proposal: Add AES-GCM to the ESP default AEAD proposal

References #3461.
2020-06-05 11:01:29 +02:00 · 2020-06-05 11:01:29 +02:00 · c7bef954ee
parent bc40509057
commit c7bef954ee
1 changed files with 7 additions and 3 deletions
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@ -1298,9 +1298,13 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
 			}
 			return &this->public;
 		case PROTO_ESP:
-			/* we currently don't include any AEAD proposal for ESP, as we
-			 * don't know if our kernel backend actually supports it. */
-			return NULL;
+			/* AES-GCM should be supported by pretty much all current kernels,
+			 * RFC 8221 even made it mandatory */
+			this = (private_proposal_t*)proposal_create(protocol, 0);
+			add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128);
+			add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192);
+			add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256);
+			return &this->public;
 		case PROTO_AH:
 		default:
 			return NULL;