diff options
| -rw-r--r-- | scripts/aes-test.c | 2 | ||||
| -rw-r--r-- | scripts/crypt_burn.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/keymat_v2.c | 29 | ||||
| -rw-r--r-- | src/libipsec/esp_context.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 9 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.h | 6 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.c | 12 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.h | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/ccm/ccm_aead.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/ccm/ccm_aead.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gcm/gcm_aead.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gcm/gcm_aead.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_gcm.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_gcm.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c | 33 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c | 22 |
17 files changed, 131 insertions, 43 deletions
diff --git a/scripts/aes-test.c b/scripts/aes-test.c index eb94180f8..425a4dc4f 100644 --- a/scripts/aes-test.c +++ b/scripts/aes-test.c @@ -313,7 +313,7 @@ static bool do_test_gcm(test_vector_t *test) return FALSE; } - aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len); + aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len, 4); if (!aead) { DBG1(DBG_APP, "algorithm %N or key length (%d bits) not supported", diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c index 729472e7d..1768d769b 100644 --- a/scripts/crypt_burn.c +++ b/scripts/crypt_burn.c @@ -61,7 +61,7 @@ int main(int argc, char *argv[]) if (encryption_algorithm_is_aead(token->algorithm)) { aead = lib->crypto->create_aead(lib->crypto, - token->algorithm, token->keysize / 8); + token->algorithm, token->keysize / 8, 0); if (!aead) { fprintf(stderr, "aead '%s' not supported!\n", argv[1]); diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 8c7ba8d55..88ad14faf 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -97,10 +97,35 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg, { aead_t *aead_i, *aead_r; chunk_t key = chunk_empty; + u_int salt_size; + + switch (alg) + { + case ENCR_AES_GCM_ICV8: + case ENCR_AES_GCM_ICV12: + case ENCR_AES_GCM_ICV16: + /* RFC 4106 */ + salt_size = 4; + break; + case ENCR_AES_CCM_ICV8: + case ENCR_AES_CCM_ICV12: + case ENCR_AES_CCM_ICV16: + /* RFC 4309 */ + case ENCR_CAMELLIA_CCM_ICV8: + case ENCR_CAMELLIA_CCM_ICV12: + case ENCR_CAMELLIA_CCM_ICV16: + /* RFC 5529 */ + salt_size = 3; + break; + default: + DBG1(DBG_IKE, "nonce size for %N unknown!", + encryption_algorithm_names, alg); + return FALSE; + } /* SK_ei/SK_er used for encryption */ - aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8); - aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8); + aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); + aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); if (aead_i == NULL || aead_r == NULL) { DBG1(DBG_IKE, "%N %N (key size %d) not supported!", diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 66e14f98b..5e58f66da 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -216,7 +216,8 @@ static bool create_aead(private_esp_context_t *this, int alg, case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: /* the key includes a 4 byte salt */ - this->aead = lib->crypto->create_aead(lib->crypto, alg, key.len-4); + this->aead = lib->crypto->create_aead(lib->crypto, alg, + key.len - 4, 4); break; default: break; diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index c887f53bb..43f71b65e 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -102,6 +102,10 @@ struct aead_t { /** * Get the size of the key material (for encryption and authentication). * + * This includes any additional bytes requires for the implicit nonce part. + * For AEADs based on traditional ciphers, the length is for both + * the integrity and the encryption key in total. + * * @return key size in bytes */ size_t (*get_key_size)(aead_t *this); @@ -109,6 +113,11 @@ struct aead_t { /** * Set the key for encryption and authentication. * + * If the AEAD uses an implicit nonce, the last part of the key shall + * be the implicit nonce. For AEADs based on traditional ciphers, the + * key shall include both integrity and encryption keys, concatenated + * in that order. + * * @param key encryption and authentication key * @return TRUE if key set successfully */ diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 69225bd1e..6dea30ee3 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -176,7 +176,7 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, METHOD(crypto_factory_t, create_aead, aead_t*, private_crypto_factory_t *this, encryption_algorithm_t algo, - size_t key_size) + size_t key_size, size_t salt_size) { enumerator_t *enumerator; entry_t *entry; @@ -190,12 +190,12 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, - entry->create_aead, NULL, + salt_size, entry->create_aead, NULL, default_plugin_name)) { continue; } - aead = entry->create_aead(algo, key_size); + aead = entry->create_aead(algo, key_size, salt_size); if (aead) { break; @@ -474,7 +474,7 @@ METHOD(crypto_factory_t, add_aead, bool, u_int speed = 0; if (!this->test_on_add || - this->tester->test_aead(this->tester, algo, 0, create, + this->tester->test_aead(this->tester, algo, 0, 0, create, this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); @@ -1003,7 +1003,7 @@ static u_int verify_registered_algorithms(crypto_factory_t *factory) this->lock->read_lock(this->lock); TEST_ALGORITHMS(crypter, 0); - TEST_ALGORITHMS(aead, 0); + TEST_ALGORITHMS(aead, 0, 0); TEST_ALGORITHMS(signer); TEST_ALGORITHMS(hasher); TEST_ALGORITHMS(prf); diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 281dc256f..7865bcb15 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -46,7 +46,7 @@ typedef crypter_t* (*crypter_constructor_t)(encryption_algorithm_t algo, * Constructor function for aead transforms */ typedef aead_t* (*aead_constructor_t)(encryption_algorithm_t algo, - size_t key_size); + size_t key_size, size_t salt_size); /** * Constructor function for signers */ @@ -100,10 +100,12 @@ struct crypto_factory_t { * * @param algo encryption algorithm * @param key_size length of the key in bytes + * @param salt_size size of salt, implicit part of the nonce * @return aead_t instance, NULL if not supported */ aead_t* (*create_aead)(crypto_factory_t *this, - encryption_algorithm_t algo, size_t key_size); + encryption_algorithm_t algo, + size_t key_size, size_t salt_size); /** * Create a symmetric signer instance. diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 40c4fd362..c6780daf1 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -315,7 +315,7 @@ static u_int bench_aead(private_crypto_tester_t *this, { aead_t *aead; - aead = create(alg, 0); + aead = create(alg, 0, 0); if (aead) { char iv[aead->get_iv_size(aead)]; @@ -364,7 +364,8 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, - aead_constructor_t create, u_int *speed, const char *plugin_name) + size_t salt_size, aead_constructor_t create, + u_int *speed, const char *plugin_name) { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -386,10 +387,14 @@ METHOD(crypto_tester_t, test_aead, bool, { /* test only vectors with a specific key size, if key size given */ continue; } + if (salt_size && salt_size != vector->salt_size) + { + continue; + } tested++; failed = TRUE; - aead = create(alg, vector->key_size); + aead = create(alg, vector->key_size, vector->salt_size); if (!aead) { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", @@ -1218,4 +1223,3 @@ crypto_tester_t *crypto_tester_create() return &this->public; } - diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 9ac665929..add3b1cdf 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -54,6 +54,8 @@ struct aead_test_vector_t { encryption_algorithm_t alg; /** key length to use, in bytes */ size_t key_size; + /** salt length to use, in bytes */ + size_t salt_size; /** encryption key of test vector */ u_char *key; /** initialization vector, using crypters blocksize bytes */ @@ -150,13 +152,15 @@ struct crypto_tester_t { * * @param alg algorithm to test * @param key_size key size to test, 0 for default + * @param salt_size salt length to test, 0 for default * @param create constructor function for the aead transform * @param speed speed test result, NULL to omit * @return TRUE if test passed */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, - size_t key_size, aead_constructor_t create, - u_int *speed, const char *plugin_name); + size_t key_size, size_t salt_size, + aead_constructor_t create, + u_int *speed, const char *plugin_name); /** * Test a signer algorithm. * diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c index 65eccb2db..6d4b2e13c 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.c +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -343,7 +343,8 @@ METHOD(aead_t, destroy, void, /** * See header */ -ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size) +ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, + size_t key_size, size_t salt_size) { private_ccm_aead_t *this; size_t icv_size; @@ -360,6 +361,11 @@ ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size) default: return NULL; } + if (salt_size && salt_size != SALT_SIZE) + { + /* currently not supported */ + return NULL; + } switch (algo) { case ENCR_AES_CCM_ICV8: diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.h b/src/libstrongswan/plugins/ccm/ccm_aead.h index 79ab31804..0f1ec09a7 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.h +++ b/src/libstrongswan/plugins/ccm/ccm_aead.h @@ -44,8 +44,10 @@ struct ccm_aead_t { * * @param algo algorithm to implement, a CCM mode * @param key_size key size in bytes + * @param salt_size size of implicit salt length * @return aead, NULL if not supported */ -ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size); +ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size); #endif /** CCM_AEAD_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index ba5f2e4b3..4ab17017f 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -375,7 +375,8 @@ METHOD(aead_t, destroy, void, /** * See header */ -gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size) +gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, + size_t key_size, size_t salt_size) { private_gcm_aead_t *this; size_t icv_size; @@ -392,6 +393,11 @@ gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size) default: return NULL; } + if (salt_size && salt_size != SALT_SIZE) + { + /* currently not supported */ + return NULL; + } switch (algo) { case ENCR_AES_GCM_ICV8: diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.h b/src/libstrongswan/plugins/gcm/gcm_aead.h index 846c3c76c..5c09477c3 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.h +++ b/src/libstrongswan/plugins/gcm/gcm_aead.h @@ -44,8 +44,10 @@ struct gcm_aead_t { * * @param algo algorithm to implement, a gcm mode * @param key_size key size in bytes + * @param salt_size size of implicit salt length * @return aead, NULL if not supported */ -gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size); +gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size); #endif /** GCM_AEAD_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 842111bd3..147e4afb4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -202,7 +202,8 @@ METHOD(aead_t, destroy, void, /* * Described in header */ -aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size) +aead_t *openssl_gcm_create(encryption_algorithm_t algo, + size_t key_size, size_t salt_size) { private_aead_t *this; @@ -236,6 +237,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size) return NULL; } + if (salt_size && salt_size != SALT_LEN) + { + /* currently not supported */ + free(this); + return NULL; + } + switch (algo) { case ENCR_AES_GCM_ICV8: diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.h b/src/libstrongswan/plugins/openssl/openssl_gcm.h index 12d2e8ab6..4ae268bd6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.h +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.h @@ -30,8 +30,10 @@ * * @param algo algorithm to implement * @param key_size key size in bytes + * @param salt_size size of implicit salt length * @return aead_t object, NULL if not supported */ -aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size); +aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size); #endif /** OPENSSL_GCM_H_ @}*/ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c index 8de180ad5..95c41ecbc 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c @@ -21,7 +21,8 @@ * originally from "fips cavs fax files on hand at Red Hat". */ aead_test_vector_t aes_ccm1 = { - .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 0, + .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .salt_size = 3, + .len = 32, .alen = 0, .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05\x2e\x01\xd1\xfc\x5d\x82\x66\x2e" "\x96\xac\x59", .iv = "\x30\x07\xa1\xe2\xa2\xc7\x55\x24", @@ -33,7 +34,8 @@ aead_test_vector_t aes_ccm1 = { }; aead_test_vector_t aes_ccm2 = { - .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .salt_size = 3, + .len = 32, .alen = 32, .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3" "\x4f\xa3\x19", .iv = "\xd3\x01\x5a\xd8\x30\x60\x15\x56", @@ -47,7 +49,8 @@ aead_test_vector_t aes_ccm2 = { }; aead_test_vector_t aes_ccm3 = { - .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 0, .alen = 32, + .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .salt_size = 3, + .len = 0, .alen = 32, .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1\xa3\xf0\xff\xdd\x4e\x4b\x12\x75" "\x53\x14\x73\x66\x8d\x88\xf6\x80\xa0\x20\x35", .iv = "\x26\xf2\x21\x8d\x50\x20\xda\xe2", @@ -57,7 +60,8 @@ aead_test_vector_t aes_ccm3 = { }; aead_test_vector_t aes_ccm4 = { - .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .salt_size = 3, + .len = 32, .alen = 32, .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42\xef\x7a\xd3\xce\xfc\x84\x60\x62" "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01\xd6\x3c\x8c", .iv = "\x86\x84\xb6\xcd\xef\x09\x2e\x94", @@ -71,7 +75,8 @@ aead_test_vector_t aes_ccm4 = { }; aead_test_vector_t aes_ccm5 = { - .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .salt_size = 3, + .len = 32, .alen = 32, .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a\xbd\x01\x99\xd5\x8a\xdf\x71\x3a" "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b" "\x1e\x29\x91", @@ -86,7 +91,8 @@ aead_test_vector_t aes_ccm5 = { }; aead_test_vector_t aes_ccm6 = { - .alg = ENCR_AES_CCM_ICV12, .key_size = 32, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV12, .key_size = 32, .salt_size = 3, + .len = 32, .alen = 32, .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c\x45\x41\xb8\xbd\x5c\xa7\xc2\x32" "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c\x09\x75\x9a\x9b\x3c\x9b\x27\x39" "\xf9\xd9\x4e", @@ -101,7 +107,8 @@ aead_test_vector_t aes_ccm6 = { }; aead_test_vector_t aes_ccm7 = { - .alg = ENCR_AES_CCM_ICV16, .key_size = 32, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV16, .key_size = 32, .salt_size = 3, + .len = 32, .alen = 32, .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83\x8c\x76\x95\xd4\xb6\xdc\xf3\x46" "\xf9\x8f\xad\xe3\x02\x13\x83\x77\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b" "\x24\xa7\x8b", @@ -116,7 +123,8 @@ aead_test_vector_t aes_ccm7 = { }; aead_test_vector_t aes_ccm8 = { - .alg = ENCR_AES_CCM_ICV8, .key_size = 16, .len = 0, .alen = 0, + .alg = ENCR_AES_CCM_ICV8, .key_size = 16, .salt_size = 3, + .len = 0, .alen = 0, .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1\xff\x80\x2e\x48\x7d\x82\xf8\xb9" "\xaf\x94\x87", .iv = "\x78\x35\x82\x81\x7f\x88\x94\x68", @@ -124,7 +132,8 @@ aead_test_vector_t aes_ccm8 = { }; aead_test_vector_t aes_ccm9 = { - .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 0, .alen = 32, + .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .salt_size = 3, + .len = 0, .alen = 32, .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" "\xa4\x48\x93\x39\x26\x71\x4a\xc6\xee\x49\x83", .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e", @@ -134,7 +143,8 @@ aead_test_vector_t aes_ccm9 = { }; aead_test_vector_t aes_ccm10 = { - .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 0, .alen = 0, + .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .salt_size = 3, + .len = 0, .alen = 0, .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" "\x20\x2c\xad\x30\xc2\x2b\x41\xfb\x0e\x85\xbc\x33\xad\x0f\x2b\xff" "\xee\x49\x83", @@ -143,7 +153,8 @@ aead_test_vector_t aes_ccm10 = { }; aead_test_vector_t aes_ccm11 = { - .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 32, .alen = 32, + .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .salt_size = 3, + .len = 32, .alen = 32, .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7\x96\xe5\xc5\x68\xaa\x95\x35\xe0" "\x29\xa0\xba\x9e\x48\x78\xd1\xba\xee\x49\x83", .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e", diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c index 7534633e1..68e6de5d9 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c @@ -20,7 +20,8 @@ * McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ aead_test_vector_t aes_gcm1 = { - .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .len = 64, .alen = 0, + .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .salt_size = 4, + .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", @@ -36,7 +37,8 @@ aead_test_vector_t aes_gcm1 = { }; aead_test_vector_t aes_gcm2 = { - .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .len = 64, .alen = 0, + .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .salt_size = 4, + .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", @@ -52,7 +54,8 @@ aead_test_vector_t aes_gcm2 = { }; aead_test_vector_t aes_gcm3 = { - .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 64, .alen = 0, + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, + .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", @@ -68,7 +71,8 @@ aead_test_vector_t aes_gcm3 = { }; aead_test_vector_t aes_gcm4 = { - .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 60, .alen = 20, + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, + .len = 60, .alen = 20, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", @@ -86,7 +90,8 @@ aead_test_vector_t aes_gcm4 = { }; aead_test_vector_t aes_gcm5 = { - .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .len = 64, .alen = 0, + .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4, + .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe", .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", @@ -102,7 +107,8 @@ aead_test_vector_t aes_gcm5 = { }; aead_test_vector_t aes_gcm6 = { - .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 64, .alen = 0, + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, + .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", @@ -119,7 +125,8 @@ aead_test_vector_t aes_gcm6 = { }; aead_test_vector_t aes_gcm7 = { - .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 60, .alen = 20, + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, + .len = 60, .alen = 20, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\xca\xfe\xba\xbe", @@ -136,4 +143,3 @@ aead_test_vector_t aes_gcm7 = { "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x76\xfc\x6e\xce" "\x0f\x4e\x17\x68\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", }; - |