added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)

author Martin Willi <martin@strongswan.org>

Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)

committer Martin Willi <martin@strongswan.org>

Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
author Martin Willi <martin@strongswan.org>
Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
committer Martin Willi <martin@strongswan.org>
Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c

index fe113b1..98ba4d5 100644 (file)
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -487,6 +487,14 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
                         add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
                 }
         }
+       else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0)
+       {
+               add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+               if (this->protocol == PROTO_IKE)
+               {
+                       add_algorithm(this, PSEUDO_RANDOM_FUNCTION, AUTH_AES_XCBC_96, 0);
+               }
+       }
         else if (strncmp(alg.ptr, "modp768", alg.len) == 0)
         {
                 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
@@ -598,11 +606,13 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
                         add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_3DES,              0);
                         add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_BLOWFISH,        256);
                         add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
                         add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
                         add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,  0);
                         break;
                 case PROTO_AH:
                         add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
                         add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
                         add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,  0);
                         break;
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c

index d620211..ffe7fea 100644 (file)
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -129,7 +129,7 @@ kernel_algorithm_t integrity_algs[] = {
         {AUTH_HMAC_SHA2_512_256,        "sha512",               512},
  /*     {AUTH_DES_MAC,                          "***",                  0}, */
  /*     {AUTH_KPDK_MD5,                         "***",                  0}, */
-/*     {AUTH_AES_XCBC_96,                      "***",                  0}, */
+       {AUTH_AES_XCBC_96,                      "xcbc(aes)",    128},
         {END_OF_LIST,                           NULL,                   0},
  };
author	Martin Willi <martin@strongswan.org>
	Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
committer	Martin Willi <martin@strongswan.org>
	Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)
src/charon/config/proposal.c		patch \| blob \| history
src/charon/kernel/kernel_interface.c		patch \| blob \| history