aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-08-05 14:59:10 +0200
committerTobias Brunner <tobias@strongswan.org>2013-10-11 15:55:40 +0200
commitd74c254dfd88b497a5262a3d8ce2dc7a684c74a8 (patch)
treebd54645885dfcffee68c42dd785078c71af3f626
parentb5010707a0baf53699abc9cb932795373cb1d18b (diff)
downloadstrongswan-d74c254dfd88b497a5262a3d8ce2dc7a684c74a8.tar.bz2
strongswan-d74c254dfd88b497a5262a3d8ce2dc7a684c74a8.tar.xz
ipsec: Use IV generator to encrypt ESP messages
-rw-r--r--src/libipsec/esp_packet.c14
-rw-r--r--src/libipsec/esp_packet.h2
2 files changed, 7 insertions, 9 deletions
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index 61389daa4..1b8625ca7 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -283,7 +283,7 @@ METHOD(esp_packet_t, encrypt, status_t,
u_int32_t next_seqno;
size_t blocksize, plainlen;
aead_t *aead;
- rng_t *rng;
+ iv_gen_t *iv_gen;
this->packet->set_data(this->packet, chunk_empty);
@@ -293,13 +293,13 @@ METHOD(esp_packet_t, encrypt, status_t,
return FAILED;
}
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ aead = esp_context->get_aead(esp_context);
+ iv_gen = aead->get_iv_gen(aead);
+ if (!iv_gen)
{
- DBG1(DBG_ESP, "ESP encryption failed: could not find RNG");
+ DBG1(DBG_ESP, "ESP encryption failed: no IV generator");
return NOT_FOUND;
}
- aead = esp_context->get_aead(esp_context);
blocksize = aead->get_block_size(aead);
iv.len = aead->get_iv_size(aead);
@@ -319,14 +319,12 @@ METHOD(esp_packet_t, encrypt, status_t,
writer->write_uint32(writer, next_seqno);
iv = writer->skip(writer, iv.len);
- if (!rng->get_bytes(rng, iv.len, iv.ptr))
+ if (!iv_gen->get_iv(iv_gen, iv.len, iv.ptr))
{
DBG1(DBG_ESP, "ESP encryption failed: could not generate IV");
writer->destroy(writer);
- rng->destroy(rng);
return FAILED;
}
- rng->destroy(rng);
/* plain-/ciphertext will start here */
ciphertext = writer->get_buf(writer);
diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h
index ce8645825..f1941a3ba 100644
--- a/src/libipsec/esp_packet.h
+++ b/src/libipsec/esp_packet.h
@@ -91,7 +91,7 @@ struct esp_packet_t {
* @return - SUCCESS if encrypted
* - FAILED if sequence number cycled or any of the
* cryptographic functions failed
- * - NOT_FOUND if no suitable RNG could be found
+ * - NOT_FOUND if no suitable IV generator provided
*/
status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
u_int32_t spi);