[Swan-dev] added sha 2 cryptoapi support with klips

Wolfgang Nothdurft wolfgang at linogate.de
Mon May 18 15:19:40 EEST 2015


Am 11.05.2015 um 16:36 schrieb Paul Wouters:
> On Mon, 11 May 2015, Wolfgang Nothdurft wrote:
>
>> Since Samsung set sha2 as default for their mobile devices, I was 
>> forced to accomplish this issue with klips.
>>
>> And fortunately I found the small problems I overlooked last year to 
>> finish it. :)
>>
>> Samsung Galaxy S5 uses sha2_256 for xauth
>> Samsung Galaxy S6 for both xauth and l2tp
>>
>> I updated the Ticket and added the new patch:
>>
>> https://bugs.libreswan.org/show_bug.cgi?id=210
>
> Thanks! I added two interop test cases between KLIPS and NETKEy as well.
>
> Paul
I added a patch to my ticket that enables the sha2-truncbug option for 
klips.

In linux/net/ipsec/pfkey_v2_build.c:236 I have changed SADB_AALG_MAX to 
K_SADB_AALG_MAX, because I think that was a bug.
SADB_AALG_MAX seems not defined in kernel space and with my tests it 
shows a value of 251 instead 255, which prevents klips from using the 
truncated algo (AH_SHA2_256_TRUNC 252).

Wolfgang


More information about the Swan-dev mailing list