Thank you again Martin I used your hint for "ESP" and looked for "AES" in strongswan codes as you suggested, so I included custom algorithm to "pfkey" as first step. I inserted the name and ID of algorithm to "include/linux/pfkeyv2.h" and in "kernel_pfkey_ipsec.c" in source of linux. I tested this method with racoon before.
But I dont know how to to do it for NETLINK interface. I only know strongswan uses NETLINK sockets to communicate with kernel but I dont know how strongswan uses an algorithm in kernel and which functions are related to it. If I want strongswan to recognize my algorithm via NETLINK, what are the files that should I change? I would be really grateful if anyone gives any suggestion to add a custom algorithm via NETLINK interface to kernel. Thanks in advance On Tue, Jul 24, 2012 at 2:13 PM, Martin Willi <[email protected]> wrote: > Hi Ali, > >> Now I want to add my custom cipher to strongswan so I can use it in >> ike and esp. > > strongSwan usually uses two crypto implementations: One for IKE in > userland, and one for ESP directly in the kernel. > > For IKE, you might take a look at existing ciphers. First, define an > identifier in the private space at [1], then you'll have to implement > the crypter_t interface [2]. You can use an existing cipher such as AES > [3] as a template, and implement your cipher accordingly. Then you'll > have to define keywords at [4] to configure proposals with your cipher. > > For ESP, this works completely different. You'll have to extend the > Linux Crypto API by your own cipher. Looking at existing cipher should > help, though. Once this is done, you'll have to extend our kernel > interface and the Linux XFRM framework, assign a string identifier to > configure your cipher. > > Regards > Martin > > [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/crypters/crypter.h;h=4c273059b2c6b4c4674c8bef85afb494592b3b49;hb=HEAD#l33 > [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/crypters/crypter.h;h=4c273059b2c6b4c4674c8bef85afb494592b3b49;hb=HEAD#l81 > [3]http://git.strongswan.org/?p=strongswan.git;a=tree;f=src/libstrongswan/plugins/aes > [4]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/proposal/proposal_keywords.txt > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
