[hipl-users] Re: SHA1 version
- From: Miika Komu <mkomu@xxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Tue, 29 Jun 2010 15:00:39 +0300
On 06/15/2010 07:31 PM, Daniel Migault wrote:
Hi Daniel,
Hi,
RFC5201 and RFC5202 mentions the use of SHA1 and RFC 5202 in section
3.3.5. Supported Transforms mentions
"All HIP implementations MUST support AES-CBC [RFC3602] and
HMAC-SHA-1-96 [RFC2404]."
Can you confirm that all SHA1 of RFC5201 and RFC5202 MUST be
understood as SHA1-96, or is that the way you implemented it in HIPL?
-- I am just upset since I had in mind that SHA1 is by default
SHA1-160.
SHA1 is the one offered by OpenSSL (man SHA1):
SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure
Hash Standard), SHA-1: US Federal Information Processing Standard FIPS
PUB 180-1 (Secure Hash Standard), ANSI X9.30
HIPL implementation interoperates with OpenHIP and HIP 4 inter.net.
As such, default parameters for HIPL seems to me : DH |
1536-bit MODP Group | ESP_ENCR | AES-CBC with HMAC-SHA1
| | 3DES-CBC with HMAC-SHA1 | | NULL with HMAC-SHA1 |
ID | RSA |
Yes.
(AES-CBC is the default choice for ESP)
How can you configure I1 with HIP_TRANSFORM or ESP_TRANSFORM?
ESP_ENCR ENCR_NULL ESP_AUTH HMAC_SHA1_96
hipconf transform order <integer>
(1=AES, 2=3DES, 3=NULL and place them to order like 213 for the order
3DES, AES and NULL)
Other related posts:
