[Swan] SHA2 support for ESP in KLIPS?
David McCullough
ucdevel at gmail.com
Fri Jun 21 16:52:26 EEST 2013
Paul Wouters wrote the following:
> On Fri, 21 Jun 2013, Elison Niven wrote:
>
> >Is SHA2 supported for ESP when using KLIPS?
> >https://www.openswan.org/issues/331
>
> No, it is not. KLIPS should really use more of the crypto api, so
> that these ciphers and hashes become available to it, but I'm not
> sure how that impacts the OCF acceleration. David can probably
> say more about that,
Ok, the current cryptoapi support in klips only does ciphers.
It would be nice if it did hashes and combined modes but it needs
quite some work for this to happen.
If I wanted SHA2 and klips quickly I would probably do it via OCF because
the OCF crptosoft driver (thats uses the kernels cryptoapi) already
supports SH256/SHA384 and SHA512. So all that should be needed is to
extend ipsec_ocf to support SHA2 and test/fix the combination.
The attached patch (untested, not even compiled) should get you pretty
close. Paul, if someone can at least compile test this I am happy to have
it included as it breaks nothing and should get us closer to working sha2
via OCF at least,
Cheers,
Davidm
--
David McCullough, davidm at spottygum.com, Ph: 0410 560 763
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sha2.patch
Type: text/x-diff
Size: 2257 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130621/480fb36e/attachment.bin>
More information about the Swan
mailing list