Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Martin Willi

Subject: Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

Date: Thursday, June 5, 2008 - 7:45 am

> You could register a new SADB algorithm id in pfkeyv2.h and add a new
quoted text> entry to the aalg_list analogous to how GCM is doing that in the aead_list.
> 
> Adrian

We could do that, but SADB_X_AALG_SHA2_256HMAC (5) actually refers to
128 bit truncation. 96 bit truncation is a leftover of
draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
truncation in draft-ietf-ipsec-ciph-sha-256-01. 

draft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
truncation for SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
really obsolete. We could define a new PF_KEY algorithm for 96 bit
truncation, but it is not really usable as it is not standardized.

Martin



--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec, Martin Willi, (Thu Jun 5, 6:06 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support f ..., Adrian-Ken Rüegsegger, (Thu Jun 5, 7:07 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support f ..., Martin Willi, (Thu Jun 5, 7:45 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support f ..., Adrian-Ken Rüegsegger, (Thu Jun 5, 7:58 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support f ..., Herbert Xu, (Fri Jun 6, 12:53 am)


linux-kernel:
Tony Luck	Re: Hardware Error Kernel Mini-Summit
James Bottomley	Re: [PATCH -mm 1/2] scsi: remove dma_is_consistent usage in 53c700
Andrey Borzenkov	Re: [possible regression] 2.6.22 reiserfs/libata sporadically hangs on resume from...
Linus Torvalds	Linux 2.6.26-rc6
Jeffrey V. Merkey	Re: Versioning file system
git:
Morten Welinder	Re: [PATCH] use xrealloc in help.c
Junio C Hamano	Re: [PATCH 2/3] git-add--interactive: remove hunk coalescing
Jörg Sommer	[PATCH v2 08/13] Unify the lenght of $SHORT* and the commits in the TODO list
Boyd Lynn Gerber	Re: [VOTE] git versus mercurial
Stefan Näwe	Re: [PATCH] git-gui: use --exclude-standard to check for untracked files
linux-netdev:
Andreas Sundstrom	Re: ~60k interrupts/sec for 1Gb/s iperf with r8169
David Miller	Re: [2.6.30-rc3] powerpc: compilation error of mace module
Denys Fedoryshchenko	Re: circular locking, mirred, 2.6.24.2
David Miller	Re: [PATCH -next] sfc: Use correct macro to set event bitfield
David Miller	Re: [PATCH] ipv6: fix display of local and remote sit endpoints
git-commits-head:
Linux Kernel Mailing List	V4L/DVB: tm6000: add special usb request to quit i2c tuner transfer
Linux Kernel Mailing List	OMAP: DSS2: SDI driver
Linux Kernel Mailing List	PCI: introduce pci_pcie_cap()
Linux Kernel Mailing List	m68k: amiga - Mouse platform device conversion
Linux Kernel Mailing List	drivers/acpi: use kasprintf
openbsd-misc:
frantisek holop	Re: mount ffs as msdos, system hangs
Ted Bullock	Re: Proliant DL380 G3 cannot get on network
Úlfar M. E. Johnson	installing openbsd in xen
Eric Furman	Re: Defending OpenBSD Performance
Damien Miller	Re: Patching a SSH 'Weakness'