[Swan] SHA2 support for ESP in KLIPS?
David McCullough
ucdevel at gmail.com
Sat Jun 22 01:06:08 EEST 2013
Elison Niven wrote the following:
> This is great ! I compiled this with 2.6.27 and it compiled without
> any errors.
> However, SHA2 does not show up for ESP auth attr in ipsec auto --status.
>
> Looking through ipsec_alg_init and ipsec_alg_static_init if I find
> somethig.
Ok, thats patch was not quote there and doesn't actually build.
To use it you will need to build and install ocf-linux. Get the latest
from sourceforge and follow the READ for the quickstart and openswan
section should get what you want.
Attached is the compile tested version ;-)
Cheers,
Davidm
>
> On Friday 21 June 2013 07:22:26 PM IST, David McCullough wrote:
> >
> >Paul Wouters wrote the following:
> >>On Fri, 21 Jun 2013, Elison Niven wrote:
> >>
> >>>Is SHA2 supported for ESP when using KLIPS?
> >>>https://www.openswan.org/issues/331
> >>
> >>No, it is not. KLIPS should really use more of the crypto api, so
> >>that these ciphers and hashes become available to it, but I'm not
> >>sure how that impacts the OCF acceleration. David can probably
> >>say more about that,
> >
> >Ok, the current cryptoapi support in klips only does ciphers.
> >It would be nice if it did hashes and combined modes but it needs
> >quite some work for this to happen.
> >
> >If I wanted SHA2 and klips quickly I would probably do it via OCF because
> >the OCF crptosoft driver (thats uses the kernels cryptoapi) already
> >supports SH256/SHA384 and SHA512. So all that should be needed is to
> >extend ipsec_ocf to support SHA2 and test/fix the combination.
> >
> >The attached patch (untested, not even compiled) should get you pretty
> >close. Paul, if someone can at least compile test this I am happy to have
> >it included as it breaks nothing and should get us closer to working sha2
> >via OCF at least,
> >
> >Cheers,
> >Davidm
> >
>
> --
> Best Regards,
> Elison Niven
>
--
David McCullough, davidm at spottygum.com, Ph: 0410 560 763
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sha2-2.patch
Type: text/x-diff
Size: 2273 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130622/185114d6/attachment.bin>
More information about the Swan
mailing list