diff options
| author | Martin Willi <martin@strongswan.org> | 2007-04-23 13:00:20 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-04-23 13:00:20 +0000 |
| commit | c80e8ba11a252e8352b2b9523d0939d5a9f1a3c8 (patch) | |
| tree | de2cfb8405cbc0ff6776b50766b7a97ea9ef8b56 | |
| parent | 17712ea86644c1d40b4492a3240534bde7608c06 (diff) | |
| download | strongswan-c80e8ba11a252e8352b2b9523d0939d5a9f1a3c8.tar.bz2 strongswan-c80e8ba11a252e8352b2b9523d0939d5a9f1a3c8.tar.xz | |
added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)
| -rw-r--r-- | src/charon/config/proposal.c | 10 | ||||
| -rw-r--r-- | src/charon/kernel/kernel_interface.c | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index fe113b1d8..98ba4d5c6 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -487,6 +487,14 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); } } + else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0) + { + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); + if (this->protocol == PROTO_IKE) + { + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, AUTH_AES_XCBC_96, 0); + } + } else if (strncmp(alg.ptr, "modp768", alg.len) == 0) { add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); @@ -598,11 +606,13 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; case PROTO_AH: add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index d620211be..ffe7fea98 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -129,7 +129,7 @@ kernel_algorithm_t integrity_algs[] = { {AUTH_HMAC_SHA2_512_256, "sha512", 512}, /* {AUTH_DES_MAC, "***", 0}, */ /* {AUTH_KPDK_MD5, "***", 0}, */ -/* {AUTH_AES_XCBC_96, "***", 0}, */ + {AUTH_AES_XCBC_96, "xcbc(aes)", 128}, {END_OF_LIST, NULL, 0}, }; |