From: Ruben Tytgat <ruben_tytgat@hotmail.com>
Date: Thu, 5 Jul 2018 15:54:42 +0000 (+0200)
Subject: kernel-pfkey: Enable macOS native AES_GCM_ICV16 support
X-Git-Tag: 5.7.0dr5~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2b8c7e6ed6ced931c8593cccdde4e5f276018ea;p=thirdparty%2Fstrongswan.git

kernel-pfkey: Enable macOS native AES_GCM_ICV16 support

macOS supports AES_GCM_ICV16 natively using PF_KEYv2.

This change enables AES_GCM if the corresponding definition is detected
in the headers.

With this change it is no longer necessary to use the libipsec module to
use AES_GCM on macOS.

Closes strongswan/strongswan#107.
---

diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index b937a769ec..34089f9127 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -890,6 +890,8 @@ static kernel_algorithm_t encryption_algs[] = {
 	{ENCR_AES_GCM_ICV8,			SADB_X_EALG_AES_GCM_ICV8	},
 	{ENCR_AES_GCM_ICV12,		SADB_X_EALG_AES_GCM_ICV12	},
 	{ENCR_AES_GCM_ICV16,		SADB_X_EALG_AES_GCM_ICV16	},
+#elif defined(SADB_X_EALG_AES_GCM) /* macOS */
+	{ENCR_AES_GCM_ICV16,		SADB_X_EALG_AES_GCM			},
 #endif
 #ifdef SADB_X_EALG_CAMELLIACBC
 	{ENCR_CAMELLIA_CBC,			SADB_X_EALG_CAMELLIACBC		},