diff options
| author | Martin Willi <martin@strongswan.org> | 2006-06-09 07:31:30 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-06-09 07:31:30 +0000 |
| commit | 5c131a016b61f9f7b6d4249a0d6a84d0cc9f1c66 (patch) | |
| tree | 99cf6b8aa6eb5cb4d158a57670d8defbe650abb5 /src/charon/threads/stroke_interface.c | |
| parent | b7f9ca5837bae541ed789d7a3e194a6347512232 (diff) | |
| download | strongswan-5c131a016b61f9f7b6d4249a0d6a84d0cc9f1c66.tar.bz2 strongswan-5c131a016b61f9f7b6d4249a0d6a84d0cc9f1c66.tar.xz | |
specifying keysize in bits, as it is required in IKEv2
added generic kernel SA algorithm handling, which brings us:
aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
Diffstat (limited to 'src/charon/threads/stroke_interface.c')
| -rwxr-xr-x | src/charon/threads/stroke_interface.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index 33de8012a..b2d49c946 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -311,7 +311,7 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) my_host, other_host, RSA_DIGITAL_SIGNATURE); proposal = proposal_create(PROTO_IKE); - proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); @@ -334,8 +334,12 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) policy = policy_create(msg->add_conn.name, my_id, other_id); proposal = proposal_create(PROTO_ESP); - proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256); proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); policy->add_proposal(policy, proposal); policy->add_my_traffic_selector(policy, my_ts); policy->add_other_traffic_selector(policy, other_ts); @@ -514,6 +518,7 @@ logger_context_t get_context(char *context) else if (strcasecmp(context, "CONFG") == 0) return CONFIG; else if (strcasecmp(context, "ENCPL") == 0) return ENCRYPTION_PAYLOAD; else if (strcasecmp(context, "PAYLD") == 0) return PAYLOAD; + else if (strcasecmp(context, "XFRM") == 0) return XFRM; else return -2; } |