[strongSwan] Custom cipher

Martin Willi martin at strongswan.org
Tue Jul 24 11:43:19 CEST 2012

Hi Ali,

> Now I want to add my custom cipher to strongswan so I can use it in
> ike and esp.

strongSwan usually uses two crypto implementations: One for IKE in
userland, and one for ESP directly in the kernel.

For IKE, you might take a look at existing ciphers. First, define an
identifier in the private space at [1], then you'll have to implement
the crypter_t interface [2]. You can use an existing cipher such as AES
[3] as a template, and implement your cipher accordingly. Then you'll
have to define keywords at [4] to configure proposals with your cipher.

For ESP, this works completely different. You'll have to extend the
Linux Crypto API by your own cipher. Looking at existing cipher should
help, though. Once this is done, you'll have to extend our kernel
interface and the Linux XFRM framework, assign a string identifier to
configure your cipher.



More information about the Users mailing list