* Re: SHA-2 HMAC support in linux kernel
2007-03-16 21:25 ` SHA-2 HMAC support in linux kernel Chinh Nguyen
@ 2007-03-16 20:31 ` YOSHIFUJI Hideaki / 吉藤英明
2007-03-16 20:32 ` Jan Engelhardt
0 siblings, 1 reply; 6+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2007-03-16 20:31 UTC (permalink / raw)
To: cnguyen; +Cc: netfilter-devel
In article <45FB0B61.8060809@certicom.com> (at Fri, 16 Mar 2007 16:25:53 -0500), Chinh Nguyen <cnguyen@certicom.com> says:
> I believe that this is the right list for my question. I'm trying to get
> SHA-2 HMAC support working ipsec in linux kernel (I'm configuring via
> pfkey).
I don't think so.
Use linux-crypto@vger.kernel.org instead.
--yoshfuji
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SHA-2 HMAC support in linux kernel
2007-03-16 20:31 ` YOSHIFUJI Hideaki / 吉藤英明
@ 2007-03-16 20:32 ` Jan Engelhardt
2007-03-16 21:42 ` Chinh Nguyen
0 siblings, 1 reply; 6+ messages in thread
From: Jan Engelhardt @ 2007-03-16 20:32 UTC (permalink / raw)
To: YOSHIFUJI Hideaki / 吉藤英明
Cc: cnguyen, netfilter-devel
On Mar 17 2007 05:31, YOSHIFUJI Hideaki / 吉藤英明 wrote:
>In article <45FB0B61.8060809@certicom.com> (at Fri, 16 Mar 2007 16:25:53 -0500), Chinh Nguyen <cnguyen@certicom.com> says:
>
>> I believe that this is the right list for my question. I'm trying to get
>> SHA-2 HMAC support working ipsec in linux kernel (I'm configuring via
>> pfkey).
>
>I don't think so.
>Use linux-crypto@vger.kernel.org instead.
(And don't hijack threads.)
Jan
--
^ permalink raw reply [flat|nested] 6+ messages in thread
* SHA-2 HMAC support in linux kernel
2007-03-16 19:50 Using libnetfilter_queue Rennie deGraaf
@ 2007-03-16 21:25 ` Chinh Nguyen
2007-03-16 20:31 ` YOSHIFUJI Hideaki / 吉藤英明
0 siblings, 1 reply; 6+ messages in thread
From: Chinh Nguyen @ 2007-03-16 21:25 UTC (permalink / raw)
To: Netfilter Developer Mailing List
Hi,
I believe that this is the right list for my question. I'm trying to get
SHA-2 HMAC support working ipsec in linux kernel (I'm configuring via
pfkey).
First, sha-384 and sha-512 as authentication algorithm always return
function not support. But I noted that my linux kernel has a sha512
kernel module (with alias for sha384). Second, sha-256 uses a 12-byte
hmac (96 bits).
Looking at the source http://lxr.linux.no/source/net/xfrm/xfrm_algo.c,
it seems to confirm that this is true. In fact, sha-384 and sha-512 are
not supported at this time and sha-256 is truncated to 96-bit.
However, the following ietf draft, which I believe is very closed to
ratification (it has already been assigned iana numbers), specifies
sha-256 to use 128-bits as hmac (page 18):
http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-01.txt
sha-384 is 192 bits, and sha-512 is 256 bits.
1. Is adding sha-384 and sha-512 as simple as adding to the aalg_list
structure? Can this be done for some subsequent kernel release in the
future?
2. Can the sha-256 be changed to use 128 bits? Or in order to not break
backward compatibility, another sha-256 hmac algorithm id be used for
128 bits?
Thanks,
Chinh
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SHA-2 HMAC support in linux kernel
2007-03-16 20:32 ` Jan Engelhardt
@ 2007-03-16 21:42 ` Chinh Nguyen
0 siblings, 0 replies; 6+ messages in thread
From: Chinh Nguyen @ 2007-03-16 21:42 UTC (permalink / raw)
To: netfilter-devel
My apologies to both.
Chinh
--
http://www.certicom.com
Jan Engelhardt wrote:
> On Mar 17 2007 05:31, YOSHIFUJI Hideaki / 吉藤英明 wrote:
>> In article <45FB0B61.8060809@certicom.com> (at Fri, 16 Mar 2007 16:25:53 -0500), Chinh Nguyen <cnguyen@certicom.com> says:
>>
>>> I believe that this is the right list for my question. I'm trying to get
>>> SHA-2 HMAC support working ipsec in linux kernel (I'm configuring via
>>> pfkey).
>> I don't think so.
>> Use linux-crypto@vger.kernel.org instead.
>
> (And don't hijack threads.)
>
>
> Jan
^ permalink raw reply [flat|nested] 6+ messages in thread
* SHA-2 HMAC support in linux kernel
@ 2007-03-16 21:51 Chinh Nguyen
2007-04-02 23:04 ` Michael Richardson
0 siblings, 1 reply; 6+ messages in thread
From: Chinh Nguyen @ 2007-03-16 21:51 UTC (permalink / raw)
To: linux-crypto
Hi,
I believe that this is the right list for my question. I'm trying to get
SHA-2 HMAC support working ipsec in linux kernel (I'm configuring via
pfkey).
First, sha-384 and sha-512 as authentication algorithm always return
function not support. But I noted that my linux kernel has a sha512
kernel module (with alias for sha384). Second, sha-256 uses a 12-byte
hmac (96 bits).
Looking at the source http://lxr.linux.no/source/net/xfrm/xfrm_algo.c,
it seems to confirm that this is true. In fact, sha-384 and sha-512 are
not supported at this time and sha-256 is truncated to 96-bit.
However, the following ietf draft, which I believe is very closed to
ratification (it has already been assigned iana numbers), specifies
sha-256 to use 128-bits as hmac (page 18):
http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-01.txt
sha-384 is 192 bits, and sha-512 is 256 bits.
1. Is adding sha-384 and sha-512 as simple as adding to the aalg_list
structure? Can this be done for some subsequent kernel release in the
future?
2. Can the sha-256 be changed to use 128 bits? Or in order to not break
backward compatibility, another sha-256 hmac algorithm id be used for
128 bits?
Thanks,
Chinh
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SHA-2 HMAC support in linux kernel
2007-03-16 21:51 SHA-2 HMAC support in linux kernel Chinh Nguyen
@ 2007-04-02 23:04 ` Michael Richardson
0 siblings, 0 replies; 6+ messages in thread
From: Michael Richardson @ 2007-04-02 23:04 UTC (permalink / raw)
To: linux-crypto
Chinh Nguyen wrote:
> Looking at the source http://lxr.linux.no/source/net/xfrm/xfrm_algo.c,
> it seems to confirm that this is true. In fact, sha-384 and sha-512 are
> not supported at this time and sha-256 is truncated to 96-bit.
That's normal.
HMAC usage in IPsec specifies that we only use 96-bits of the result.
This is a tradeoff in space in the packet vs absolute "security"
In addition should you be able to cause a collision in 96-bits by some
method other than brute force, you can not be sure if you guess the key
properly.
> However, the following ietf draft, which I believe is very closed to
> ratification (it has already been assigned iana numbers), specifies
> sha-256 to use 128-bits as hmac (page 18):
> http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-01.txt
Yes, but that's the key, not the result.
It is keyed with various sizes of bits, but the results are truncated.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-04-02 23:05 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-16 21:51 SHA-2 HMAC support in linux kernel Chinh Nguyen
2007-04-02 23:04 ` Michael Richardson
-- strict thread matches above, loose matches on Subject: below --
2007-03-16 19:50 Using libnetfilter_queue Rennie deGraaf
2007-03-16 21:25 ` SHA-2 HMAC support in linux kernel Chinh Nguyen
2007-03-16 20:31 ` YOSHIFUJI Hideaki / 吉藤英明
2007-03-16 20:32 ` Jan Engelhardt
2007-03-16 21:42 ` Chinh Nguyen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.