[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02172) Re: Two questions about IPSec & algorithms

To: <usagi-users@xxxxxxxxxxxxxx>
Subject: (usagi-users 02172) Re: Two questions about IPSec & algorithms
From: "Garzon Maldonado, Jesus Javier" <jgarzon@xxxxxxxx>
Date: Tue, 4 Feb 2003 17:14:33 +0100
Reply-to: usagi-users@xxxxxxxxxxxxxx
Thread-index: AcLMXX41ez74WoDMSCqHgOg77agFQwAAvQZA
Thread-topic: (usagi-users 02170) Re: Two questions about IPSec & algorithms

Sorry, but I'm afraid I am not explaining my problems correctly.

When you configure the kernel provided by USAGI, you can add support for AES algorithm (Cryptographic options  --->AES (aka Rijndael) cipher). Then I supposed that when you do this, you can use AES algorithm for ESP encryption. However in the USAGI's IPsec howto there is no example with aes encryption and I don't know how to use it in ipsec.conf file.

On the other side, I've been performing some tests with an IPv6 enabled FreeS/WAN (provided by Parijat Misrha). For FreeS/WAN implementations there is available a patch that adds support for other encryption algorithms (AES, blowfish, etc.) not supported by FreeS/WAN natively. This patch can be found at http://www.freeswan.ca/patches/www.irrigacion.gov.ar/juanjo/ipsec/. (Note: I couldn't apply this patch to this IPv6 version of FreeS/WAN)

Since USAGI IPSec implementation is based on FreeS/WAN implementation, I supposed that USAGI algorithm implementation was based on Juanjo's implementation and I supposed also that configuration should be performed in the same way.

When you tell me that I should check if SADB_EALG_AES was defined I search at usagi/pluto/kernel.c. I don't know what has this to do with Juanjo's patch.

So, does USAGI IPSec implementation support AES encryption natively?
If yes, what must I include in ipsec.conf file to use ESP with AES encryption? (I tried this: esp=aes128-sha1, but it doesn't work)

Thank you very much again for your help.

Javi Garzon.


-----Mensaje original-----
De: mk@xxxxxxxxxxxxxx [mailto:mk@xxxxxxxxxxxxxx]
Enviado el: martes, 04 de febrero de 2003 15:57
Para: Garzon Maldonado, Jesus Javier
CC: usagi-users@xxxxxxxxxxxxxx
Asunto: Re: (usagi-users 02170) Re: Two questions about IPSec & algorithms



> No, there is no SADB_EALG_AES statement defined and/or used in pluto/kernel.c file.
OK, where can I get AES patch for Pluto?
I'll see it in spare time.

> Sorry, I don't know what do you refer with "vanilla kernel". When I
> unpack the file usagi-linux24-s20030120.tar.bz2 and type make
> prepare TARGET=linux24, following directories appear (among others):
(snipped)
> Any of them is the vanilla kernel source tree?, which one?
No one, I mean 'vanilla kernel' is the original linux kernel source tree.
(You can get from anywhere. e.g. ftp.kernel.org)

Other way:

You can get removed cipher source files from 
http://www.linux-ipv6.org/cvsweb/usagi/kernel/linux24/crypto/ciphers/Attic/


-mk

Follow-Ups:
- (usagi-users 02186) Re: Two questions about IPSec & algorithms
  - From: Parijat
- (usagi-users 02175) Re: Two questions about IPSec & algorithms
  - From: Mitsuru KANDA / 神田充
- (usagi-users 02173) Re: Two questions about IPSec & algorithms
  - From: Abdelkader Lahmadi

Prev by Date: (usagi-users 02171) Re: Two questions about IPSec & algorithms
Next by Date: (usagi-users 02173) Re: Two questions about IPSec & algorithms
Previous by thread: (usagi-users 02171) Re: Two questions about IPSec & algorithms
Next by thread: (usagi-users 02173) Re: Two questions about IPSec & algorithms
Index(es):
- Date
- Thread