diff options
| -rw-r--r-- | src/libipsec/esp_context.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 6c7e9a1c9..c014e683a 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -210,19 +210,32 @@ METHOD(esp_context_t, destroy, void, static bool create_aead(private_esp_context_t *this, int alg, chunk_t key) { + size_t salt = 0; + switch (alg) { case ENCR_AES_GCM_ICV8: case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: case ENCR_CHACHA20_POLY1305: - /* the key includes a 4 byte salt */ - this->aead = lib->crypto->create_aead(lib->crypto, alg, - key.len - 4, 4); + salt = 4; + break; + case ENCR_AES_CCM_ICV8: + case ENCR_AES_CCM_ICV12: + case ENCR_AES_CCM_ICV16: + case ENCR_CAMELLIA_CCM_ICV8: + case ENCR_CAMELLIA_CCM_ICV12: + case ENCR_CAMELLIA_CCM_ICV16: + salt = 3; break; default: break; } + if (salt) + { + this->aead = lib->crypto->create_aead(lib->crypto, alg, + key.len - salt, salt); + } if (!this->aead) { DBG1(DBG_ESP, "failed to create ESP context: unsupported AEAD " |