libipsec: Add support for AES and Camellia in CCM mode
authorTobias Brunner <tobias@strongswan.org>
Wed, 16 Nov 2016 14:11:41 +0000 (15:11 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 25 Jan 2017 16:26:45 +0000 (17:26 +0100)
Fixes #2172.

src/libipsec/esp_context.c

index 6c7e9a1..c014e68 100644 (file)
@@ -210,19 +210,32 @@ METHOD(esp_context_t, destroy, void,
 static bool create_aead(private_esp_context_t *this, int alg,
                                                chunk_t key)
 {
+       size_t salt = 0;
+
        switch (alg)
        {
                case ENCR_AES_GCM_ICV8:
                case ENCR_AES_GCM_ICV12:
                case ENCR_AES_GCM_ICV16:
                case ENCR_CHACHA20_POLY1305:
-                       /* the key includes a 4 byte salt */
-                       this->aead = lib->crypto->create_aead(lib->crypto, alg,
-                                                                                                 key.len - 4, 4);
+                       salt = 4;
+                       break;
+               case ENCR_AES_CCM_ICV8:
+               case ENCR_AES_CCM_ICV12:
+               case ENCR_AES_CCM_ICV16:
+               case ENCR_CAMELLIA_CCM_ICV8:
+               case ENCR_CAMELLIA_CCM_ICV12:
+               case ENCR_CAMELLIA_CCM_ICV16:
+                       salt = 3;
                        break;
                default:
                        break;
        }
+       if (salt)
+       {
+               this->aead = lib->crypto->create_aead(lib->crypto, alg,
+                                                                                         key.len - salt, salt);
+       }
        if (!this->aead)
        {
                DBG1(DBG_ESP, "failed to create ESP context: unsupported AEAD "