Re: AES CTR, CCM, GCM in IPSec with KINK
[Prev by ID]
[Next by ID]
[Prev by Thread]
[Next by Thread]
[Monthly ID Index]
[Monthly Thread Index]
[Top Index]
> Linux supports many mode of encryption such as CBC, CTR, CCM and GCM.
> It is possible to configure kink so that it can set SA policy with CTR
> enabled? So far, I think only CBC is working, I couldn't find any way
> to enable CTR. If this is true, what is the constraint for this
> limitation?
For AES-CTR, it is only because kinkd does not know the mapping
between ISAKMP and PF_KEYv2 identifiers of AES-CTR. I think it is
easy to implement it.
For CCM and GCM, we first need to modify the PF_KEYv2 interface
(including the kernel) to support them.
Prev by ID: IKEv2 Timers
Next by ID: Child SA being created endlessly
Prev by Thread: AES CTR, CCM, GCM in IPSec with KINK
Next by Thread: Child SA being created endlessly
[Monthly ID Index]
[Monthly Thread Index]
[Top Index]