From e5d73b0dfa6bc57b2ed8745df4409308eeaf272e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 31 Jan 2014 15:53:38 +0100 Subject: aead: Support custom AEAD salt sizes The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces. --- scripts/aes-test.c | 2 +- scripts/crypt_burn.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/aes-test.c b/scripts/aes-test.c index eb94180f8..425a4dc4f 100644 --- a/scripts/aes-test.c +++ b/scripts/aes-test.c @@ -313,7 +313,7 @@ static bool do_test_gcm(test_vector_t *test) return FALSE; } - aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len); + aead = lib->crypto->create_aead(lib->crypto, alg, test->key.len, 4); if (!aead) { DBG1(DBG_APP, "algorithm %N or key length (%d bits) not supported", diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c index 729472e7d..1768d769b 100644 --- a/scripts/crypt_burn.c +++ b/scripts/crypt_burn.c @@ -61,7 +61,7 @@ int main(int argc, char *argv[]) if (encryption_algorithm_is_aead(token->algorithm)) { aead = lib->crypto->create_aead(lib->crypto, - token->algorithm, token->keysize / 8); + token->algorithm, token->keysize / 8, 0); if (!aead) { fprintf(stderr, "aead '%s' not supported!\n", argv[1]); -- cgit v1.2.3