diff options
| author | Martin Willi <martin@revosec.ch> | 2014-01-31 15:53:38 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-03-31 15:56:12 +0200 |
| commit | e5d73b0dfa6bc57b2ed8745df4409308eeaf272e (patch) | |
| tree | 245ca1455caf0fa3c8e22e8916ad7d4474f82c34 /src/libstrongswan/crypto/crypto_factory.c | |
| parent | e12eec10089a4a18a15ccb511aa1200ad59e8044 (diff) | |
| download | strongswan-e5d73b0dfa6bc57b2ed8745df4409308eeaf272e.tar.bz2 strongswan-e5d73b0dfa6bc57b2ed8745df4409308eeaf272e.tar.xz | |
aead: Support custom AEAD salt sizes
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
Diffstat (limited to 'src/libstrongswan/crypto/crypto_factory.c')
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 69225bd1e..6dea30ee3 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -176,7 +176,7 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, METHOD(crypto_factory_t, create_aead, aead_t*, private_crypto_factory_t *this, encryption_algorithm_t algo, - size_t key_size) + size_t key_size, size_t salt_size) { enumerator_t *enumerator; entry_t *entry; @@ -190,12 +190,12 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, - entry->create_aead, NULL, + salt_size, entry->create_aead, NULL, default_plugin_name)) { continue; } - aead = entry->create_aead(algo, key_size); + aead = entry->create_aead(algo, key_size, salt_size); if (aead) { break; @@ -474,7 +474,7 @@ METHOD(crypto_factory_t, add_aead, bool, u_int speed = 0; if (!this->test_on_add || - this->tester->test_aead(this->tester, algo, 0, create, + this->tester->test_aead(this->tester, algo, 0, 0, create, this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); @@ -1003,7 +1003,7 @@ static u_int verify_registered_algorithms(crypto_factory_t *factory) this->lock->read_lock(this->lock); TEST_ALGORITHMS(crypter, 0); - TEST_ALGORITHMS(aead, 0); + TEST_ALGORITHMS(aead, 0, 0); TEST_ALGORITHMS(signer); TEST_ALGORITHMS(hasher); TEST_ALGORITHMS(prf); |