kernel-pfkey: Enable macOS native AES_GCM_ICV16 support
authorRuben Tytgat <ruben_tytgat@hotmail.com>
Thu, 5 Jul 2018 15:54:42 +0000 (17:54 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 6 Jul 2018 08:25:55 +0000 (10:25 +0200)
macOS supports AES_GCM_ICV16 natively using PF_KEYv2.

This change enables AES_GCM if the corresponding definition is detected
in the headers.

With this change it is no longer necessary to use the libipsec module to
use AES_GCM on macOS.

Closes strongswan/strongswan#107.

src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index b937a76..34089f9 100644 (file)
@@ -890,6 +890,8 @@ static kernel_algorithm_t encryption_algs[] = {
        {ENCR_AES_GCM_ICV8,                     SADB_X_EALG_AES_GCM_ICV8        },
        {ENCR_AES_GCM_ICV12,            SADB_X_EALG_AES_GCM_ICV12       },
        {ENCR_AES_GCM_ICV16,            SADB_X_EALG_AES_GCM_ICV16       },
+#elif defined(SADB_X_EALG_AES_GCM) /* macOS */
+       {ENCR_AES_GCM_ICV16,            SADB_X_EALG_AES_GCM                     },
 #endif
 #ifdef SADB_X_EALG_CAMELLIACBC
        {ENCR_CAMELLIA_CBC,                     SADB_X_EALG_CAMELLIACBC         },