From 7b8268640e1e703a6bdf082b09c116571176eb28 Mon Sep 17 00:00:00 2001
From: Bruno Thomsen <bruno.thomsen@gmail.com>
Date: Tue, 12 May 2015 22:10:08 +0200
Subject: ipsec: IKE phase one AES-GCM support

Use of Galois/Counter Mode (GCM) during IKE phase-1 is defined in RFC4106.

Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
---
 etc/inc/ipsec.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 5196236..2f39256 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -69,6 +69,9 @@ $ipsec_idhandling = array(
 global $p1_ealgos;
 $p1_ealgos = array(
 	'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
+	'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
+	'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
+	'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
 	'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
 	'3des' => array( 'name' => '3DES' ),
 	'cast128' => array( 'name' => 'CAST128' ),
-- 
cgit v1.1