[strongSwan] IPsec and SHA-2
Andreas Steffen
andreas.steffen at strongswan.org
Fri Sep 24 19:29:06 CEST 2010
Hella Micah,
Martin posted a kernel patch correctly implementing SHA2-256-128,
SHA2-384-192, and SHA2-512-256 some while ago, which was immediately
accepted and integrated into the Linux 2.6.33 and later kernels.
Regards
Andreas
On 09/24/2010 05:14 PM, Micah Anderson wrote:
> Martin Willi <martin at strongswan.org> writes:
>
>> Hi Joel,
>>
>>> The Linux Kernel implementation appears to be wrong. Has anyone
>>> experienced interoperability problems when using HMAC-SHA2-256-128 to
>>> authenticate IPsec?
>>
>> Indeed, the kernel implementation uses an older draft version with 96
>> bit truncation. We discovered this issue due the interoperability
>> testing in Texas this year. There is no way to fix this in userland.
>>
>> I've sent a patch [1] to use the truncation defined in RFC4868, but it
>> has not been accepted as it would render existing setups incompatible.
>> While this is true, the current implementation of SHA2 MACs is
>> incompatible to the standard.
>>
>> Herbert Xu suggested to extend the API by a truncation length parameter.
>> But as the trend goes to AES based MACs and combinded mode ciphers, it
>> was not worth the effort for me.
>
> Is the above still true in the kernel? If so, its an unfortunate
> situation.
>
> m
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list