More with AES GCM/GMAC

Alex Hornung ahornung at
Thu Jul 19 15:07:08 PDT 2012

On 19/07/12 17:54, Chris Rogers wrote:
> I'm assuming that the native IPsec client on Dragonfly somehow accounts
> for this, and will correctly initialize a second session to ensure that
> the GMAC portion is executed. Pfkeyv2.h doesn't have a SADB_X_AALG ID
> defined for GMAC, so it must only be used for encryption, and yet the
> GMACs are defined in auth_hash structs.  So, my next question is, how is
> that session created?  How do we get the GMAC case to trigger, and lend
> its portion of the encryption to GCM without specifying it explicitly as
> an authentication algorithm in the SA (because that creates a whole host
> of other problems a lot deeper in the kernel)?

Our IPsec implementation does not support AES GCM nor GMAC. To support
it, we would indeed need something setting up an encryption algorithm as
well as an authentication algorithm. See [1] for OpenBSD's
implementation of some of the relevant bits.

In general we do have a bit of a partially outdated mess with ipsec (we
do have two implementations if I recall correctly, none of them well
tested as far as I know). Take this last bit with a pinch of salt; I'm
sure there are people who know more about the state of ipsec in DragonFly.



PS: I'd appreciate it if you could reply to the thread instead of
creating a new one with a *hyperlink* to an archived version of my mail.

More information about the Kernel mailing list