[Swan-dev] added sha 2 cryptoapi support with klips

Wolfgang Nothdurft wolfgang at linogate.de
Mon May 18 15:19:40 EEST 2015

Am 11.05.2015 um 16:36 schrieb Paul Wouters:
> On Mon, 11 May 2015, Wolfgang Nothdurft wrote:
>> Since Samsung set sha2 as default for their mobile devices, I was 
>> forced to accomplish this issue with klips.
>> And fortunately I found the small problems I overlooked last year to 
>> finish it. :)
>> Samsung Galaxy S5 uses sha2_256 for xauth
>> Samsung Galaxy S6 for both xauth and l2tp
>> I updated the Ticket and added the new patch:
>> https://bugs.libreswan.org/show_bug.cgi?id=210
> Thanks! I added two interop test cases between KLIPS and NETKEy as well.
> Paul
I added a patch to my ticket that enables the sha2-truncbug option for 

In linux/net/ipsec/pfkey_v2_build.c:236 I have changed SADB_AALG_MAX to 
K_SADB_AALG_MAX, because I think that was a bug.
SADB_AALG_MAX seems not defined in kernel space and with my tests it 
shows a value of 251 instead 255, which prevents klips from using the 
truncated algo (AH_SHA2_256_TRUNC 252).


More information about the Swan-dev mailing list