Hi Harald, before the 2.6.33 kernel, Linux used a non-compliant truncation of the SHA256 HMAC to 96 bits. RFC 4868 requires truncation to be exactly n/2 bits where n is the size of the hash value.
https://tools.ietf.org/html/rfc4868#section-2.3 In the case of SHA256 this must be 128 bits. Why 96 bit truncation is still occurring in an ARM 3.10 kernel is really weird. It might be that the extra xfrm_algo_auth struct needed to configure SHA256_128 truncation in the kernel is missing. Best regards Andreas On 06/08/2016 09:54 PM, Harald Krammer wrote: > > Hi all, > Currently I use Strongswan 5.2.2 (Debian 8). So far, everything is fine. > Only with SHA256 there are weird things. > > On my PC with Kernel 3.16 I got a length of 128 bits for SHA256 and the > same version on my ARM board with Kernel 3.10 I got a length pf 96 bits. > > Why does this happen? > > Any notes are welcome. Below is the output of ip xfrm state and the > configuration. > > Nice greetings > Harald > > > > Setup: > ###### > PC with Debian 8 x86_64 with Kernel 3.16 > <-----> > ARM Board imX28 Kernel 3.10 also Strongswan 5.2.2 > > > ARM Board imX28 Kernel 3.10 also Strongswan 5.2.2: > / # ip xfrm state > src 10.1.8.241 dst 10.1.8.240 > proto esp spi 0xc86e8c86 reqid 1 mode tunnel > replay-window 32 > auth-trunc hmac(sha256) > 0x9954ce2e14cbf9c68ec72178859d377da19899688df13783fd728ddd9648bcb7 96 > enc ecb(cipher_null) > sel src 0.0.0.0/0 dst 0.0.0.0/0 > src 10.1.8.240 dst 10.1.8.241 > proto esp spi 0xc31d24ed reqid 1 mode tunnel > replay-window 32 > auth-trunc hmac(sha256) > 0x0549596a5249d0ae333b9f2e56db47923aedc69252289d27796167d64db151de 96 > enc ecb(cipher_null) > sel src 0.0.0.0/0 dst 0.0.0.0/0 > > PC with Debian 8 x86_64 with Kernel 3.16: > root@saturn:/home/hk# ip xfrm state > src 10.1.8.240 dst 10.1.8.241 > proto esp spi 0xc31d24ed reqid 10 mode tunnel > replay-window 32 flag af-unspec > auth-trunc hmac(sha256) > 0x0549596a5249d0ae333b9f2e56db47923aedc69252289d27796167d64db151de 128 > enc ecb(cipher_null) > src 10.1.8.241 dst 10.1.8.240 > proto esp spi 0xc86e8c86 reqid 10 mode tunnel > replay-window 32 flag af-unspec > auth-trunc hmac(sha256) > 0x9954ce2e14cbf9c68ec72178859d377da19899688df13783fd728ddd9648bcb7 128 > enc ecb(cipher_null) > > > > Config: (is working without SHA256) > ####### > conn %default > ikelifetime=28800 > keylife=60m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > authby=secret > > conn test > left=10.1.8.240 > leftsubnet=10.1.0.0/8 > leftid=10.1.8.240 > leftfirewall=yes > leftsourceip=%config > right=10.1.8.241 > rightsubnet=10.1.8.241/32 > rightid=10.1.8.241 > auto=add > type=tunnel > ike=null-sha256-modp2048! # null for wireshark > esp=null-sha256-modp2048! # null for wireshark > dpdaction=restart > dpddelay=20s > dpdtimeout=10s > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
