Martin, Thank you very much for these links and the information. I have found them very useful and they will make a great example on how to do this. I appreciate it.
Regards, ~Josiah s. Yeagley -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: Saturday, April 09, 2016 4:15 AM To: Yeagley, Josiah (U.S. Person) <[email protected]> Cc: [email protected] Subject: Re: [strongSwan] Good information on adding custom ESP encryption Hi, > I believe the only real way to do this is via a kernel module using > the CrytpoAPI. It then has to be registered with the OS and > strongStwan and can then be used by specifying esp=<name you gave it> Yes, that is correct. For an example you may take a look at the patchset that implements the ChaCha20Poly1305 algorithm [1]. It exposes an AEAD to IPsec, but the mechanics are very similar if you have separate encryption/integrity algorithms. The CryptoAPI for AEAD has slightly changed since then, so better have a look at the current implementation as well. Patch 9 in that series then exposes the implemented algorithm to IPsec. In strongSwan you'll have to add a proposal keyword, an algorithm identifier for the IKE exchange, and map that identifier to the kernel algorithm name you have chosen, see [2]. Regards Martin [1]https://www.spinics.net/lists/linux-crypto/msg15123.html [2]https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=405c5dcd _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
