[strongSwan] Custom cipher
masoudi1983 at gmail.com
Sun Aug 5 12:01:41 CEST 2012
Thank you again Martin
I used your hint for "ESP" and looked for "AES" in strongswan codes as
you suggested, so I included custom algorithm to "pfkey" as first
step. I inserted the name and ID of algorithm to
"include/linux/pfkeyv2.h" and in "kernel_pfkey_ipsec.c" in source of
linux. I tested this method with racoon before.
But I dont know how to to do it for NETLINK interface. I only know
strongswan uses NETLINK sockets to communicate with kernel but I dont
know how strongswan uses an algorithm in kernel and which functions
are related to it.
If I want strongswan to recognize my algorithm via NETLINK, what are
the files that should I change? I would be really grateful if anyone
gives any suggestion to add a custom algorithm via NETLINK interface
Thanks in advance
On Tue, Jul 24, 2012 at 2:13 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Ali,
>> Now I want to add my custom cipher to strongswan so I can use it in
>> ike and esp.
> strongSwan usually uses two crypto implementations: One for IKE in
> userland, and one for ESP directly in the kernel.
> For IKE, you might take a look at existing ciphers. First, define an
> identifier in the private space at , then you'll have to implement
> the crypter_t interface . You can use an existing cipher such as AES
>  as a template, and implement your cipher accordingly. Then you'll
> have to define keywords at  to configure proposals with your cipher.
> For ESP, this works completely different. You'll have to extend the
> Linux Crypto API by your own cipher. Looking at existing cipher should
> help, though. Once this is done, you'll have to extend our kernel
> interface and the Linux XFRM framework, assign a string identifier to
> configure your cipher.
More information about the Users