[Swan-dev] the great algorithm rename
Andrew Cagney
andrew.cagney at gmail.com
Thu Jul 27 21:16:58 UTC 2017
On 27 July 2017 at 16:47, Paul Wouters <paul at nohats.ca> wrote:
> On Wed, 26 Jul 2017, Andrew Cagney wrote:
>
>> Subject: Re: [Swan-dev] the great algorithm rename
>>
>> FYI, I did a partial merge (I don't like sitting on changes),
>
>
> So what part is still missing?
Any code in pluto that prints the crypto-suite that is either proposed
or selected. For instance, switching to consistent names would affect
output like:
134 "xauth-road-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2
{auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=sha2_512
group=MODP2048}
004 "xauth-road-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established
tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_GCM_C_256-NONE
NATOA=none NATD=none DPD=passive}
fixing it involves sed.
>> For instance:
>>
>> $ ./algparse -v ike=aes
>> ./algparse Encryption algorithms:
>> ./algparse AES_CCM_16 IKEv1: ESP IKEv2: ESP
>> FIPS {256,192,*128} (aes_ccm aes_ccm_c)
>
>
> I'm confused "aes" can mean aes_ccm? Shouldn't it only refer to aes_cbc ?
the above is for AES_CCM_16. Begs the question, should our
"preferred" fully qualified name be AES_CCM_C or AES_CCM_16, the
parser accepts either.
For plain AES there is the line:
AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS
{256,192,*128} (aes)
> Paul
More information about the Swan-dev
mailing list