[IPSEC]: Add support for aes-ctr.

The below patch allows IPsec to use CTR mode with AES encryption
algorithm. Tested this using setkey in ipsec-tools.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index 6db69ff5d83eb9f2b6bf137556246ea48cdba03a..700725ddcaae3edf050fb6093e516d5abd7c67c3 100644 (file)
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -298,6 +298,7 @@ struct sadb_x_sec_ctx {
 #define SADB_X_EALG_BLOWFISHCBC                7
 #define SADB_EALG_NULL                 11
 #define SADB_X_EALG_AESCBC             12
+#define SADB_X_EALG_AESCTR             13
 #define SADB_X_EALG_AES_CCM_ICV8       14
 #define SADB_X_EALG_AES_CCM_ICV12      15
 #define SADB_X_EALG_AES_CCM_ICV16      16

diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 6cc15250de69949606638cd6fab4afb6a0cadee5..8aa6440d689f75bde521070c5d3f81ce5c81199b 100644 (file)
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -399,6 +399,23 @@ static struct xfrm_algo_desc ealg_list[] = {
                .sadb_alg_maxbits = 256
        }
 },
+{
+       .name = "rfc3686(ctr(aes))",
+
+       .uinfo = {
+               .encr = {
+                       .blockbits = 128,
+                       .defkeybits = 160, /* 128-bit key + 32-bit nonce */
+               }
+       },
+
+       .desc = {
+               .sadb_alg_id = SADB_X_EALG_AESCTR,
+               .sadb_alg_ivlen = 8,
+               .sadb_alg_minbits = 128,
+               .sadb_alg_maxbits = 256
+       }
+},
 };
 
 static struct xfrm_algo_desc calg_list[] = {