bz2
strongswan-051fc25d926399b65d0b0caf95d1f6a6acb26e2a.tar.xz
libipsec: Add support for AES-GCM
-rw-r--r--src/libipsec/esp_context.c48
1 files changed, 45 insertions, 3 deletions
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index 86e8dd0a8..bbcb62add 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -205,6 +205,37 @@ METHOD(esp_context_t, destroy, void,
}
/**
+ * Create an AEAD algorithm
+ */
+static bool create_aead(private_esp_context_t *this, int alg,
+ chunk_t key)
+{
+ switch (alg)
+ {
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ /* the key includes a 4 byte salt */
+ this->aead = lib->crypto->create_aead(lib->crypto, alg, key.len-4);
+ break;
+ default:
+ break;
+ }
+ if (!this->aead)
+ {
+ DBG1(DBG_ESP, "failed to create ESP context: unsupported AEAD "
+ "algorithm");
+ return FALSE;
+ }
+ if (!this->aead->set_key(this->aead, key))
+ {
+ DBG1(DBG_ESP, "failed to create ESP context: setting AEAD key failed");
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
* Create AEAD wrapper around traditional encryption/integrity algorithms
*/
static bool create_traditional(private_esp_context_t *this, int enc_alg,
@@ -288,10 +319,21 @@ esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key,
.window_size = ESP_DEFAULT_WINDOW_SIZE,
);
- if (!create_traditional(this, enc_alg, enc_key, int_alg, int_key))
+ if (encryption_algorithm_is_aead(enc_alg))
+ {
+ if (!create_aead(this, enc_alg, enc_key))
+ {
+ destroy(this);
+ return NULL;
+ }
+ }
+ else
{
- destroy(this);
- return NULL;
+ if (!create_traditional(this, enc_alg, enc_key, int_alg, int_key))
+ {
+ destroy(this);
+ return NULL;
+ }
}
if (inbound)