Hi All,
We are in the process of submitting our device for Common Criteria Certification. Our device uses Linux kernel 4.9.180 for aarch64. We want to understand of the Linux kernel version 4.9.180 supports the below RFC's. I looked in https://www.kernel.org/doc/rfc-linux.html, but could not get enough information.
Can anyone let me know if the Linux kernel support the below RFC's.
* RFC 4301 (Security Architecture for the Internet Protocol)
* RFC 3602 (The AES-CBC Cipher Algorithm and Its Use with IPsec)
* RFC 4868 (Using HMAC-SHA-256-, HMAC-SHA-384, and HMAC-SHA-512 with IPsec)
Regards,
Jayalakshmi
Bhat, Jayalakshmi Manjunath <[email protected]> wrote:
> We are in the process of submitting our device for Common Criteria Certification. Our device uses Linux kernel 4.9.180 for aarch64. We want to understand of the Linux kernel version 4.9.180 supports the below RFC's. I looked in https://www.kernel.org/doc/rfc-linux.html, but could not get enough information.
> Can anyone let me know if the Linux kernel support the below RFC's.
>
> * RFC 4301 (Security Architecture for the Internet Protocol)
That is the core RFC for the IPsec protocols, version two.
Yes, Linux has had IPsec support for over 20 years now.
4301 is not the only relevant RFC, though. Here is a summary document:
https://eprint.iacr.org/2006/097.pdf
Note that not everything in the RFCs is necessarily a good idea.
Back around the turn of the century, FreeS/WAN was the first
IPsec implementation for Linux. Here's their document on
features in the version 1 IPsec RFCs that they deliberately
left out:
https://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/compat.html#dropped