netdev
[Top] [All Lists]

Re: [PATCH] sha2-256 truncation

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: [PATCH] sha2-256 truncation
From: Michal Ludvig <michal@xxxxxxxx>
Date: Fri, 09 Jan 2004 11:12:40 +0100
Cc: netdev@xxxxxxxxxxx
In-reply-to: <3FFE6B72.9030808@logix.cz>
References: <3FFE6B72.9030808@logix.cz>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.5) Gecko/20030925
Michal Ludvig told me that:

the attached trivial patch corrects the truncation size of computed hashes that are used in IPsec ESP/AH packets for SHA2-256. All other hash algorithms use 96 bits as well as does SuperFreeS/WAN and FreeBSD also for SHA2-256. Only the native Linux sha2-256 used 128 bits what led to incompatibility with other IPsec implementations.

Oops, sorry. I sent a reversed patch originally. Please use this one instead.


Michal Ludvig
--
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal
--- linux-2.6.0/net/xfrm/xfrm_algo.c    2004-01-08 01:29:52.067261651 +0100
+++ linux-2.6.0.orig/net/xfrm/xfrm_algo.c       2004-01-08 01:28:38.668690081 
+0100
@@ -85,7 +85,7 @@ static struct xfrm_algo_desc aalg_list[]
 
        .uinfo = {
                .auth = {
-                       .icv_truncbits = 128,
+                       .icv_truncbits = 96,
                        .icv_fullbits = 256,
                }
        },
<Prev in Thread] Current Thread [Next in Thread>