And the corresponding bits for iked(8). I don't think we need to keep
"aes-ctr" for compatibility there, do we?
Index: iked.conf.5
===================================================================
RCS file: /cvs/src/sbin/iked/iked.conf.5,v
retrieving revision 1.18
diff -u -p -r1.18 iked.conf.5
--- iked.conf.5 23 May 2012 16:40:07 -0000 1.18
+++ iked.conf.5 29 Jun 2012 15:29:48 -0000
@@ -715,7 +715,9 @@ keyword:
.It Li aes-128 Ta "128 bits" Ta ""
.It Li aes-192 Ta "192 bits" Ta ""
.It Li aes-256 Ta "256 bits" Ta ""
-.It Li aes-ctr Ta "160 bits" Ta "[ESP only]"
+.It Li aes-128-ctr Ta "160 bits" Ta "[ESP only]"
+.It Li aes-192-ctr Ta "224 bits" Ta "[ESP only]"
+.It Li aes-256-ctr Ta "288 bits" Ta "[ESP only]"
.It Li aes-128-gcm Ta "160 bits" Ta "[ESP only]"
.It Li aes-192-gcm Ta "224 bits" Ta "[ESP only]"
.It Li aes-256-gcm Ta "288 bits" Ta "[ESP only]"
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.25
diff -u -p -r1.25 parse.y
--- parse.y 29 Jun 2012 15:05:49 -0000 1.25
+++ parse.y 29 Jun 2012 16:38:39 -0000
@@ -152,7 +152,9 @@ const struct ipsec_xf ipsecencxfs[] = {
{ "aes-128", IKEV2_XFORMENCR_AES_CBC, 16, 16 },
{ "aes-192", IKEV2_XFORMENCR_AES_CBC, 24, 24 },
{ "aes-256", IKEV2_XFORMENCR_AES_CBC, 32, 32 },
- { "aes-ctr", IKEV2_XFORMENCR_AES_CTR, 16, 16, 4 },
+ { "aes-128-ctr", IKEV2_XFORMENCR_AES_CTR, 16, 16, 4 },
+ { "aes-192-ctr", IKEV2_XFORMENCR_AES_CTR, 24, 24, 4 },
+ { "aes-256-ctr", IKEV2_XFORMENCR_AES_CTR, 32, 32, 4 },
{ "aes-128-gcm", IKEV2_XFORMENCR_AES_GCM_16, 16, 16, 4, 1 },
{ "aes-192-gcm", IKEV2_XFORMENCR_AES_GCM_16, 24, 24, 4, 1 },
{ "aes-256-gcm", IKEV2_XFORMENCR_AES_GCM_16, 32, 32, 4, 1 },
--
Christian "naddy" Weisgerber [email protected]
