[PATCH 3/3] xfrm: Use the user specified truncation length in ESP and AH

Instead of using the hardcoded truncation for authentication algorithms, use the truncation length specified on xfrm_state. Signed-off-by: Martin Willi mar...@strongswan.org --- net/ipv4/ah4.c |2 +- net/ipv4/esp4.c |2 +- net/ipv6/ah6.c |2 +- net/ipv6/esp6.c |2 +- 4 files

[PATCH 0/3] xfrm: Custom truncation lengths for authentication algorithms

The following patchset adds support for defining truncation lengths for authentication algorithms in userspace. The main purpose for this is to support SHA256 in IPsec using the standardized 128 bit instead of the currently used 96 bit truncation. Martin Willi (3): xfrm: Define new XFRM netlink

[PATCH 2/3] xfrm: Store aalg in xfrm_state with a user specified truncation length

Adding a xfrm_state requires an authentication algorithm specified either as xfrm_algo or as xfrm_algo_auth with a specific truncation length. For compatibility, both attributes are dumped to userspace, and we also accept both attributes, but prefer the new syntax. If no truncation length is

[PATCH 1/3] xfrm: Define new XFRM netlink auth attribute with specified truncation bits

The new XFRMA_ALG_AUTH_TRUNC attribute taking a xfrm_algo_auth as argument allows the installation of authentication algorithms with a truncation length specified in userspace, i.e. SHA256 with 128 bit instead of 96 bit truncation. Signed-off-by: Martin Willi mar...@strongswan.org ---

[PATCH] xfrm: Add SHA384 and SHA512 HMAC authentication algorithms to XFRM

These algorithms use a truncation of 192/256 bits, as specified in RFC4868. Signed-off-by: Martin Willi mar...@strongswan.org --- net/xfrm/xfrm_algo.c | 34 ++ 1 files changed, 34 insertions(+), 0 deletions(-) diff --git a/net/xfrm/xfrm_algo.c

Re: [PATCH 0/3] xfrm: Custom truncation lengths for authentication algorithms

On Wed, Nov 25, 2009 at 11:29:50AM +0100, Martin Willi wrote: The following patchset adds support for defining truncation lengths for authentication algorithms in userspace. The main purpose for this is to support SHA256 in IPsec using the standardized 128 bit instead of the currently used 96

Re: [PATCH] xfrm: Add SHA384 and SHA512 HMAC authentication algorithms to XFRM

On Wed, Nov 25, 2009 at 11:58:39AM +0100, Martin Willi wrote: These algorithms use a truncation of 192/256 bits, as specified in RFC4868. Signed-off-by: Martin Willi mar...@strongswan.org Acked-by: Herbert Xu herb...@gondor.apana.org.au -- Visit Openswan at http://www.openswan.org/ Email:

Re: [PATCH 0/3] xfrm: Custom truncation lengths for authentication algorithms

From: Martin Willi mar...@strongswan.org Date: Wed, 25 Nov 2009 11:29:50 +0100 The following patchset adds support for defining truncation lengths for authentication algorithms in userspace. The main purpose for this is to support SHA256 in IPsec using the standardized 128 bit instead of the

Re: [PATCH] xfrm: Add SHA384 and SHA512 HMAC authentication algorithms to XFRM

From: Herbert Xu herb...@gondor.apana.org.au Date: Wed, 25 Nov 2009 20:11:40 +0800 On Wed, Nov 25, 2009 at 11:58:39AM +0100, Martin Willi wrote: These algorithms use a truncation of 192/256 bits, as specified in RFC4868. Signed-off-by: Martin Willi mar...@strongswan.org Acked-by: Herbert