From 896d729a6057c2f4fe4a74bbc4c942a939f27a7e Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 16 Nov 2016 15:11:41 +0100
Subject: libipsec: Add support for AES and Camellia in CCM mode

Fixes #2172.
---
 src/libipsec/esp_context.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index 6c7e9a1c9..c014e683a 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -210,19 +210,32 @@ METHOD(esp_context_t, destroy, void,
 static bool create_aead(private_esp_context_t *this, int alg,
 						chunk_t key)
 {
+	size_t salt = 0;
+
 	switch (alg)
 	{
 		case ENCR_AES_GCM_ICV8:
 		case ENCR_AES_GCM_ICV12:
 		case ENCR_AES_GCM_ICV16:
 		case ENCR_CHACHA20_POLY1305:
-			/* the key includes a 4 byte salt */
-			this->aead = lib->crypto->create_aead(lib->crypto, alg,
-												  key.len - 4, 4);
+			salt = 4;
+			break;
+		case ENCR_AES_CCM_ICV8:
+		case ENCR_AES_CCM_ICV12:
+		case ENCR_AES_CCM_ICV16:
+		case ENCR_CAMELLIA_CCM_ICV8:
+		case ENCR_CAMELLIA_CCM_ICV12:
+		case ENCR_CAMELLIA_CCM_ICV16:
+			salt = 3;
 			break;
 		default:
 			break;
 	}
+	if (salt)
+	{
+		this->aead = lib->crypto->create_aead(lib->crypto, alg,
+											  key.len - salt, salt);
+	}
 	if (!this->aead)
 	{
 		DBG1(DBG_ESP, "failed to create ESP context: unsupported AEAD "
-- 
cgit v1.2.3