From patchwork Wed Dec 24 06:02:25 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Gunthorpe X-Patchwork-Id: 15502 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 29D09DDDF6 for ; Wed, 24 Dec 2008 17:23:18 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751218AbYLXGXN (ORCPT ); Wed, 24 Dec 2008 01:23:13 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750993AbYLXGXN (ORCPT ); Wed, 24 Dec 2008 01:23:13 -0500 Received: from quartz.orcorp.ca ([142.179.161.236]:55060 "EHLO quartz.edm.orcorp.ca" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750938AbYLXGXM (ORCPT ); Wed, 24 Dec 2008 01:23:12 -0500 X-Greylist: delayed 1242 seconds by postgrey-1.27 at vger.kernel.org; Wed, 24 Dec 2008 01:23:12 EST Received: from jgg by quartz.edm.orcorp.ca with local (Exim 4.68) (envelope-from ) id 1LFMp7-0007lk-6h; Tue, 23 Dec 2008 23:02:25 -0700 Date: Tue, 23 Dec 2008 23:02:25 -0700 From: Jason Gunthorpe To: herbert@gondor.apana.org.au Cc: netdev@vger.kernel.org Subject: [PATCH] [IPSEC]: Change the ICV length of sha256 to 128 bits Message-ID: <20081224060225.GA26084@obsidianresearch.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The existing setting is 96 bits which does not match the RFCs and is not negotiable via IKEv2. RFC 4868 says the ICV should be 128 bits, and IKEv2 uses AUTH_HMAC_SHA2_256_128 = 12 to identify it. git blame says this setting was made before RFC 4868 was published, so I'm not sure that it was chosen with any standard in mind. NOTE: This 'breaks' the user space API, however at least StrongSwan 4.2.9's charon already associates AUTH_HMAC_SHA2_256_128 with the transform name 'sha256'. Signed-off-by: Jason Gunthorpe --- net/xfrm/xfrm_algo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index 4141376..d136b72 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -187,7 +187,7 @@ static struct xfrm_algo_desc aalg_list[] = { .uinfo = { .auth = { - .icv_truncbits = 96, + .icv_truncbits = 128, .icv_fullbits = 256, } },