Instead of using the hardcoded truncation for authentication
algorithms, use the truncation length specified on xfrm_state.
Signed-off-by: Martin Willi mar...@strongswan.org
---
net/ipv4/ah4.c |2 +-
net/ipv4/esp4.c |2 +-
net/ipv6/ah6.c |2 +-
net/ipv6/esp6.c |2 +-
4 files
The following patchset adds support for defining truncation lengths
for authentication algorithms in userspace. The main purpose for this
is to support SHA256 in IPsec using the standardized 128 bit
instead of the currently used 96 bit truncation.
Martin Willi (3):
xfrm: Define new XFRM netlink
Adding a xfrm_state requires an authentication algorithm specified
either as xfrm_algo or as xfrm_algo_auth with a specific truncation
length. For compatibility, both attributes are dumped to userspace,
and we also accept both attributes, but prefer the new syntax.
If no truncation length is
The new XFRMA_ALG_AUTH_TRUNC attribute taking a xfrm_algo_auth as
argument allows the installation of authentication algorithms with
a truncation length specified in userspace, i.e. SHA256 with 128 bit
instead of 96 bit truncation.
Signed-off-by: Martin Willi mar...@strongswan.org
---
These algorithms use a truncation of 192/256 bits, as specified
in RFC4868.
Signed-off-by: Martin Willi mar...@strongswan.org
---
net/xfrm/xfrm_algo.c | 34 ++
1 files changed, 34 insertions(+), 0 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c
On Wed, Nov 25, 2009 at 11:29:50AM +0100, Martin Willi wrote:
The following patchset adds support for defining truncation lengths
for authentication algorithms in userspace. The main purpose for this
is to support SHA256 in IPsec using the standardized 128 bit
instead of the currently used 96
On Wed, Nov 25, 2009 at 11:58:39AM +0100, Martin Willi wrote:
These algorithms use a truncation of 192/256 bits, as specified
in RFC4868.
Signed-off-by: Martin Willi mar...@strongswan.org
Acked-by: Herbert Xu herb...@gondor.apana.org.au
--
Visit Openswan at http://www.openswan.org/
Email:
From: Martin Willi mar...@strongswan.org
Date: Wed, 25 Nov 2009 11:29:50 +0100
The following patchset adds support for defining truncation lengths
for authentication algorithms in userspace. The main purpose for this
is to support SHA256 in IPsec using the standardized 128 bit
instead of the
From: Herbert Xu herb...@gondor.apana.org.au
Date: Wed, 25 Nov 2009 20:11:40 +0800
On Wed, Nov 25, 2009 at 11:58:39AM +0100, Martin Willi wrote:
These algorithms use a truncation of 192/256 bits, as specified
in RFC4868.
Signed-off-by: Martin Willi mar...@strongswan.org
Acked-by: Herbert