New AES modes for IPSec, user space components.
Update setkey and libipsec to understand aes-gcm-16 as an encryption method. A partial commit of the work in review D2936. Submitted by: eri Reviewed by: jmg MFC after: 2 weeks Sponsored by: Rubicon Communications (Netgate)
This commit is contained in:
parent
cb207f93ca
commit
987de84445
@ -187,6 +187,9 @@ static struct val2str str_alg_enc[] = {
|
||||
#ifdef SADB_X_EALG_AESCTR
|
||||
{ SADB_X_EALG_AESCTR, "aes-ctr", },
|
||||
#endif
|
||||
#ifdef SADB_X_EALG_AESGCM16
|
||||
{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
|
||||
#endif
|
||||
#ifdef SADB_X_EALG_CAMELLIACBC
|
||||
{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
|
||||
#endif
|
||||
|
@ -627,11 +627,12 @@ des-deriv 64 ipsec-ciph-des-derived-01
|
||||
3des-deriv 192 no document
|
||||
rijndael-cbc 128/192/256 rfc3602
|
||||
aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
|
||||
aes-gcm-16 160/224/288 rfc4106
|
||||
camellia-cbc 128/192/256 rfc4312
|
||||
.Ed
|
||||
.Pp
|
||||
Note that the first 128/192/256 bits of a key for
|
||||
.Li aes-ctr
|
||||
.Li aes-ctr or aes-gcm-16
|
||||
will be used as AES key, and remaining 32 bits will be used as nonce.
|
||||
.Pp
|
||||
The following are the list of compression algorithms that can be used
|
||||
|
@ -168,6 +168,7 @@ tcp { yylval.num = 0; return(PR_TCP); }
|
||||
<S_ENCALG>rijndael-cbc { yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
|
||||
<S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
|
||||
<S_ENCALG>camellia-cbc { yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
|
||||
<S_ENCALG>aes-gcm-16 { yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); }
|
||||
|
||||
/* compression algorithms */
|
||||
{hyphen}C { return(F_COMP); }
|
||||
|
@ -343,6 +343,9 @@ struct sadb_x_nat_t_frag {
|
||||
#define SADB_X_AALG_SHA2_512 7
|
||||
#define SADB_X_AALG_RIPEMD160HMAC 8
|
||||
#define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */
|
||||
#define SADB_X_AALG_AES128GMAC 11 /* RFC4543 + Errata1821 */
|
||||
#define SADB_X_AALG_AES192GMAC 12
|
||||
#define SADB_X_AALG_AES256GMAC 13
|
||||
/* private allocations should use 249-255 (RFC2407) */
|
||||
#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
|
||||
#define SADB_X_AALG_SHA 250 /* Keyed SHA */
|
||||
@ -360,8 +363,12 @@ struct sadb_x_nat_t_frag {
|
||||
#define SADB_X_EALG_BLOWFISHCBC 7
|
||||
#define SADB_X_EALG_RIJNDAELCBC 12
|
||||
#define SADB_X_EALG_AES 12
|
||||
#define SADB_X_EALG_AESGCM8 18 /* RFC4106 */
|
||||
#define SADB_X_EALG_AESGCM12 19
|
||||
#define SADB_X_EALG_AESGCM16 20
|
||||
/* private allocations - based on RFC4312/IANA assignment */
|
||||
#define SADB_X_EALG_CAMELLIACBC 22
|
||||
#define SADB_X_EALG_AESGMAC 23 /* RFC4543 + Errata1821 */
|
||||
/* private allocations should use 249-255 (RFC2407) */
|
||||
#define SADB_X_EALG_SKIPJACK 249 /*250*/ /* for IPSEC */
|
||||
#define SADB_X_EALG_AESCTR 250 /*249*/ /* draft-ietf-ipsec-ciph-aes-ctr-03 */
|
||||
|
@ -156,6 +156,9 @@ static struct val2str ipsec_espnames[] = {
|
||||
#endif
|
||||
#ifdef SADB_X_EALG_AESCTR
|
||||
{ SADB_X_EALG_AESCTR, "aes-ctr", },
|
||||
#endif
|
||||
#ifdef SADB_X_EALG_AESGCM16
|
||||
{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
|
||||
#endif
|
||||
{ -1, NULL },
|
||||
};
|
||||
|
Loading…
x
Reference in New Issue
Block a user