-
Notifications
You must be signed in to change notification settings - Fork 84
Libreswan Cipher Algorithms
Douglas Kosovic edited this page Apr 15, 2019
·
1 revision
There doesn't appear to be an official list of libreswan keywords for IKEv1 and IKEv2 algorithms that can be used with the ike (Phase 1) and esp (Phase 2) directives in the ipsec.conf file like there are for strongswan :
- https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
- https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
Perhaps the best way to obtain a list of keywords and aliases for the algorithms is to do a grep on the libreswan source code, the following is an example for libreswan version 3.27:
git clone https://github.com/libreswan/libreswan.git
git checkout v3.27
cd libreswan/lib/libswan
grep '\.names' *
ike_alg_3des.c: .names = { "3des", "3des_cbc", },
ike_alg_aes.c: .names = { "aes", "aes_cbc", },
ike_alg_aes.c: .names = { "aesctr", "aes_ctr", },
ike_alg_aes.c: .names = { "aes_gcm_8", "aes_gcm_a" },
ike_alg_aes.c: .names = { "aes_gcm_12", "aes_gcm_b" },
ike_alg_aes.c: .names = { "aes_gcm", "aes_gcm_16", "aes_gcm_c" },
ike_alg_aes.c: .names = { "aes_ccm_8", "aes_ccm_a" },
ike_alg_aes.c: .names = { "aes_ccm_12", "aes_ccm_b" },
ike_alg_aes.c: .names = { "aes_ccm", "aes_ccm_16", "aes_ccm_c" },
ike_alg_aes.c: .names = { "aes128_xcbc", "aes_xcbc", },
ike_alg_aes.c: .names = { "aes_xcbc", "aes128_xcbc", "aes_xcbc_96", "aes128_xcbc_96", },
ike_alg_aes.c: .names = { "aes_cmac", "aes_cmac_96", },
ike_alg_aes.c: .names = { "null_auth_aes_gmac", "aes_gmac", },
ike_alg_camellia.c: .names = { "camellia", "camellia_cbc", },
ike_alg_camellia.c: .names = { "camellia_ctr", },
ike_alg_cast.c: .names = { "cast", "cast_cbc", },
ike_alg_dh.c: .names = { "modp1024", "dh2", },
ike_alg_dh.c: .names = { "modp1536", "dh5", },
ike_alg_dh.c: .names = { "modp2048", "dh14", },
ike_alg_dh.c: .names = { "modp3072", "dh15", },
ike_alg_dh.c: .names = { "modp4096", "dh16", },
ike_alg_dh.c: .names = { "modp6144", "dh17", },
ike_alg_dh.c: .names = { "modp8192", "dh18", },
ike_alg_dh.c: .names = { "dh19", "ecp_256", },
ike_alg_dh.c: .names = { "dh20", "ecp_384", },
ike_alg_dh.c: .names = { "dh21", "ecp_521", },
ike_alg_dh.c: .names = { "dh22", },
ike_alg_dh.c: .names = { "dh23", },
ike_alg_dh.c: .names = { "dh24", },
ike_alg_dh.c: .names = { "dh31", "curve25519", },
ike_alg_encrypt_chacha20_poly1305.c: .names = { "chacha20_poly1305", "chacha20poly1305", },
ike_alg_md5.c: .names = { "md5", },
ike_alg_md5.c: .names = { "md5", "hmac_md5", },
ike_alg_md5.c: .names = { "md5", "hmac_md5", "hmac_md5_96", },
ike_alg_none.c: .names = { "null", },
ike_alg_none.c: .names = { "none", "null", },
ike_alg_none.c: .names = { "none", "null", "dh0", },
ike_alg_ripemd.c: .names = { "ripemd", "hmac_ripemd", "hmac_ripemd_160_96", },
ike_alg_serpent.c: .names = { "serpent", "serpent_cbc", },
ike_alg_sha1.c: .names = { "sha", "sha1", },
ike_alg_sha1.c: .names = { "sha", "sha1", "hmac_sha1", },
ike_alg_sha1.c: .names = { "sha", "sha1", "sha1_96", "hmac_sha1", "hmac_sha1_96", },
ike_alg_sha2.c: .names = { "sha2", "sha256", "sha2_256", },
ike_alg_sha2.c: .names = { "sha2", "sha256", "sha2_256", "hmac_sha2_256", },
ike_alg_sha2.c: .names = { "sha2", "sha256", "sha2_256", "hmac_sha2_256", "hmac_sha2_256_128", },
ike_alg_sha2.c: .names = { "hmac_sha2_256_truncbug", },
ike_alg_sha2.c: .names = { "sha384", "sha2_384", },
ike_alg_sha2.c: .names = { "sha384", "sha2_384", "hmac_sha2_384", },
ike_alg_sha2.c: .names = { "sha384", "sha2_384", "hmac_sha2_384", "hmac_sha2_384_192", },
ike_alg_sha2.c: .names = { "sha512", "sha2_512", },
ike_alg_sha2.c: .names = { "sha512", "sha2_512", "hmac_sha2_512", },
ike_alg_sha2.c: .names = { "sha512", "sha2_512", "hmac_sha2_512", "hmac_sha2_512_256", },
ike_alg_twofish.c: .names = { "twofish", "twofish_cbc", },
ike_alg_twofish.c: .names = { "twofish_ssh", "twofish_cbc_ssh", },