Sandy Harris wrote:
>
<snip>
> > > SHA HMAC (initialise with secret key material)
> >
> > probably trivial to add.
> >
<snip>
>
> Packet authentication is done with the HMAC. This is an SHA or MD5 hash of
> the packet data, except with the registers in the hashing code initialised
> from the HMAC key rather than from standard constants.
I've read both rfc2104 and pluto/crypto.c. Looking at crypto.c:hmac_*()
I reckon you use HMAC in the mode
H(K XOR opad, H(K XOR ipad, text))
therefore requiring no chosen-IV for the hash, no?
So either this could be added to the CryptoAPI or implemented as it is
now inside freeswan.
Alex Kjeldaas - if I understood him correctly - has a long-term goal of
being able to combine several cryptographic primitives to new ones at
runtime.
> It therefore does
> more than a simple hash would, authenticating not just that the packet data
> was not changed in transit but also that the sender knew the HMAC key.
<snip>
Marc
--
Marc Mutz <Marc@xxxxxxxx> http://EncryptionHOWTO.sourceforge.net/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics
PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
