| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We don't need an IV for NULL encryption, so we wouldn't technically need
an IV generator. But some of the code currently relies on an IV
generator to be present. So we don't have to change that code and
handle IV size == 0 specially we use the new NULL IV generator, which
handles this transparently to the existing code.
Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms
with an explicit IV generator") iv_gen_rand_t was used for NULL
encryption, which would work too but this way it's clearer.
|
| |
|
|
|
| |
This does not actually allocate an IV and only accepts requests
for size == 0.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use the message ID and fragment number as IV generator. As IKEv2 uses
distinct message ID counters for actively and passively initiated exchanges,
each IV would be used twice. As we explicitly reject such message IDs since
d0ed1079, original-responder initiated exchanges fail with counter mode ciphers.
This commit separates IV space in two halves for sequential IVs, and
automatically assigns once reused sequence numbers to the second half.
Fixes #980.
|
| |
|
|
|
| |
While no algorithm actually uses such short IVs, we add a check here to ensure
we won't return just the lower bits of the counter.
|
| |
|
|
| |
We allow gaps in IVs, but ensure that an IV is never used more than once.
|
| | |
|
| |
|
|
|
| |
This makes it harder to attack a HA setup, even if the sequence numbers were
not fully in sync.
|
| |
|
|
| |
This prevents duplicate sequential IVs in case of a HA failover.
|
| | |
|
| |
|
|
| |
Uses RNG_WEAK as the code currently does elsewhere to allocate IVs.
|
| |
|
