ipsec: IKE phase one AES-GCM support

Use of Galois/Counter Mode (GCM) during IKE phase-1 is defined in RFC4106. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
author: Bruno Thomsen <bruno.thomsen@gmail.com> 2015-05-12 22:10:08 +0200
committer: Bruno Thomsen <bruno.thomsen@gmail.com> 2015-05-12 22:10:08 +0200
commit: 7b8268640e1e703a6bdf082b09c116571176eb28 (patch)
tree: 1acd4341af94f3fae1dfe54a44d3c936682a2415 /etc/inc/ipsec.inc
parent: 50ed1824a5aa6164a1577c368d07be66c98ad52a (diff)
download: pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.zip
pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 5196236..2f39256 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -69,6 +69,9 @@ $ipsec_idhandling = array(
 global $p1_ealgos;
 $p1_ealgos = array(
 	'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
+	'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
+	'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
+	'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
 	'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
 	'3des' => array( 'name' => '3DES' ),
 	'cast128' => array( 'name' => 'CAST128' ),
author	Bruno Thomsen <bruno.thomsen@gmail.com>	2015-05-12 22:10:08 +0200
committer	Bruno Thomsen <bruno.thomsen@gmail.com>	2015-05-12 22:10:08 +0200
commit	7b8268640e1e703a6bdf082b09c116571176eb28 (patch)
tree	1acd4341af94f3fae1dfe54a44d3c936682a2415 /etc/inc/ipsec.inc
parent	50ed1824a5aa6164a1577c368d07be66c98ad52a (diff)
download	pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.zip pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.tar.gz