HMAC and stuff

HMAC and stuff

[Alexey Dobriyan]

aalg_list array contains list of "approved" HMAC algorightms.
Do I understand correctly that to update this list some sort of
official document like RFC has to be present?

For example, it contains hmac(rmd160) entry, but doesn't contain hmac(rmd128)
and other RIPEMD functions (there is even test for hmac(rmd128)).

Also, kernel has more cryptographic hash functions than there are allowed
by ipsec code like Tiger hashes, Whirlpool etc. They are dead code, if
IPSec code doesn't user to use them.

Re: HMAC and stuff

[Herbert Xu]

Alexey Dobriyan <adobriyan@gmail.com> wrote:
> aalg_list array contains list of "approved" HMAC algorightms.
> Do I understand correctly that to update this list some sort of
> official document like RFC has to be present?

The table is mainly there for the benefit of af_key.  It should
be relatively easy to make xfrm_user look up any algorithm by
name only.

However, we'll need to do something about representing those
algorithms through the af_key interface since that one uses
numeric IDs only.  The easiest is to pick an ID that we then
forbid when used to create new SAs.

Ccing netdev since this is really an IPsec issue, not crypto.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt