added support for AES counter mode in ESP
authorMartin Willi <martin@strongswan.org>
Mon, 27 Apr 2009 12:16:52 +0000 (12:16 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 27 Apr 2009 12:16:52 +0000 (12:16 -0000)
  proposal keywords: aes128ctr aes192ctr aes256ctr

src/charon/config/proposal_keywords.txt
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/charon/sa/keymat.c

index 22a7c22..201ce82 100644 (file)
@@ -35,6 +35,9 @@ null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
 aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
 aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
 aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
+aes128ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           128
+aes192ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           192
+aes256ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           256
 aes128ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
 aes128ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
 aes128ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
index afa7e4b..e3b6834 100644 (file)
@@ -170,7 +170,7 @@ static kernel_algorithm_t encryption_algs[] = {
 /*     {ENCR_DES_IV32,                         "***"                           }, */
        {ENCR_NULL,                             "cipher_null"           },
        {ENCR_AES_CBC,                          "aes"                           },
-/*     {ENCR_AES_CTR,                          "***"                           }, */
+       {ENCR_AES_CTR,                          "rfc3686(ctr(aes))"     },
        {ENCR_AES_CCM_ICV8,                     "rfc4309(ccm(aes))"     },
        {ENCR_AES_CCM_ICV12,            "rfc4309(ccm(aes))"     },
        {ENCR_AES_CCM_ICV16,            "rfc4309(ccm(aes))"     },
index 819ff5a..262162b 100644 (file)
@@ -415,17 +415,18 @@ static bool derive_child_keys(private_keymat_t *this,
                /* to bytes */
                enc_size /= 8;
                
-               /* CCM/GCM needs additional bytes */
+               /* CCM/GCM/CTR needs additional bytes */
                switch (enc_alg)
                {
                        case ENCR_AES_CCM_ICV8:
                        case ENCR_AES_CCM_ICV12:
                        case ENCR_AES_CCM_ICV16:
                                enc_size += 3;
-                               break;          
+                               break;
                        case ENCR_AES_GCM_ICV8:
                        case ENCR_AES_GCM_ICV12:
                        case ENCR_AES_GCM_ICV16:
+                       case ENCR_AES_CTR:
                                enc_size += 4;
                                break;
                        default: