From 051fc25d926399b65d0b0caf95d1f6a6acb26e2a Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 22 Apr 2013 14:57:11 +0200 Subject: libipsec: Add support for AES-GCM --- src/libipsec/esp_context.c | 48 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) (limited to 'src/libipsec/esp_context.c') diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 86e8dd0a8..bbcb62add 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -204,6 +204,37 @@ METHOD(esp_context_t, destroy, void, free(this); } +/** + * Create an AEAD algorithm + */ +static bool create_aead(private_esp_context_t *this, int alg, + chunk_t key) +{ + switch (alg) + { + case ENCR_AES_GCM_ICV8: + case ENCR_AES_GCM_ICV12: + case ENCR_AES_GCM_ICV16: + /* the key includes a 4 byte salt */ + this->aead = lib->crypto->create_aead(lib->crypto, alg, key.len-4); + break; + default: + break; + } + if (!this->aead) + { + DBG1(DBG_ESP, "failed to create ESP context: unsupported AEAD " + "algorithm"); + return FALSE; + } + if (!this->aead->set_key(this->aead, key)) + { + DBG1(DBG_ESP, "failed to create ESP context: setting AEAD key failed"); + return FALSE; + } + return TRUE; +} + /** * Create AEAD wrapper around traditional encryption/integrity algorithms */ @@ -288,10 +319,21 @@ esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key, .window_size = ESP_DEFAULT_WINDOW_SIZE, ); - if (!create_traditional(this, enc_alg, enc_key, int_alg, int_key)) + if (encryption_algorithm_is_aead(enc_alg)) + { + if (!create_aead(this, enc_alg, enc_key)) + { + destroy(this); + return NULL; + } + } + else { - destroy(this); - return NULL; + if (!create_traditional(this, enc_alg, enc_key, int_alg, int_key)) + { + destroy(this); + return NULL; + } } if (inbound) -- cgit v1.2.3