Configuring IPsec within a user application?

Configuring IPsec within a user application?

[Stuart Longland]

Hi all,

I'm not sure if this is the right list or not, if not I'd appreciate a
referral to a more appropriate list.

I've been toying with the idea of a small multicast VoIP/digital comms
protocol¹ for use over wireless radio links.  The typical use case might
be to replace UHF FM radio transceivers with modern smart phones, using
multicast IPv6 networking over 802.11b.  (It will have other modes too,
transmission over amateur radio bands for instance.)

In some commercial settings, or over the Internet, it'd be great for
traffic to be authenticated using HMAC-SHA1 or even encrypted.  Looking
at IPsec, I see it provides exactly this.  My thought, why re-invent the
wheel when a solution may already exist?

The question though:  Is it possible for a userspace application
(non-privileged) to request that the UDP packets it generates/receives
from/to a particular address be encrypted or hashed against a specified key?

i.e. if I decide to communicate with someone on the same wireless link,
and by means of asymmetric crypto at higher layers we establish a shared
AES key, can I configure the stack for traffic between these two hosts
on-the-fly and without root privileges?

Regards,
-- 
Stuart Longland (aka Redhatter, VK4MSL)      .'''.
Gentoo Linux/MIPS Cobalt and Docs Developer  '.'` :
. . . . . . . . . . . . . . . . . . . . . .   .'.'
http://dev.gentoo.org/~redhatter             :.'

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

1. http://wongi.longlandclan.yi.org