diff options
author | Martin Willi <martin@revosec.ch> | 2015-03-31 14:59:12 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2015-04-13 15:06:15 +0200 |
commit | 3c81cb6fc3225423ce82bbd97bd6fd9b70df8cc0 (patch) | |
tree | 73734ac0beef72de5a8ca3dff9b69c57a5e27fc1 /src/libipsec/esp_context.c | |
parent | a4549e55250e35033cb5984d834f174eec795e9e (diff) | |
download | strongswan-3c81cb6fc3225423ce82bbd97bd6fd9b70df8cc0.tar.bz2 strongswan-3c81cb6fc3225423ce82bbd97bd6fd9b70df8cc0.tar.xz |
aead: Create AEAD using traditional transforms with an explicit IV generator
Real AEADs directly provide a suitable IV generator, but traditional crypters
do not. For some (stream) ciphers, we should use sequential IVs, for which
we pass an appropriate generator to the AEAD wrapper.
Diffstat (limited to 'src/libipsec/esp_context.c')
-rw-r--r-- | src/libipsec/esp_context.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 5e58f66da..a2307e048 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -244,6 +244,7 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, { crypter_t *crypter = NULL; signer_t *signer = NULL; + iv_gen_t *ivg; crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len); if (!crypter) @@ -272,7 +273,13 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, "failed"); goto failed; } - this->aead = aead_create(crypter, signer); + ivg = iv_gen_create_for_alg(enc_alg); + if (!ivg) + { + DBG1(DBG_ESP, "failed to create ESP context: creating iv gen failed"); + goto failed; + } + this->aead = aead_create(crypter, signer, ivg); return TRUE; failed: |