Subject: Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec
From: Martin Willi <martin@strongswan.org>
To: Adrian-Ken =?ISO-8859-1?Q?R=FCegsegger?= <rueegsegger@swiss-it.ch>
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
       linux-kernel@vger.kernel.org
In-Reply-To: <4847F310.7020207@swiss-it.ch>
References: <1212671211.6339.58.camel@martin> <4847F310.7020207@swiss-it.ch>
Content-Type: text/plain; charset=UTF-8
Date: Thu, 05 Jun 2008 16:45:01 +0200
Message-Id: <1212677101.6339.75.camel@martin>
Mime-Version: 1.0
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 942
Lines: 25


> You could register a new SADB algorithm id in pfkeyv2.h and add a new
> entry to the aalg_list analogous to how GCM is doing that in the aead_list.
> 
> Adrian

We could do that, but ﻿SADB_X_AALG_SHA2_256HMAC (5) actually refers to
128 bit truncation. 96 bit truncation is a leftover of
draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
truncation in draft-ietf-ipsec-ciph-sha-256-01. 

d﻿raft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
truncation for ﻿SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
really obsolete. We could define a new PF_KEY algorithm for 96 bit
truncation, but it is not really usable as it is not standardized.

Martin


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/