aead: Create AEAD using traditional transforms with an explicit IV generator

Real AEADs directly provide a suitable IV generator, but traditional crypters
do not. For some (stream) ciphers, we should use sequential IVs, for which
we pass an appropriate generator to the AEAD wrapper.

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 80721fafeb4afaaf840e6a34e4c3415601d96592..1e1fa4f30fba956fb546625c8beeff92345fdecc 100644 (file)
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -102,6 +102,7 @@ static void aead_create_from_keys(aead_t **in, aead_t **out,
        *in = *out = NULL;
        signer_t *signer_i, *signer_r;
        crypter_t *crypter_i, *crypter_r;
+       iv_gen_t *ivg_i, *ivg_r;
 
        signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
        signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
@@ -145,15 +146,21 @@ static void aead_create_from_keys(aead_t **in, aead_t **out,
                return;
        }
 
+       ivg_i = iv_gen_create_for_alg(enc_alg);
+       ivg_r = iv_gen_create_for_alg(enc_alg);
+       if (!ivg_i || !ivg_r)
+       {
+               return;
+       }
        if (initiator)
        {
-               *in = aead_create(crypter_r, signer_r);
-               *out = aead_create(crypter_i, signer_i);
+               *in = aead_create(crypter_r, signer_r, ivg_r);
+               *out = aead_create(crypter_i, signer_i, ivg_i);
        }
        else
        {
-               *in = aead_create(crypter_i, signer_i);
-               *out = aead_create(crypter_r, signer_r);
+               *in = aead_create(crypter_i, signer_i, ivg_i);
+               *out = aead_create(crypter_r, signer_r, ivg_r);
        }
 }
 

diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index f70f5cfeda0dec9c7f0a8aff98028f55e202109c..6fedc8eb5b4f1d3ec7af8bb623f0f2c9609c0ec0 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -193,6 +193,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 {
        crypter_t *crypter_i = NULL, *crypter_r = NULL;
        signer_t *signer_i, *signer_r;
+       iv_gen_t *ivg_i, *ivg_r;
        size_t key_size;
        chunk_t key = chunk_empty;
 
@@ -264,15 +265,21 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
                goto failure;
        }
 
+       ivg_i = iv_gen_create_for_alg(enc_alg);
+       ivg_r = iv_gen_create_for_alg(enc_alg);
+       if (!ivg_i || !ivg_r)
+       {
+               goto failure;
+       }
        if (this->initiator)
        {
-               this->aead_in = aead_create(crypter_r, signer_r);
-               this->aead_out = aead_create(crypter_i, signer_i);
+               this->aead_in = aead_create(crypter_r, signer_r, ivg_r);
+               this->aead_out = aead_create(crypter_i, signer_i, ivg_i);
        }
        else
        {
-               this->aead_in = aead_create(crypter_i, signer_i);
-               this->aead_out = aead_create(crypter_r, signer_r);
+               this->aead_in = aead_create(crypter_i, signer_i, ivg_i);
+               this->aead_out = aead_create(crypter_r, signer_r, ivg_r);
        }
        signer_i = signer_r = NULL;
        crypter_i = crypter_r = NULL;

diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index 5e58f66daea24f91f3633e7d7ed081773708f862..a2307e0480c9fc4e2a553dba33e0d1a0ba167800 100644 (file)
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -244,6 +244,7 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg,
 {
        crypter_t *crypter = NULL;
        signer_t *signer = NULL;
+       iv_gen_t *ivg;
 
        crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len);
        if (!crypter)
@@ -272,7 +273,13 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg,
                         "failed");
                goto failed;
        }
-       this->aead = aead_create(crypter, signer);
+       ivg = iv_gen_create_for_alg(enc_alg);
+       if (!ivg)
+       {
+               DBG1(DBG_ESP, "failed to create ESP context: creating iv gen failed");
+               goto failed;
+       }
+       this->aead = aead_create(crypter, signer, ivg);
        return TRUE;
 
 failed:

diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
index afcc11fbee5d215d2b52614ba84f87018dcd963f..d50bd4d229d88841eccd91215d0747f82e9ae132 100644 (file)
--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@@ -172,7 +172,7 @@ METHOD(aead_t, destroy, void,
 /**
  * See header
  */
-aead_t *aead_create(crypter_t *crypter, signer_t *signer)
+aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen)
 {
        private_aead_t *this;
 
@@ -190,7 +190,7 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer)
                },
                .crypter = crypter,
                .signer = signer,
-               .iv_gen = iv_gen_rand_create(),
+               .iv_gen = iv_gen,
        );
 
        return &this->public;

diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
index 43f71b65efc6e6fdc279c66b4977234f8f670ed6..9d1b8df55e6c1f4da7c880a41e3ecc442b0274b7 100644 (file)
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@@ -135,8 +135,9 @@ struct aead_t {
  *
  * @param crypter              encryption transform for this aead
  * @param signer               integrity transform for this aead
+ * @param iv_gen               suitable IV generator for encryption algorithm
  * @return                             aead transform
  */
-aead_t *aead_create(crypter_t *crypter, signer_t *signer);
+aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen);
 
 #endif /** AEAD_H_ @}*/