added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)
authorMartin Willi <martin@strongswan.org>
Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
src/charon/config/proposal.c
src/charon/kernel/kernel_interface.c

index fe113b1..98ba4d5 100644 (file)
@@ -487,6 +487,14 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
                }
        }
+       else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0)
+       {
+               add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+               if (this->protocol == PROTO_IKE)
+               {
+                       add_algorithm(this, PSEUDO_RANDOM_FUNCTION, AUTH_AES_XCBC_96, 0);
+               }
+       }
        else if (strncmp(alg.ptr, "modp768", alg.len) == 0)
        {
                add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
@@ -598,11 +606,13 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
                        add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_3DES,              0);
                        add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_BLOWFISH,        256);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
                        add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,  0);
                        break;
                case PROTO_AH:
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
                        add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,  0);
                        break;
index d620211..ffe7fea 100644 (file)
@@ -129,7 +129,7 @@ kernel_algorithm_t integrity_algs[] = {
        {AUTH_HMAC_SHA2_512_256,        "sha512",               512},
 /*     {AUTH_DES_MAC,                          "***",                  0}, */
 /*     {AUTH_KPDK_MD5,                         "***",                  0}, */
-/*     {AUTH_AES_XCBC_96,                      "***",                  0}, */
+       {AUTH_AES_XCBC_96,                      "xcbc(aes)",    128},
        {END_OF_LIST,                           NULL,                   0},
 };