# Embedding custom cipher to FreeBSD



## beaute (Mar 27, 2011)

Hello

Basically I'm trying to add my custom cipher (it's a dummy cipher called Panther) to be used with IKE/ESP to encrypt traffic using strongswan. I know how to do this in linux, but this is quite different on FreeBSD. I understand this is a complicated process esp that strongswan is not fully supported on FreeBSD but I'm trying to deal with one problem at a time. I'm only using IKEv2 and I have done this same customization on linux, so I know it's possible.

Now, the thing is, to use Panther in ESP, I need to create a kernel module and load it and use it. So I took my shiny panther source files and placed them in a directory alongside the other standard kernel ciphers blowfish aes...etc. I then modified some files in the netipsec/ directory like the xform_esp.c among others. Basically I looked in the kernel for all occurrences of blowfish, and then added a similar entry for panther. I finally compiled my kernel with no problems. I just don't know if my module is working or no. How do I check that? Is there any way I could use my custom cipher without strongswan or setkey (not that I haven't tried) but I'm just not sure whether the errors are from strongswan/setkey not recognizing panther or from the module itself. I tried kldstat but that's not it. In linux I could just lsmod and it would show whenever it's invoked. 

Any help on how to customize a new cipher into FreeBSD is appreciated thanks.


----------



## bestwc (Apr 25, 2011)

Hi beaute,

I'm not familiar with ciphers on FreeBSD, but your requirements sound like you really want a system call. I don't know if that's what you want, but I think it worth a try.

You can wrap your cipher code in a system call structure, and use kldload to dynamically load the module into kernel, then you can write small applications to interact with that system call.

If you are interested in FreeBSD Kernel Programming in general, I'm trying to write some notes on it, maybe you want to have a look at my notes.


----------

