diff options
Diffstat (limited to 'src/libstrongswan/crypto')
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 9 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.h | 6 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.c | 12 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.h | 8 |
5 files changed, 32 insertions, 13 deletions
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index c887f53bb..43f71b65e 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -102,6 +102,10 @@ struct aead_t { /** * Get the size of the key material (for encryption and authentication). * + * This includes any additional bytes requires for the implicit nonce part. + * For AEADs based on traditional ciphers, the length is for both + * the integrity and the encryption key in total. + * * @return key size in bytes */ size_t (*get_key_size)(aead_t *this); @@ -109,6 +113,11 @@ struct aead_t { /** * Set the key for encryption and authentication. * + * If the AEAD uses an implicit nonce, the last part of the key shall + * be the implicit nonce. For AEADs based on traditional ciphers, the + * key shall include both integrity and encryption keys, concatenated + * in that order. + * * @param key encryption and authentication key * @return TRUE if key set successfully */ diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 69225bd1e..6dea30ee3 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -176,7 +176,7 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, METHOD(crypto_factory_t, create_aead, aead_t*, private_crypto_factory_t *this, encryption_algorithm_t algo, - size_t key_size) + size_t key_size, size_t salt_size) { enumerator_t *enumerator; entry_t *entry; @@ -190,12 +190,12 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, - entry->create_aead, NULL, + salt_size, entry->create_aead, NULL, default_plugin_name)) { continue; } - aead = entry->create_aead(algo, key_size); + aead = entry->create_aead(algo, key_size, salt_size); if (aead) { break; @@ -474,7 +474,7 @@ METHOD(crypto_factory_t, add_aead, bool, u_int speed = 0; if (!this->test_on_add || - this->tester->test_aead(this->tester, algo, 0, create, + this->tester->test_aead(this->tester, algo, 0, 0, create, this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); @@ -1003,7 +1003,7 @@ static u_int verify_registered_algorithms(crypto_factory_t *factory) this->lock->read_lock(this->lock); TEST_ALGORITHMS(crypter, 0); - TEST_ALGORITHMS(aead, 0); + TEST_ALGORITHMS(aead, 0, 0); TEST_ALGORITHMS(signer); TEST_ALGORITHMS(hasher); TEST_ALGORITHMS(prf); diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 281dc256f..7865bcb15 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -46,7 +46,7 @@ typedef crypter_t* (*crypter_constructor_t)(encryption_algorithm_t algo, * Constructor function for aead transforms */ typedef aead_t* (*aead_constructor_t)(encryption_algorithm_t algo, - size_t key_size); + size_t key_size, size_t salt_size); /** * Constructor function for signers */ @@ -100,10 +100,12 @@ struct crypto_factory_t { * * @param algo encryption algorithm * @param key_size length of the key in bytes + * @param salt_size size of salt, implicit part of the nonce * @return aead_t instance, NULL if not supported */ aead_t* (*create_aead)(crypto_factory_t *this, - encryption_algorithm_t algo, size_t key_size); + encryption_algorithm_t algo, + size_t key_size, size_t salt_size); /** * Create a symmetric signer instance. diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 40c4fd362..c6780daf1 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -315,7 +315,7 @@ static u_int bench_aead(private_crypto_tester_t *this, { aead_t *aead; - aead = create(alg, 0); + aead = create(alg, 0, 0); if (aead) { char iv[aead->get_iv_size(aead)]; @@ -364,7 +364,8 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, - aead_constructor_t create, u_int *speed, const char *plugin_name) + size_t salt_size, aead_constructor_t create, + u_int *speed, const char *plugin_name) { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -386,10 +387,14 @@ METHOD(crypto_tester_t, test_aead, bool, { /* test only vectors with a specific key size, if key size given */ continue; } + if (salt_size && salt_size != vector->salt_size) + { + continue; + } tested++; failed = TRUE; - aead = create(alg, vector->key_size); + aead = create(alg, vector->key_size, vector->salt_size); if (!aead) { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", @@ -1218,4 +1223,3 @@ crypto_tester_t *crypto_tester_create() return &this->public; } - diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 9ac665929..add3b1cdf 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -54,6 +54,8 @@ struct aead_test_vector_t { encryption_algorithm_t alg; /** key length to use, in bytes */ size_t key_size; + /** salt length to use, in bytes */ + size_t salt_size; /** encryption key of test vector */ u_char *key; /** initialization vector, using crypters blocksize bytes */ @@ -150,13 +152,15 @@ struct crypto_tester_t { * * @param alg algorithm to test * @param key_size key size to test, 0 for default + * @param salt_size salt length to test, 0 for default * @param create constructor function for the aead transform * @param speed speed test result, NULL to omit * @return TRUE if test passed */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, - size_t key_size, aead_constructor_t create, - u_int *speed, const char *plugin_name); + size_t key_size, size_t salt_size, + aead_constructor_t create, + u_int *speed, const char *plugin_name); /** * Test a signer algorithm. * |