[Swan] SHA2 support for ESP in KLIPS?
Elison Niven
elison.niven at cyberoam.com
Fri Jun 21 18:04:11 EEST 2013
This is great ! I compiled this with 2.6.27 and it compiled without any
errors.
However, SHA2 does not show up for ESP auth attr in ipsec auto --status.
Looking through ipsec_alg_init and ipsec_alg_static_init if I find
somethig.
On Friday 21 June 2013 07:22:26 PM IST, David McCullough wrote:
>
> Paul Wouters wrote the following:
>> On Fri, 21 Jun 2013, Elison Niven wrote:
>>
>>> Is SHA2 supported for ESP when using KLIPS?
>>> https://www.openswan.org/issues/331
>>
>> No, it is not. KLIPS should really use more of the crypto api, so
>> that these ciphers and hashes become available to it, but I'm not
>> sure how that impacts the OCF acceleration. David can probably
>> say more about that,
>
> Ok, the current cryptoapi support in klips only does ciphers.
> It would be nice if it did hashes and combined modes but it needs
> quite some work for this to happen.
>
> If I wanted SHA2 and klips quickly I would probably do it via OCF because
> the OCF crptosoft driver (thats uses the kernels cryptoapi) already
> supports SH256/SHA384 and SHA512. So all that should be needed is to
> extend ipsec_ocf to support SHA2 and test/fix the combination.
>
> The attached patch (untested, not even compiled) should get you pretty
> close. Paul, if someone can at least compile test this I am happy to have
> it included as it breaks nothing and should get us closer to working sha2
> via OCF at least,
>
> Cheers,
> Davidm
>
--
Best Regards,
Elison Niven
More information about the Swan
mailing list