From: Aristeu Rozanski <arozansk@redhat.com>
Date: Fri, 8 Feb 2008 00:01:00 -0500
Subject: [net] ipsec: allow CTR mode use with AES
Message-id: 20080208050058.GD968@redhat.com
O-Subject: [RHEL5.2 PATCH] ipsec: allow CTR mode use with AES
Bugzilla: 430164
https://bugzilla.redhat.com/show_bug.cgi?id=430164
This patch allows CTR mode to be used with AES algorithm and it's needed
for ipsec conformance testing and IPv6 DoD certification.
Upstream: davem already picked up the patch and plan to integrate it upstream
Brew build id: 1159517
diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index fc2c5ba..01a38ed 100644
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -297,6 +297,7 @@ struct sadb_x_sec_ctx {
#define SADB_X_EALG_BLOWFISHCBC 7
#define SADB_EALG_NULL 11
#define SADB_X_EALG_AESCBC 12
+#define SADB_X_EALG_AESCTR 13
#define SADB_X_EALG_AES_CCM_ICV8 14
#define SADB_X_EALG_AES_CCM_ICV12 15
#define SADB_X_EALG_AES_CCM_ICV16 16
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index ca87d54..6f31d1b 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -334,6 +334,23 @@ static struct xfrm_nalgo_desc ealg_list[] = {
.sadb_alg_maxbits = 256
}
},
+{
+ .name = "rfc3686(ctr(aes))",
+
+ .uinfo = {
+ .encr = {
+ .blockbits = 128,
+ .defkeybits = 160, /* 128-bit key + 32-bit nonce */
+ }
+ },
+
+ .desc = {
+ .sadb_alg_id = SADB_X_EALG_AESCTR,
+ .sadb_alg_ivlen = 8,
+ .sadb_alg_minbits = 128,
+ .sadb_alg_maxbits = 256
+ }
+},
};
static struct xfrm_nalgo_desc calg_list[] = {
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2739
