aead: Create AEAD using traditional transforms with an explicit IV generator

Real AEADs directly provide a suitable IV generator, but traditional crypters
do not. For some (stream) ciphers, we should use sequential IVs, for which
we pass an appropriate generator to the AEAD wrapper.

src/charon-tkm/src/tkm/tkm_keymat.c

@@ -102,6 +102,7 @@ static void aead_create_from_keys(aead_t **in, aead_t **out,
 	*in = *out = NULL;
 	signer_t *signer_i, *signer_r;
 	crypter_t *crypter_i, *crypter_r;
+	iv_gen_t *ivg_i, *ivg_r;
 
 	signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
 	signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
@@ -145,15 +146,21 @@ static void aead_create_from_keys(aead_t **in, aead_t **out,
 		return;
 	}
 
+	ivg_i = iv_gen_create_for_alg(enc_alg);
+	ivg_r = iv_gen_create_for_alg(enc_alg);
+	if (!ivg_i || !ivg_r)
+	{
+		return;
+	}
 	if (initiator)
 	{
-		*in = aead_create(crypter_r, signer_r);
-		*out = aead_create(crypter_i, signer_i);
+		*in = aead_create(crypter_r, signer_r, ivg_r);
+		*out = aead_create(crypter_i, signer_i, ivg_i);
 	}
 	else
 	{
-		*in = aead_create(crypter_i, signer_i);
-		*out = aead_create(crypter_r, signer_r);
+		*in = aead_create(crypter_i, signer_i, ivg_i);
+		*out = aead_create(crypter_r, signer_r, ivg_r);
 	}
 }
 

src/libcharon/sa/ikev2/keymat_v2.c

@@ -193,6 +193,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 {
 	crypter_t *crypter_i = NULL, *crypter_r = NULL;
 	signer_t *signer_i, *signer_r;
+	iv_gen_t *ivg_i, *ivg_r;
 	size_t key_size;
 	chunk_t key = chunk_empty;
 
@@ -264,15 +265,21 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 		goto failure;
 	}
 
+	ivg_i = iv_gen_create_for_alg(enc_alg);
+	ivg_r = iv_gen_create_for_alg(enc_alg);
+	if (!ivg_i || !ivg_r)
+	{
+		goto failure;
+	}
 	if (this->initiator)
 	{
-		this->aead_in = aead_create(crypter_r, signer_r);
-		this->aead_out = aead_create(crypter_i, signer_i);
+		this->aead_in = aead_create(crypter_r, signer_r, ivg_r);
+		this->aead_out = aead_create(crypter_i, signer_i, ivg_i);
 	}
 	else
 	{
-		this->aead_in = aead_create(crypter_i, signer_i);
-		this->aead_out = aead_create(crypter_r, signer_r);
+		this->aead_in = aead_create(crypter_i, signer_i, ivg_i);
+		this->aead_out = aead_create(crypter_r, signer_r, ivg_r);
 	}
 	signer_i = signer_r = NULL;
 	crypter_i = crypter_r = NULL;

src/libipsec/esp_context.c

@@ -244,6 +244,7 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg,
 {
 	crypter_t *crypter = NULL;
 	signer_t *signer = NULL;
+	iv_gen_t *ivg;
 
 	crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len);
 	if (!crypter)
@@ -272,7 +273,13 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg,
 			 "failed");
 		goto failed;
 	}
-	this->aead = aead_create(crypter, signer);
+	ivg = iv_gen_create_for_alg(enc_alg);
+	if (!ivg)
+	{
+		DBG1(DBG_ESP, "failed to create ESP context: creating iv gen failed");
+		goto failed;
+	}
+	this->aead = aead_create(crypter, signer, ivg);
 	return TRUE;
 
 failed:

src/libstrongswan/crypto/aead.c

@@ -172,7 +172,7 @@ METHOD(aead_t, destroy, void,
 /**
  * See header
  */
-aead_t *aead_create(crypter_t *crypter, signer_t *signer)
+aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen)
 {
 	private_aead_t *this;
 
@@ -190,7 +190,7 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer)
 		},
 		.crypter = crypter,
 		.signer = signer,
-		.iv_gen = iv_gen_rand_create(),
+		.iv_gen = iv_gen,
 	);
 
 	return &this->public;

src/libstrongswan/crypto/aead.h

@@ -135,8 +135,9 @@ struct aead_t {
  *
  * @param crypter		encryption transform for this aead
  * @param signer		integrity transform for this aead
+ * @param iv_gen		suitable IV generator for encryption algorithm
  * @return				aead transform
  */
-aead_t *aead_create(crypter_t *crypter, signer_t *signer);
+aead_t *aead_create(crypter_t *crypter, signer_t *signer, iv_gen_t *iv_gen);
 
 #endif /** AEAD_H_ @}*/