<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">Hi all,<BR> <BR>I am trying to use the gcm/ccm as phase2alg during my testing.<BR>I build up a test bed with Openswan----Openswan(2.6.33). </SPAN></P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"><BR>Here is my ipsec.conf.<BR>----------------- <BR>config setup<BR> pluto=yes<BR> protostack=netkey<BR><BR>conn %default<BR> authby=secret<BR> auto=route<BR> ikev2=never <BR> rekey=no<BR><BR>conn interop4<BR> left=80.1.1.200<BR> right=80.1.1.100<BR> ike=aes256-sha1;modp1024<BR> pfs=yes<BR> # phase2alg=aes_ccm_c-216-null<BR># phase2alg=aes_ccm_c-280-null<BR> phase2alg=aes_gcm_c-160-null<BR># phase2alg=aes_gcm_c-288-null<BR> type=transport<BR> aggrmode=no<BR>------------------<BR> <BR> I know the number in aes_ccm_c-???-null, should set as "AES key length" + "fixed 24 bits" for ccm.<BR>And I also get known the number in phase2alg=aes_gcm_c-???-null, should set as "AES key length" + "fixed 32 bits" for gcm.<BR>In this way I can set 160/224 for aes128gcm/aes192gcm. But when I want to set 288 for aes256gcm, error log happen as following.<BR>-------<BR> Apr 28 10:02:01 MILAN pluto[5469]: "interop4" #2: kernel algorithm does not like: kernel_alg_db_add() key_len not in range: alg_id=19, key_len=288, alg_minbits=128, alg_maxbits=256<BR>Apr 28 10:02:01 MILAN pluto[5469]: "interop4" #2: unsupported ESP Transform ESP_AES_GCM_B from 80.1.1.200<BR>Apr 28 10:02:01 MILAN pluto[5469]: "interop4" #2: no acceptable Proposal in IPsec SA<BR>Apr 28 10:02:01 MILAN pluto[5469]: "interop4" #2: sending encrypted notification NO_PROPOSAL_CHOSEN to 80.1.1.200:500<BR>--------<BR> <BR> So I am confused about how to set the parameter to Phase2alg, If I want to use AES_GCM with 256(AES key length) ? <BR> I think the sanity check of openswan here is not reasonable. What's expert's opinion?</SPAN></P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"> Thanks.<BR> <BR>--Adam<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"></P></SPAN><br><!-- footer --><br>