[strongSwan] Custom cipher

Ali Masoudi masoudi1983 at gmail.com
Sun Aug 5 12:01:41 CEST 2012 

Thank you again Martin

I used your hint for "ESP" and looked for "AES" in strongswan codes as
you suggested, so I included custom algorithm to "pfkey" as first
step. I inserted the name and ID of algorithm to
"include/linux/pfkeyv2.h" and in "kernel_pfkey_ipsec.c" in source of
linux. I tested this method with racoon before.

But I dont know how to to do it for NETLINK interface. I only know
strongswan uses NETLINK sockets to communicate with kernel but I dont
know how strongswan uses an algorithm in kernel and which functions
are related to it.
If I want strongswan to recognize my algorithm via NETLINK, what are
the files that should I change? I would be really grateful if anyone
gives any suggestion to add a custom algorithm via NETLINK interface
to kernel.

Thanks in advance



On Tue, Jul 24, 2012 at 2:13 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Ali,
>
>> Now I want to add my custom cipher to strongswan so I can use it in
>> ike and esp.
>
> strongSwan usually uses two crypto implementations: One for IKE in
> userland, and one for ESP directly in the kernel.
>
> For IKE, you might take a look at existing ciphers. First, define an
> identifier in the private space at [1], then you'll have to implement
> the crypter_t interface [2]. You can use an existing cipher such as AES
> [3] as a template, and implement your cipher accordingly. Then you'll
> have to define keywords at [4] to configure proposals with your cipher.
>
> For ESP, this works completely different. You'll have to extend the
> Linux Crypto API by your own cipher. Looking at existing cipher should
> help, though. Once this is done, you'll have to extend our kernel
> interface and the Linux XFRM framework, assign a string identifier to
> configure your cipher.
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/crypters/crypter.h;h=4c273059b2c6b4c4674c8bef85afb494592b3b49;hb=HEAD#l33
> [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/crypters/crypter.h;h=4c273059b2c6b4c4674c8bef85afb494592b3b49;hb=HEAD#l81
> [3]http://git.strongswan.org/?p=strongswan.git;a=tree;f=src/libstrongswan/plugins/aes
> [4]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/proposal/proposal_keywords.txt
>

More information about the Users mailing list