diff options
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 15 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/keymat_v2.c | 15 | ||||
| -rw-r--r-- | src/libipsec/esp_context.c | 9 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 3 |
5 files changed, 34 insertions, 12 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 80721fafe..1e1fa4f30 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -102,6 +102,7 @@ static void aead_create_from_keys(aead_t **in, aead_t **out, *in = *out = NULL; signer_t *signer_i, *signer_r; crypter_t *crypter_i, *crypter_r; + iv_gen_t *ivg_i, *ivg_r; signer_i = lib->crypto->create_signer(lib->crypto, int_alg); signer_r = lib->crypto->create_signer(lib->crypto, int_alg); @@ -145,15 +146,21 @@ static void aead_create_from_keys(aead_t **in, aead_t **out, return; } + ivg_i = iv_gen_create_for_alg(enc_alg); + ivg_r = iv_gen_create_for_alg(enc_alg); + if (!ivg_i || !ivg_r) + { + return; + } if (initiator) { - *in = aead_create(crypter_r, signer_r); - *out = aead_create(crypter_i, signer_i); + *in = aead_create(crypter_r, signer_r, ivg_r); + *out = aead_create(crypter_i, signer_i, ivg_i); } else { - *in = aead_create(crypter_i, signer_i); - *out = aead_create(crypter_r, signer_r); + *in = aead_create(crypter_i, signer_i, ivg_i); + *out = aead_create(crypter_r, signer_r, ivg_r); } } diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index f70f5cfed..6fedc8eb5 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -193,6 +193,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, { crypter_t *crypter_i = NULL, *crypter_r = NULL; signer_t *signer_i, *signer_r; + iv_gen_t *ivg_i, *ivg_r; size_t key_size; chunk_t key = chunk_empty; @@ -264,15 +265,21 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, goto failure; } + ivg_i = iv_gen_create_for_alg(enc_alg); + ivg_r = iv_gen_create_for_alg(enc_alg); + if (!ivg_i || !ivg_r) + { + goto failure; + } if (this->initiator) { - this->aead_in = aead_create(crypter_r, signer_r); - this->aead_out = aead_create(crypter_i, signer_i); + this->aead_in = aead_create(crypter_r, signer_r, ivg_r); + this->aead_out = aead_create(crypter_i, signer_i, ivg_i); } else { - this->aead_in = aead_create(crypter_i, signer_i); - this->aead_out = aead_create(crypter_r, signer_r); + this->aead_in = aead_create(crypter_i, signer_i, ivg_i); + this->aead_out = aead_create(crypter_r, signer_r, ivg_r); } signer_i = signer_r = NULL; crypter_i = crypter_r = NULL; diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 5e58f66da..a2307e048 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -244,6 +244,7 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, { crypter_t *crypter = NULL; signer_t *signer = NULL; + iv_gen_t *ivg; crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len); if (!crypter) @@ -272,7 +273,13 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, "failed"); goto failed; } - this->aead = aead_create(crypter, signer); + ivg = iv_gen_create_for_alg(enc_alg); + if (!ivg) + { + DBG1(DBG_ESP, "failed to create ESP context: creating iv gen failed"); + goto failed; + } + this->aead = aead_create(crypter, signer, ivg); return TRUE; failed: diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index afcc11fbe..d50bd4d22 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -172,7 +172,7 @@ METHOD(aead_t, destroy, void, /** * See header */ -aead_t *aead_create(crypter_t *crypter, signer_t *signer) +aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen) { private_aead_t *this; @@ -190,7 +190,7 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer) }, .crypter = crypter, .signer = signer, - .iv_gen = iv_gen_rand_create(), + .iv_gen = iv_gen, ); return &this->public; diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index 43f71b65e..9d1b8df55 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -135,8 +135,9 @@ struct aead_t { * * @param crypter encryption transform for this aead * @param signer integrity transform for this aead + * @param iv_gen suitable IV generator for encryption algorithm * @return aead transform */ -aead_t *aead_create(crypter_t *crypter, signer_t *signer); +aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen); #endif /** AEAD_H_ @}*/ |