[strongSwan] Integration of custom crypto module into strongswan

Noel Kuntze noel.kuntze at thermi.consulting
Tue Jul 9 01:27:15 CEST 2019

Hello Ihor,

You probably do that best by registering your new crypto module
using a new cipher/algorithm identifier in the kernel and pulling
it all through the netlink interface and the strongSwan source code
and change the logic for handling AES-CBC and AEAD in strongSwan
around to point to logically point to your own module (now idea
how to deal with that and the kernel's wrapping of the GCM
stuff around the basic AES block cipher module).

Kind regards


Am 08.07.19 um 17:11 schrieb Ihor Bordun:
> Hello
> I am trying to implement the customized crypto kernel AES module, which should be used only to encrypt IPsec payloads.
> How can I integrate it into strongswan? 
> The custom AES version should be used only for IPsec thats why this crypto module cannot have the highest priority in kernel and used by any other crypto requests in kernel. 
> The Strongswan uses predefined cipher suites. Can I still configure strongswan in the way, it should take my custom crypto module by unique name for example or any other solution?
> Regards,
> Ihor

Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190709/84f86f1b/attachment.sig>

More information about the Users mailing list