I am configuring IPSec and was wondering are there
any plans to add AES to the crypto algorithms IPSec uses?
Joy
On Fri, 10 Jan 2003 [email protected] wrote:
> I am configuring IPSec and was wondering are there
> any plans to add AES to the crypto algorithms IPSec uses?
AES CBC is supported with 2.5.56 (specify 'rijndael-cbc' for setkey).
AES counter mode is not yet supported.
Also, for those wanting to use Blowfish, you'll need the patch below
against iputils-ss021109-try.
- James
--
James Morris
<[email protected]>
diff -urN -X dontdif iputils/include-glibc/net/pfkeyv2.h iputils.w1/include-glibc/net/pfkeyv2.h
--- iputils/include-glibc/net/pfkeyv2.h Sat Nov 9 13:45:52 2002
+++ iputils.w1/include-glibc/net/pfkeyv2.h Sat Jan 11 11:19:45 2003
@@ -17,7 +17,7 @@
/* private allocations - based on RFC2407/IANA assignment */
#define SADB_X_EALG_CAST128CBC 5 /*6*/
-#define SADB_X_EALG_BLOWFISHCBC 4 /*7*/
+#define SADB_X_EALG_BLOWFISHCBC 7
#define SADB_X_EALG_RIJNDAELCBC 12
#define SADB_X_EALG_AES 12