Home » Mailing list archives » linux-kernel » 2008 » June » 5

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Martin Willi <martin@...>
To: Adrian-Ken <rueegsegger@...>
Cc: <herbert@...>, <davem@...>, <linux-kernel@...>
Subject: Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec
Date: Thursday, June 5, 2008 - 10:45 am

> You could register a new SADB algorithm id in pfkeyv2.h and add a new

We could do that, but SADB_X_AALG_SHA2_256HMAC (5) actually refers to
128 bit truncation. 96 bit truncation is a leftover of
draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
truncation in draft-ietf-ipsec-ciph-sha-256-01. 

draft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
truncation for SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
really obsolete. We could define a new PF_KEY algorithm for 96 bit
truncation, but it is not really usable as it is not standardized.

Martin



--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec, Martin Willi, (Thu Jun 5, 9:06 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:07 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Martin Willi, (Thu Jun 5, 10:45 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:58 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Herbert Xu, (Fri Jun 6, 3:53 am)