aead: Support custom AEAD salt sizes

The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.

Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.

1 files changed, 9 insertions, 0 deletions

diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
index c887f53bb..43f71b65e 100644
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@@ -102,6 +102,10 @@ struct aead_t {
 	/**
 	 * Get the size of the key material (for encryption and authentication).
 	 *
+	 * This includes any additional bytes requires for the implicit nonce part.
+	 * For AEADs based on traditional ciphers, the length is for both
+	 * the integrity and the encryption key in total.
+	 *
 	 * @return				key size in bytes
 	 */
 	size_t (*get_key_size)(aead_t *this);
@@ -109,6 +113,11 @@ struct aead_t {
 	/**
 	 * Set the key for encryption and authentication.
 	 *
+	 * If the AEAD uses an implicit nonce, the last part of the key shall
+	 * be the implicit nonce. For AEADs based on traditional ciphers, the
+	 * key shall include both integrity and encryption keys, concatenated
+	 * in that order.
+	 *
 	 * @param key			encryption and authentication key
 	 * @return				TRUE if key set successfully
 	 */