This patch makes HMAC-RIPEMD-160 usable with IPsec/XFRM.
Since I have no IPsec test setup the patch has not (yet) been tested with
IPsec and is thus marked as RFC. I will put together a test environment which
will take some time. In the meantime it would be great if somebody who already
has a working IPsec environment could test this patch.
-Adrian
This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
allows hmac(rmd160) to be used as authentication mechanism in IPsec
ESP and AH (see RFC 2857).
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
net/xfrm/xfrm_algo.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index ac765dd..23a2cc0 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = {
}
},
{
- .name = "hmac(ripemd160)",
- .compat = "ripemd160",
+ .name = "hmac(rmd160)",
+ .compat = "rmd160",
.uinfo = {
.auth = {
--
1.5.2.5
On Sun, Jun 01, 2008 at 07:16:18PM +0200, Adrian-Ken Rueegsegger wrote:
> This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
> allows hmac(rmd160) to be used as authentication mechanism in IPsec
> ESP and AH (see RFC 2857).
>
> Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
Please submit this patch to [email protected] and cc
[email protected]. Thanks!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
* Adrian-Ken Rueegsegger | 2008-06-01 19:16:18 [+0200]:
>This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
>allows hmac(rmd160) to be used as authentication mechanism in IPsec
>ESP and AH (see RFC 2857).
>
>Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
>---
> net/xfrm/xfrm_algo.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
>index ac765dd..23a2cc0 100644
>--- a/net/xfrm/xfrm_algo.c
>+++ b/net/xfrm/xfrm_algo.c
>@@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = {
> }
> },
> {
>- .name = "hmac(ripemd160)",
>- .compat = "ripemd160",
>+ .name = "hmac(rmd160)",
>+ .compat = "rmd160",
On the other hand you could rename the algorithm itself couldn't you?
Sebastian
Sebastian Siewior wrote:
> * Adrian-Ken Rueegsegger | 2008-06-01 19:16:18 [+0200]:
>
>> This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
>> allows hmac(rmd160) to be used as authentication mechanism in IPsec
>> ESP and AH (see RFC 2857).
>>
>> Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
>> ---
>> net/xfrm/xfrm_algo.c | 4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
>> index ac765dd..23a2cc0 100644
>> --- a/net/xfrm/xfrm_algo.c
>> +++ b/net/xfrm/xfrm_algo.c
>> @@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = {
>> }
>> },
>> {
>> - .name = "hmac(ripemd160)",
>> - .compat = "ripemd160",
>> + .name = "hmac(rmd160)",
>> + .compat = "rmd160",
>
> On the other hand you could rename the algorithm itself couldn't you?
Yes, that would be the other way to do it. Is there a preference or specific reason
for renaming the hash algorithm than changing the reference to the algorithm?
Thanks,
Adrian
>
> Sebastian
On Mon, Jun 02, 2008 at 09:02:08AM +0200, Adrian-Ken Rueegsegger wrote:
>
> Yes, that would be the other way to do it. Is there a preference or specific reason
> for renaming the hash algorithm than changing the reference to the algorithm?
I think the rmd name is fine. The existing entry in IPsec has
never worked (since we didn't have the implementation) so it
isn't an issue.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu wrote:
> On Mon, Jun 02, 2008 at 09:02:08AM +0200, Adrian-Ken Rueegsegger wrote:
>> Yes, that would be the other way to do it. Is there a preference or specific reason
>> for renaming the hash algorithm than changing the reference to the algorithm?
>
> I think the rmd name is fine. The existing entry in IPsec has
> never worked (since we didn't have the implementation) so it
> isn't an issue.
Ok thanks for the clarification. I will resubmit the patch to the addresses you specified.
I assume linux-crypto should also be cc'd?
Adrian
On Mon, Jun 02, 2008 at 09:09:40AM +0200, Adrian-Ken Rueegsegger wrote:
>
> Ok thanks for the clarification. I will resubmit the patch to the addresses you specified.
> I assume linux-crypto should also be cc'd?
Yes please.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt