From: Tamer R. <mt...@gm...> - 2013-05-30 19:57:27
|
Hi, I am working on a project that requires the use of AES-GCM with setkey. I know this mode is not supported in setkey. Does anybody have a rough idea what would be needed to get this supported? Regards |
From: Timo T. <tim...@ik...> - 2013-06-03 05:55:44
|
On Thu, 30 May 2013 15:57:00 -0400 Tamer Refaei <mt...@gm...> wrote: > I am working on a project that requires the use of AES-GCM with > setkey. I know this mode is not supported in setkey. Does anybody > have a rough idea what would be needed to get this supported? ipsec-tools CVS HEAD has support for AES-GCM in setkey. Please take a look at there. Appropriate kernel support is needed - availability depends on the OS and kernel version you are using. - Timo |
From: Tamer R. <mt...@gm...> - 2013-06-04 02:24:24
|
Thanks, How do I know if there is appropriate kernel support? I am using a 3.7.9-104 (Fedora 17). Thanks On Mon, Jun 3, 2013 at 1:57 AM, Timo Teras <tim...@ik...> wrote: > On Thu, 30 May 2013 15:57:00 -0400 > Tamer Refaei <mt...@gm...> wrote: > > > I am working on a project that requires the use of AES-GCM with > > setkey. I know this mode is not supported in setkey. Does anybody > > have a rough idea what would be needed to get this supported? > > ipsec-tools CVS HEAD has support for AES-GCM in setkey. Please take a > look at there. Appropriate kernel support is needed - availability > depends on the OS and kernel version you are using. > > - Timo > -- ---------------------------------- Tamer Refaei |
From: Tamer R. <mt...@gm...> - 2013-06-05 15:46:04
|
So I managed to get a hold of the version of ipsec-tools that has AES-GCM support. Here is a script that I try to execute through setkey: flush; spdflush; add 10.0.0.2 224.1.2.3 ah 24500 -m tunnel -A hmac-sha384 "123456789012345678901234567890123456789012345678"; add 10.0.0.1 224.1.2.3 esp 24511 -m tunnel -E aes-gcm-16 "12345678901234567890"; and I keep getting this error at the aes-gcm-q6 line. "syntax error at [12345678901234567890] parse failed" What am I doing wrong? Thanks for all the help On Mon, Jun 3, 2013 at 10:23 PM, Tamer Refaei <mt...@gm...> wrote: > Thanks, > > How do I know if there is appropriate kernel support? I am using a > 3.7.9-104 (Fedora 17). > > Thanks > > > On Mon, Jun 3, 2013 at 1:57 AM, Timo Teras <tim...@ik...> wrote: > >> On Thu, 30 May 2013 15:57:00 -0400 >> Tamer Refaei <mt...@gm...> wrote: >> >> > I am working on a project that requires the use of AES-GCM with >> > setkey. I know this mode is not supported in setkey. Does anybody >> > have a rough idea what would be needed to get this supported? >> >> ipsec-tools CVS HEAD has support for AES-GCM in setkey. Please take a >> look at there. Appropriate kernel support is needed - availability >> depends on the OS and kernel version you are using. >> >> - Timo >> > > > > -- > > ---------------------------------- > Tamer Refaei > -- ---------------------------------- Tamer Refaei |