From e5d73b0dfa6bc57b2ed8745df4409308eeaf272e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 31 Jan 2014 15:53:38 +0100 Subject: aead: Support custom AEAD salt sizes The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces. --- src/libipsec/esp_context.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/libipsec/esp_context.c') diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 66e14f98b..5e58f66da 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -216,7 +216,8 @@ static bool create_aead(private_esp_context_t *this, int alg, case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: /* the key includes a 4 byte salt */ - this->aead = lib->crypto->create_aead(lib->crypto, alg, key.len-4); + this->aead = lib->crypto->create_aead(lib->crypto, alg, + key.len - 4, 4); break; default: break; -- cgit v1.2.3