[strongSwan] IKEV2 Support for 96-bit HMAC-SHA-256

chinna obireddy chinnaobi at gmail.com
Wed Oct 27 16:36:06 CEST 2021


Hi Tobias,

No patches were applied to Srongswan 5.5.3. From the configuration options
the option --enable-kernel-pfkey is used, which means I assume both
netlink(by default) and pfkey are used. Is there a way to check this during
runtime?

How to go about from here if pfkey is used to support the
AUTH_HMAC_SHA2_256_96 algorithm?

Thanks,
Obi

On Wed, Oct 27, 2021 at 10:10 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Obi,
>
> > The environment is Stronswan version 5.5.3, Linux kernel 4.1.52.
>
> Were there any patches applied?  Are you sure you're using the
> kernel-netlink and not the kernel-pfkey plugin?  Because since 4.3.6
> there is a static mapping in the kernel-netlink plugin from
> AUTH_HMAC_SHA2_256_96 to "sha256" (instead of "hmac(sha256)").  So with
> any version newer than that, there should never be this message:
>
> > algorithm HMAC_SHA2_256_96 not supported by kernel!
>
> Unless the integrity_algs array was deliberately modified or you are not
> using the kernel-netlink plugin.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20211027/07eb1645/attachment.html>


More information about the Users mailing list