diff options
| author | Martin Willi <martin@revosec.ch> | 2014-01-31 15:53:38 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-03-31 15:56:12 +0200 |
| commit | e5d73b0dfa6bc57b2ed8745df4409308eeaf272e (patch) | |
| tree | 245ca1455caf0fa3c8e22e8916ad7d4474f82c34 /scripts | |
| parent | e12eec10089a4a18a15ccb511aa1200ad59e8044 (diff) | |
| download | strongswan-e5d73b0dfa6bc57b2ed8745df4409308eeaf272e.tar.bz2 strongswan-e5d73b0dfa6bc57b2ed8745df4409308eeaf272e.tar.xz | |
aead: Support custom AEAD salt sizes
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/aes-test.c | 2 | ||||
| -rw-r--r-- | scripts/crypt_burn.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/scripts/aes-test.c b/scripts/aes-test.c index eb94180f8..425a4dc4f 100644 --- a/scripts/aes-test.c +++ b/scripts/aes-test.c @@ -313,7 +313,7 @@ static bool do_test_gcm(test_vector_t *test) return FALSE; } - aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len); + aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len, 4); if (!aead) { DBG1(DBG_APP, "algorithm %N or key length (%d bits) not supported", diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c index 729472e7d..1768d769b 100644 --- a/scripts/crypt_burn.c +++ b/scripts/crypt_burn.c @@ -61,7 +61,7 @@ int main(int argc, char *argv[]) if (encryption_algorithm_is_aead(token->algorithm)) { aead = lib->crypto->create_aead(lib->crypto, - token->algorithm, token->keysize / 8); + token->algorithm, token->keysize / 8, 0); if (!aead) { fprintf(stderr, "aead '%s' not supported!\n", argv[1]); |