[strongSwan] IPsec and SHA-2

Micah Anderson micah at riseup.net
Fri Sep 24 17:14:53 CEST 2010


Martin Willi <martin at strongswan.org> writes:

> Hi Joel,
>
>> The Linux Kernel implementation appears to be wrong.  Has anyone
>> experienced interoperability problems when using HMAC-SHA2-256-128 to
>> authenticate IPsec?
>
> Indeed, the kernel implementation uses an older draft version with 96
> bit truncation. We discovered this issue due the interoperability
> testing in Texas this year. There is no way to fix this in userland. 
>
> I've sent a patch [1] to use the truncation defined in RFC4868, but it
> has not been accepted as it would render existing setups incompatible.
> While this is true, the current implementation of SHA2 MACs is
> incompatible to the standard.
>
> Herbert Xu suggested to extend the API by a truncation length parameter.
> But as the trend goes to AES based MACs and combinded mode ciphers, it
> was not worth the effort for me.

Is the above still true in the kernel? If so, its an unfortunate
situation.

m





More information about the Users mailing list