Re: [Ipsec-tools-devel] Cryptography

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ipsec-tools calls an cryptographyc algorithm to do authentication and
encryption/decryption of the packets.
I want that  Ipsec-tools calls MY cryptographic algorithm.

For example, in setkey.conf:

# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.1.100 192.168.2.100 esp 0x201 -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 192.168.2.100 192.168.1.100 esp 0x301 -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;

Instead of use "-E 3des-cbc" I will put "- E hwaes" and the setkey will call
my cryptographic algorithm.

2006/11/25, Matthew Grooms <mg...@sh...>:
>
> Marcelo Marleta wrote:
> > Thanks for the answers.
> > But I think I was not very clear.
> > I have an AES implemented in hardware and I call it using C.  I just
> > want to make a branch in the ipsec-tools to call my AES instead of the
> > one that comes with ipsec-tools.
> > I'm changing the parser and I want to know what all the things I have to
> > change in setkey and racoon.
> > For example: which function calls the cryptographyc algorithm?
> > I'm looking at the struct m_sa. I have to use it to make the branch?
> >
>
> Marcelo,
>
>         What do you need to accelerate using your AES hardware? The
> ipsec-tools
> package only includes an internet key exchange daemon and the pfkey
> utilities. If you want to accelerate ipsec packet processing, you need
> to look at the kernel sources as Emmanuel suggested. If you want to
> accelerate key exchange, racoon uses the openssl libcrypto which has a
> framework for hardware acceleration.
>
> -Matthew
>