[strongSwan] Authenticated encryption algorithms syntax

Martin Willi martin at strongswan.org
Wed Nov 5 12:28:19 CET 2014

Hi Emeric,

> What about the authenticated encryption algorithms (e.g. gcm)?
> Is the integrity algorithm mandatory for parsing but not used?

If you have both traditional ciphers and AEAD ciphers in a proposal,
you'll obviously need a integrity algorithm as well. If the AEAD gets
selected, the integrity algorithm is ignored. Note that according to RFC
5996 you should avoid such mixed proposals, and have separated proposals
for AEAD and non-AEAD ciphers.

For AEAD-only proposals, an integrity algorithm is not used. However,
you may still specify one to at the same time implicitly define a PRF in
an IKE proposal. The integrity algorithm is stripped implicitly from
AEAD-only proposals.

> In IKEv2, is there a functional difference between multiple proposals
> (esp=enc1-auth1-..., enc1-auth2-..., enc2-auth1-..., enc2-auth2-...)
> and multiple algorithms (esp=enc1-enc2-auth1-auth2-...)?

Yes. With multiple algorithms, the peer may select any algorithm from
each type and mix-and-match them as it likes. With multiple proposals,
the peer has to select a single proposal, i.e. you can limit the
combinations allowed.


More information about the Users mailing list