From e2a252a86f5f65b6f6a5ff80fa7f97f5b8470817 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 29 Jul 2015 11:23:34 +0200 Subject: kernel-pfkey: Add support for AES-GCM The next release of FreeBSD will support this. While Linux defines constants for AES-GCM in pfkeyv2.h since 2.6.25 it does not actually support it. When SAs are installed via PF_KEY only a lookup in XFRM's list of encryption algorithms is done, but AES-GCM is in a different table for AEAD algorithms (there is currently no lookup function to find algorithms in that table via PF_KEY identifier). --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 50b804c01..f1b975e75 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -106,6 +106,12 @@ #define SADB_X_EALG_CASTCBC SADB_X_EALG_CAST128CBC #endif +#if !defined(SADB_X_EALG_AES_GCM_ICV8) && defined(SADB_X_EALG_AESGCM8) +#define SADB_X_EALG_AES_GCM_ICV8 SADB_X_EALG_AESGCM8 +#define SADB_X_EALG_AES_GCM_ICV12 SADB_X_EALG_AESGCM12 +#define SADB_X_EALG_AES_GCM_ICV16 SADB_X_EALG_AESGCM16 +#endif + #ifndef SOL_IP #define SOL_IP IPPROTO_IP #define SOL_IPV6 IPPROTO_IPV6 @@ -826,9 +832,11 @@ static kernel_algorithm_t encryption_algs[] = { /* {ENCR_AES_CCM_ICV8, SADB_X_EALG_AES_CCM_ICV8 }, */ /* {ENCR_AES_CCM_ICV12, SADB_X_EALG_AES_CCM_ICV12 }, */ /* {ENCR_AES_CCM_ICV16, SADB_X_EALG_AES_CCM_ICV16 }, */ -/* {ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 }, */ -/* {ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 }, */ -/* {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 }, */ +#ifdef SADB_X_EALG_AES_GCM_ICV8 /* assume the others are defined too */ + {ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 }, + {ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 }, + {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 }, +#endif {END_OF_LIST, 0 }, }; -- cgit v1.2.3