+/**
+ * Create NULL encryption transforms
+ */
+static bool create_null(private_tls_crypto_t *this, suite_algs_t *algs)
+{
+ this->aead_in = tls_aead_create_null(algs->mac);
+ this->aead_out = tls_aead_create_null(algs->mac);
+ if (!this->aead_in || !this->aead_out)
+ {
+ DBG1(DBG_TLS, "selected TLS MAC %N not supported",
+ integrity_algorithm_names, algs->mac);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Create traditional transforms
+ */
+static bool create_traditional(private_tls_crypto_t *this, suite_algs_t *algs)
+{
+ if (this->tls->get_version(this->tls) < TLS_1_1)
+ {
+ this->aead_in = tls_aead_create_implicit(algs->mac,
+ algs->encr, algs->encr_size);
+ this->aead_out = tls_aead_create_implicit(algs->mac,
+ algs->encr, algs->encr_size);
+ }
+ else
+ {
+ this->aead_in = tls_aead_create_explicit(algs->mac,
+ algs->encr, algs->encr_size);
+ this->aead_out = tls_aead_create_explicit(algs->mac,
+ algs->encr, algs->encr_size);
+ }
+ if (!this->aead_in || !this->aead_out)
+ {
+ DBG1(DBG_TLS, "selected TLS transforms %N-%u-%N not supported",
+ encryption_algorithm_names, algs->encr, algs->encr_size * 8,
+ integrity_algorithm_names, algs->mac);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Create AEAD transforms
+ */
+static bool create_aead(private_tls_crypto_t *this, suite_algs_t *algs)
+{
+ this->aead_in = tls_aead_create_aead(algs->encr, algs->encr_size);
+ this->aead_out = tls_aead_create_aead(algs->encr, algs->encr_size);
+ if (!this->aead_in || !this->aead_out)
+ {
+ DBG1(DBG_TLS, "selected TLS transforms %N-%u not supported",
+ encryption_algorithm_names, algs->encr, algs->encr_size * 8);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Clean up and unset AEAD transforms
+ */
+static void destroy_aeads(private_tls_crypto_t *this)
+{
+ DESTROY_IF(this->aead_in);
+ DESTROY_IF(this->aead_out);
+ this->aead_in = this->aead_out = NULL;
+}
+