diff options
author | Bruno Thomsen <bruno.thomsen@gmail.com> | 2015-05-12 22:10:08 +0200 |
---|---|---|
committer | Bruno Thomsen <bruno.thomsen@gmail.com> | 2015-05-12 22:10:08 +0200 |
commit | 7b8268640e1e703a6bdf082b09c116571176eb28 (patch) | |
tree | 1acd4341af94f3fae1dfe54a44d3c936682a2415 /etc | |
parent | 50ed1824a5aa6164a1577c368d07be66c98ad52a (diff) | |
download | pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.zip pfsense-7b8268640e1e703a6bdf082b09c116571176eb28.tar.gz |
ipsec: IKE phase one AES-GCM support
Use of Galois/Counter Mode (GCM) during IKE phase-1 is defined in RFC4106.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/ipsec.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 5196236..2f39256 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -69,6 +69,9 @@ $ipsec_idhandling = array( global $p1_ealgos; $p1_ealgos = array( 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), + 'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), + 'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), + 'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ), 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), '3des' => array( 'name' => '3DES' ), 'cast128' => array( 'name' => 'CAST128' ), |