Re: IPSec

From: James Morris (jmorris@intercode.com.au)
Date: Fri Jan 10 2003 - 19:21:10 EST


On Fri, 10 Jan 2003 latten@austin.ibm.com wrote:

> I am configuring IPSec and was wondering are there
> any plans to add AES to the crypto algorithms IPSec uses?

AES CBC is supported with 2.5.56 (specify 'rijndael-cbc' for setkey).
AES counter mode is not yet supported.

Also, for those wanting to use Blowfish, you'll need the patch below
against iputils-ss021109-try.

- James

-- 
James Morris
<jmorris@intercode.com.au>

diff -urN -X dontdif iputils/include-glibc/net/pfkeyv2.h iputils.w1/include-glibc/net/pfkeyv2.h --- iputils/include-glibc/net/pfkeyv2.h Sat Nov 9 13:45:52 2002 +++ iputils.w1/include-glibc/net/pfkeyv2.h Sat Jan 11 11:19:45 2003 @@ -17,7 +17,7 @@ /* private allocations - based on RFC2407/IANA assignment */ #define SADB_X_EALG_CAST128CBC 5 /*6*/ -#define SADB_X_EALG_BLOWFISHCBC 4 /*7*/ +#define SADB_X_EALG_BLOWFISHCBC 7 #define SADB_X_EALG_RIJNDAELCBC 12 #define SADB_X_EALG_AES 12

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Jan 15 2003 - 22:00:35 EST