NOTE: A concurrent project is work on AES-[GC]CM, which are
self-authenticating ciphers. That's the reference in #3.
----- Forwarded message from Dan McDonald <danmcd at sun.com> -----
Date: Tue, 04 Aug 2009 15:01:01 -0400
From: Dan McDonald <dan...@sun.com>
To: Dan McDonald <danmcd at sun.com>
Cc: ipsec-core at sun.com, Sebastien.Roy at Sun.COM
Subject: Re: ipsecconf(1M) mods to cover no-authentication warning
User-Agent: Mutt/1.5.19 (2009-01-05)
<mucho snippage deleted!>
The easiest way I can think of to handle this is to have two globals:
first_set_tun --> Take out of set_tun_algs static and turn it into
a global, initialized to FALSE.
auth_covered --> Initialized to FALSE, see below for when to set to
TRUE.
The variable auth_covered gets set to TRUE whenever set_tun_algs gets called
with any of:
1.) which_alg == AH_AUTH_ALG && alg != NO_AH_AALG (line 1146)
2.) which_alg == ESP_AUTH_ALG && alg != NO_ESP_AALG (line 1131)
3.) (once Mark's done) which_alg == ESP_ENCR_ALG && IS_AUTHENICATING(ealg)
(line 1117 + check on the passed-in algorithm)
Then, where you've ripped out tun_reality_check() at the end of ifconfig,
you can replace it with this:
if (first_set_tun && !auth_covered)
warnx("WARNING - tunnel with only ESP and no authentication.");
Is this palatable? Should I be having this discussion out on osol.org yet?
Dan
----- End forwarded message -----
