[strongSwan] IPsec and SHA-2
Micah Anderson
micah at riseup.net
Fri Sep 24 17:14:53 CEST 2010
Martin Willi <martin at strongswan.org> writes:
> Hi Joel,
>
>> The Linux Kernel implementation appears to be wrong. Has anyone
>> experienced interoperability problems when using HMAC-SHA2-256-128 to
>> authenticate IPsec?
>
> Indeed, the kernel implementation uses an older draft version with 96
> bit truncation. We discovered this issue due the interoperability
> testing in Texas this year. There is no way to fix this in userland.
>
> I've sent a patch [1] to use the truncation defined in RFC4868, but it
> has not been accepted as it would render existing setups incompatible.
> While this is true, the current implementation of SHA2 MACs is
> incompatible to the standard.
>
> Herbert Xu suggested to extend the API by a truncation length parameter.
> But as the trend goes to AES based MACs and combinded mode ciphers, it
> was not worth the effort for me.
Is the above still true in the kernel? If so, its an unfortunate
situation.
m
More information about the Users
mailing list