[Openswan dev] AES-GCM for ESP with Openswan

Avesh Agarwal avagarwa at redhat.com
Wed May 16 15:09:58 EDT 2012


Current implementation of AES-GCM (Key lengths 128, 192, 256 bits and IV
of 8, 12, 16 bytes as per RFC 4106) for ESP with Openswan has following

1. AES-GCM for key length 256 for all 3 variants(IV of 8, 12, 16 bytes)
does not work.

2. AES-GCM negotiation for ESP during IKE exchange does not
inter-operate with any other implementation, because Openswan sends
wrong key length values. RFC 4106 defines that key lengths of 128, 192,
256 should be used during IKE exchange, whereas key lengths + 4 bytes
should be calculated as final keys to be sent to kernel for ESP.
However, Openswan sends key length + 4 bytes during IKE exchange and
breaks interop with other implementation.

3. RFC 4106 only allows 3 key lengths of 128, 192 or 256 bits, but
Openswan lets configure any key length which should not happen, and
configuration should be limited to only the specified lengths in the rfc.

The attached patch addresses the above issues and has been created
against the latest upstream release of Openswan. The patch has been
tested for all AES-GCM combinations between 2 openswan nodes and also
with other implementations like strongswan to make sure there is no
issue with interoperability.

I appreciate any feedback on the patch.

Thanks and Regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-aes-gcm-esp.patch
Type: text/x-diff
Size: 5837 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/dev/attachments/20120516/b85885d9/attachment-0001.bin>

More information about the Dev mailing list