From 3c81cb6fc3225423ce82bbd97bd6fd9b70df8cc0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 31 Mar 2015 14:59:12 +0200 Subject: aead: Create AEAD using traditional transforms with an explicit IV generator Real AEADs directly provide a suitable IV generator, but traditional crypters do not. For some (stream) ciphers, we should use sequential IVs, for which we pass an appropriate generator to the AEAD wrapper. --- src/libipsec/esp_context.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/libipsec/esp_context.c') diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 5e58f66da..a2307e048 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -244,6 +244,7 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, { crypter_t *crypter = NULL; signer_t *signer = NULL; + iv_gen_t *ivg; crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len); if (!crypter) @@ -272,7 +273,13 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, "failed"); goto failed; } - this->aead = aead_create(crypter, signer); + ivg = iv_gen_create_for_alg(enc_alg); + if (!ivg) + { + DBG1(DBG_ESP, "failed to create ESP context: creating iv gen failed"); + goto failed; + } + this->aead = aead_create(crypter, signer, ivg); return TRUE; failed: -- cgit v1.2.3