diff options
| -rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 11 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/ccm/ccm_aead.c | 16 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gcm/gcm_aead.c | 15 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_gcm.c | 15 |
6 files changed, 84 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 39e4cad20..bf1b0046c 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -196,6 +196,13 @@ METHOD(aead_t, get_iv_size, size_t, return 0; } +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + /* IVs are retrieved via keymat_v1.get_iv() */ + return NULL; +} + METHOD(aead_t, get_key_size, size_t, private_aead_t *this) { @@ -304,6 +311,7 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _aead_destroy, diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index 32a0e6759..afcc11fbe 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -16,6 +19,7 @@ #include "aead.h" #include <utils/debug.h> +#include <crypto/iv/iv_gen_rand.h> typedef struct private_aead_t private_aead_t; @@ -35,9 +39,14 @@ struct private_aead_t { crypter_t *crypter; /** - * draditional signer + * traditional signer */ signer_t *signer; + + /** + * IV generator + */ + iv_gen_t *iv_gen; }; METHOD(aead_t, encrypt, bool, @@ -126,6 +135,12 @@ METHOD(aead_t, get_iv_size, size_t, return this->crypter->get_iv_size(this->crypter); } +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + return this->iv_gen; +} + METHOD(aead_t, get_key_size, size_t, private_aead_t *this) { @@ -148,6 +163,7 @@ METHOD(aead_t, set_key, bool, METHOD(aead_t, destroy, void, private_aead_t *this) { + this->iv_gen->destroy(this->iv_gen); this->crypter->destroy(this->crypter); this->signer->destroy(this->signer); free(this); @@ -167,12 +183,14 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _destroy, }, .crypter = crypter, .signer = signer, + .iv_gen = iv_gen_rand_create(), ); return &this->public; diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index f3959f8f3..c887f53bb 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -26,6 +29,7 @@ typedef struct aead_t aead_t; #include <library.h> #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> +#include <crypto/iv/iv_gen.h> /** * Authenticated encryption / authentication decryption interface. @@ -89,6 +93,13 @@ struct aead_t { size_t (*get_iv_size)(aead_t *this); /** + * Get the IV generator implementation + * + * @return IV generator + */ + iv_gen_t *(*get_iv_gen)(aead_t *this); + + /** * Get the size of the key material (for encryption and authentication). * * @return key size in bytes diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c index 0e2f9b75f..f5ad606b7 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.c +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -15,6 +15,8 @@ #include "ccm_aead.h" +#include <crypto/iv/iv_gen_seq.h> + #define BLOCK_SIZE 16 #define SALT_SIZE 3 #define IV_SIZE 8 @@ -39,6 +41,11 @@ struct private_ccm_aead_t { crypter_t *crypter; /** + * IV generator. + */ + iv_gen_t *iv_gen; + + /** * Length of the integrity check value */ size_t icv_size; @@ -305,6 +312,12 @@ METHOD(aead_t, get_iv_size, size_t, return IV_SIZE; } +METHOD(aead_t, get_iv_gen, iv_gen_t* + private_ccm_aead_t *this) +{ + return this->iv_gen; +} + METHOD(aead_t, get_key_size, size_t, private_ccm_aead_t *this) { @@ -323,6 +336,7 @@ METHOD(aead_t, destroy, void, private_ccm_aead_t *this) { this->crypter->destroy(this->crypter); + this->iv_gen->destroy(this->iv_gen); free(this); } @@ -384,12 +398,14 @@ ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _destroy, }, }, .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + .iv_gen = iv_gen_seq_create(), .icv_size = icv_size, ); diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index 79ee65d98..ba5f2e4b3 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -16,6 +16,7 @@ #include "gcm_aead.h" #include <limits.h> +#include <crypto/iv/iv_gen_seq.h> #define BLOCK_SIZE 16 #define NONCE_SIZE 12 @@ -40,6 +41,11 @@ struct private_gcm_aead_t { crypter_t *crypter; /** + * IV generator. + */ + iv_gen_t *iv_gen; + + /** * Size of the integrity check value */ size_t icv_size; @@ -337,6 +343,12 @@ METHOD(aead_t, get_iv_size, size_t, return IV_SIZE; } +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_gcm_aead_t *this) +{ + return this->iv_gen; +} + METHOD(aead_t, get_key_size, size_t, private_gcm_aead_t *this) { @@ -356,6 +368,7 @@ METHOD(aead_t, destroy, void, private_gcm_aead_t *this) { this->crypter->destroy(this->crypter); + this->iv_gen->destroy(this->iv_gen); free(this); } @@ -405,12 +418,14 @@ gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _destroy, }, }, .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + .iv_gen = iv_gen_seq_create(), .icv_size = icv_size, ); diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 89d1cd589..842111bd3 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -20,6 +20,7 @@ #include "openssl_gcm.h" #include <openssl/evp.h> +#include <crypto/iv/iv_gen_seq.h> /** as defined in RFC 4106 */ #define IV_LEN 8 @@ -54,6 +55,11 @@ struct private_aead_t { size_t icv_size; /** + * IV generator + */ + iv_gen_t *iv_gen; + + /** * The cipher to use */ const EVP_CIPHER *cipher; @@ -161,6 +167,12 @@ METHOD(aead_t, get_iv_size, size_t, return IV_LEN; } +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + return this->iv_gen; +} + METHOD(aead_t, get_key_size, size_t, private_aead_t *this) { @@ -183,6 +195,7 @@ METHOD(aead_t, destroy, void, private_aead_t *this) { chunk_clear(&this->key); + this->iv_gen->destroy(this->iv_gen); free(this); } @@ -200,6 +213,7 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _destroy, @@ -258,6 +272,7 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size) } this->key = chunk_alloc(key_size); + this->iv_gen = iv_gen_seq_create(); return &this->public; } |