[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02173) Re: Two questions about IPSec & algorithms
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 02173) Re: Two questions about IPSec & algorithms
- From: Abdelkader Lahmadi <Abdelkader.Lahmadi@xxxxxxxx>
- Date: Tue, 04 Feb 2003 19:17:39 +0100
- Cc: "Garzon Maldonado, Jesus Javier" <jgarzon@xxxxxxxx>
- References: <E7ABA0128F4BB9459611B12C98E9CE7C4D4217@MADTORMAIL.indra.es>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Sender: Abdelkader.Lahmadi@xxxxxxxx
"Garzon Maldonado, Jesus Javier" wrote:
> Sorry, but I'm afraid I am not explaining my problems correctly.
>
> When you configure the kernel provided by USAGI, you can add support for AES algorithm (Cryptographic options --->AES (aka Rijndael) cipher). Then I supposed that when you do this, you can use AES algorithm for ESP encryption. However in the USAGI's IPsec howto there is no example with aes encryption and I don't know how to use it in ipsec.conf file.
>
I tested the aes algorithm but with manual keying and not using pluto. to do this i use pfkey with the corresponding
parameters
pfkey -A sa -s 2001::1 -d 2001::2 -T esp -S 1000 -p any --esp aes-cbc --espkey 0x06696f13657f970f2ce05432819caa2
the key length is 128 bits
>
> On the other side, I've been performing some tests with an IPv6 enabled FreeS/WAN (provided by Parijat Misrha). For FreeS/WAN implementations there is available a patch that adds support for other encryption algorithms (AES, blowfish, etc.) not supported by FreeS/WAN natively. This patch can be found at http://www.freeswan.ca/patches/www.irrigacion.gov.ar/juanjo/ipsec/. (Note: I couldn't apply this patch to this IPv6 version of FreeS/WAN)
>
> Since USAGI IPSec implementation is based on FreeS/WAN implementation, I supposed that USAGI algorithm implementation was based on Juanjo's implementation and I supposed also that configuration should be performed in the same way.
>
> When you tell me that I should check if SADB_EALG_AES was defined I search at usagi/pluto/kernel.c. I don't know what has this to do with Juanjo's patch.
>
> So, does USAGI IPSec implementation support AES encryption natively?
> If yes, what must I include in ipsec.conf file to use ESP with AES encryption? (I tried this: esp=aes128-sha1, but it doesn't work)
>
> Thank you very much again for your help.
>
> Javi Garzon.
>
> -----Mensaje original-----
> De: mk@xxxxxxxxxxxxxx [mailto:mk@xxxxxxxxxxxxxx]
> Enviado el: martes, 04 de febrero de 2003 15:57
> Para: Garzon Maldonado, Jesus Javier
> CC: usagi-users@xxxxxxxxxxxxxx
> Asunto: Re: (usagi-users 02170) Re: Two questions about IPSec & algorithms
>
> > No, there is no SADB_EALG_AES statement defined and/or used in pluto/kernel.c file.
> OK, where can I get AES patch for Pluto?
> I'll see it in spare time.
>
> > Sorry, I don't know what do you refer with "vanilla kernel". When I
> > unpack the file usagi-linux24-s20030120.tar.bz2 and type make
> > prepare TARGET=linux24, following directories appear (among others):
> (snipped)
> > Any of them is the vanilla kernel source tree?, which one?
> No one, I mean 'vanilla kernel' is the original linux kernel source tree.
> (You can get from anywhere. e.g. ftp.kernel.org)
>
> Other way:
>
> You can get removed cipher source files from
> http://www.linux-ipv6.org/cvsweb/usagi/kernel/linux24/crypto/ciphers/Attic/
>
> -mk