CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/09/22 07:40:05
Modified files:
sys/netinet : ip_esp.c
Log message:
Support for AES-GCM-16 and ENCR_NULL_AUTH_AES_GMAC in ESP as per
RFC 4106 and 4543.
Authentication hash key is set to be the same as an encryption key.
The length that is specified for the authentication hash descriptor
denotes the the length of Additional Authentication Data (AAD).
The encryption transformation descriptor length denotes the length
of the payload (to be encrypted and authenticated).
ENCR_NULL_AUTH_AES_GMAC treats all input as AAD, thus the encryption
length is set to zero.
This also fixes padding for stream ciphers, so that payload will
be 4-byte aligned.
