diff --git a/src/charon/config/proposal_keywords.txt b/src/charon/config/proposal_keywords.txt index 22a7c221c..201ce82ae 100644 --- a/src/charon/config/proposal_keywords.txt +++ b/src/charon/config/proposal_keywords.txt @@ -35,6 +35,9 @@ null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128 aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192 aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256 +aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128 +aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192 +aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256 aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128 diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index afa7e4ba4..e3b683474 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -170,7 +170,7 @@ static kernel_algorithm_t encryption_algs[] = { /* {ENCR_DES_IV32, "***" }, */ {ENCR_NULL, "cipher_null" }, {ENCR_AES_CBC, "aes" }, -/* {ENCR_AES_CTR, "***" }, */ + {ENCR_AES_CTR, "rfc3686(ctr(aes))" }, {ENCR_AES_CCM_ICV8, "rfc4309(ccm(aes))" }, {ENCR_AES_CCM_ICV12, "rfc4309(ccm(aes))" }, {ENCR_AES_CCM_ICV16, "rfc4309(ccm(aes))" }, diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c index 819ff5a37..262162b24 100644 --- a/src/charon/sa/keymat.c +++ b/src/charon/sa/keymat.c @@ -415,17 +415,18 @@ static bool derive_child_keys(private_keymat_t *this, /* to bytes */ enc_size /= 8; - /* CCM/GCM needs additional bytes */ + /* CCM/GCM/CTR needs additional bytes */ switch (enc_alg) { case ENCR_AES_CCM_ICV8: case ENCR_AES_CCM_ICV12: case ENCR_AES_CCM_ICV16: enc_size += 3; - break; + break; case ENCR_AES_GCM_ICV8: case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: + case ENCR_AES_CTR: enc_size += 4; break; default: