[Pkg-swan-devel] Bug#803787: Bug#803787: [strongswan] Enable post-quantum algorithms

[Gerald Turner]

Hello,

I am also interested in the NTRU key exchange algorithm for the same
reasons Nicolas Braud-Santoni explains.  Prior to realizing that this
bug existed, I had tested the strongswan with the attached patch which
enables additional plugins.

Note that I enabled BLISS but have no intention of using it due to the
requirement have having to redeploy certificates.

Also note that I enabled ChaCha20/Poly1305, which would be interesting
to use on systems which don't have AES-NI CPU instructions, but
unfortunuately I do not have enough hosts running a 4.2 kernel so I
cannot test this cipher at the moment.  FYI, Linux 4.2 is required to
use this cipher, otherwise error "received netlink error: Function not
implemented (38)" occurs while adding SAD entries.  Very similar to the
problem of enabling AES-GCM-256 on kernels older than ~4.1.

Finally note that I enabled SHA3 but hadn't tested with it because I'm
using AEAD ciphers exclusively.

Let me know if it would be at all useful for me to clean up the patch
such that it only enables NTRU.

-- 
Gerald Turner <gturner at unzane.com>        Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Configure-and-install-bliss-chapoly-ntru-and-sha3-pl.patch
Type: text/x-diff
Size: 3773 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20151130/a7966116/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20151130/a7966116/attachment.sig>