[strongSwan] Some problems with charon

2009-09-03 Thread Sasha Chashinski
Hello,
I try to add ability to use my custom cipher algorithm with charon ESP in 
strongSwan4.3.4.
First, I have edited linux kernel to add this algorithm via CryptoAPI and 
XFRM interface.
Then I have use this commands to test that this algorithm is can be used by 
the kernel:

# ip xfrm state add src 192.168.95.203 dst 192.168.95.131 proto esp spi 
0x201 mode tunnel enc cbc(belt) 
0x303631383332833323233633833323233633833323233633833323233633323
# ip -s xfrm state
src 192.168.95.203 dst 192.168.95.131
 proto esp spi 0x0201(513) reqid 0(0x) mode tunnel
 replay-window 0 seq 0x flag  (0x)
 enc cbc(belt) 
0x0303631383332833323233633833323233633833323233633833323233633323 (256 
bits)
 sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
 lifetime config:
   limit: soft (INF)(bytes), hard (INF)(bytes)
   limit: soft (INF)(packets), hard (INF)(packets)
   expire add: soft 0(sec), hard 0(sec)
   expire use: soft 0(sec), hard 0(sec)
 lifetime current:
   0(bytes), 0(packets)
   add 2009-09-03 17:32:44 use -
 stats:
   replay-window 0 replay 0 failed 0
# lsmod | grep belt
belt3208  1

Then I’ve applied this patch to strongSwan src:

diff -uNrp 
strongswan-4.3.4.orig/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c 
strongswan-4.3.4.new/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
--- 
strongswan-4.3.4.orig/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c 
 2009-08-31 19:27:18.0 +0300
+++ 
strongswan-4.3.4.new/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c 
  2009-09-01 19:44:45.0 +0300
@@ -177,6 +177,7 @@ static kernel_algorithm_t encryption_alg
 {ENCR_AES_GCM_ICV16,rfc4106(gcm(aes)) },
  /* {ENCR_NULL_AUTH_AES_GMAC,   ***   }, 
*/
 {ENCR_CAMELLIA_CBC, cbc(camellia) },
+   {ENCR_BELT_CBC, cbc(belt) },
  /* {ENCR_CAMELLIA_CTR, *** 
  }, */
  /* {ENCR_CAMELLIA_CCM_ICV8,***   }, 
*/
  /* {ENCR_CAMELLIA_CCM_ICV12,   ***   }, 
*/
diff -uNrp strongswan-4.3.4.orig/src/libstrongswan/crypto/crypters/crypter.c 
strongswan-4.3.4.new/src/libstrongswan/crypto/crypters/crypter.c
--- strongswan-4.3.4.orig/src/libstrongswan/crypto/crypters/crypter.c 
  2009-08-31 19:27:18.0 +0300
+++ strongswan-4.3.4.new/src/libstrongswan/crypto/crypters/crypter.c 
   2009-09-02 18:31:26.0 +0300
@@ -46,12 +46,13 @@ ENUM_NEXT(encryption_algorithm_names, EN
 CAMELLIA_CCM_8,
 CAMELLIA_CCM_12,
 CAMELLIA_CCM_16);
-ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_TWOFISH_CBC, 
ENCR_CAMELLIA_CCM_ICV16,
+ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_BELT_CBC, 
ENCR_CAMELLIA_CCM_ICV16,
 UNDEFINED,
 DES_ECB,
 SERPENT_CBC,
-   TWOFISH_CBC);
-ENUM_END(encryption_algorithm_names, ENCR_TWOFISH_CBC);
+   TWOFISH_CBC,
+   BELT_CBC);
+ENUM_END(encryption_algorithm_names, ENCR_BELT_CBC);

  /*
   * Described in header.
diff -uNrp strongswan-4.3.4.orig/src/libstrongswan/crypto/crypters/crypter.h 
strongswan-4.3.4.new/src/libstrongswan/crypto/crypters/crypter.h
--- strongswan-4.3.4.orig/src/libstrongswan/crypto/crypters/crypter.h 
  2009-08-31 19:27:18.0 +0300
+++ strongswan-4.3.4.new/src/libstrongswan/crypto/crypters/crypter.h 
   2009-09-01 19:43:07.0 +0300
@@ -58,7 +58,8 @@ enum encryption_algorithm_t {
 ENCR_UNDEFINED =1024,
  ENCR_DES_ECB =  1025,
 ENCR_SERPENT_CBC =  1026,
-ENCR_TWOFISH_CBC =  1027
+ENCR_TWOFISH_CBC =  1027,
+ENCR_BELT_CBC = 1028
  };

  #define DES_BLOCK_SIZE  8
diff -uNrp 
strongswan-4.3.4.orig/src/libstrongswan/crypto/proposal/proposal_keywords.txt 
strongswan-4.3.4.new/src/libstrongswan/crypto/proposal/proposal_keywords.txt
--- 
strongswan-4.3.4.orig/src/libstrongswan/crypto/proposal/proposal_keywords.txt 
  2009-08-31 19:27:18.0 +0300
+++ 
strongswan-4.3.4.new/src/libstrongswan/crypto/proposal/proposal_keywords.txt 
   2009-09-02 19:15:58.0 +0300
@@ -116,3 +116,4 @@ ecp224,   DIFFIE_HELLMAN_GROUP,
  ecp256,   DIFFIE_HELLMAN_GROUP, ECP_256_BIT,  0
  ecp384,   DIFFIE_HELLMAN_GROUP, ECP_384_BIT,  0
  ecp521,   DIFFIE_HELLMAN_GROUP, ECP_521_BIT,  0
+belt, ENCRYPTION_ALGORITHM, ENCR_BELT_CBC,  256
\ No newline at end of file

I’ve tested this patched strongSwan connection between two hosts.

# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
 crlcheckinterval=180
 strictcrlpolicy=no
 plutostart=no

conn %default
 ikelifetime=60m
 

[strongSwan] How to add own cipher to strongSwan

2009-07-27 Thread Sasha Chashinski
Hello,
I want to add own cipher to strongSwan, is it posssible?
If yes can any one explain the procedure

Thanks for any help...
Alex.
 
---
Прогноз погоды ТУТ - http://pogoda.tut.by
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users