On 06/15/2010 07:31 PM, Daniel Migault wrote: Hi Daniel,
Hi, RFC5201 and RFC5202 mentions the use of SHA1 and RFC 5202 in section 3.3.5. Supported Transforms mentions "All HIP implementations MUST support AES-CBC [RFC3602] and HMAC-SHA-1-96 [RFC2404]." Can you confirm that all SHA1 of RFC5201 and RFC5202 MUST be understood as SHA1-96, or is that the way you implemented it in HIPL? -- I am just upset since I had in mind that SHA1 is by default SHA1-160.
SHA1 is the one offered by OpenSSL (man SHA1):SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash Standard), SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash Standard), ANSI X9.30
HIPL implementation interoperates with OpenHIP and HIP 4 inter.net.
As such, default parameters for HIPL seems to me : DH | 1536-bit MODP Group | ESP_ENCR | AES-CBC with HMAC-SHA1 | | 3DES-CBC with HMAC-SHA1 | | NULL with HMAC-SHA1 | ID | RSA |
Yes. (AES-CBC is the default choice for ESP)
How can you configure I1 with HIP_TRANSFORM or ESP_TRANSFORM? ESP_ENCR ENCR_NULL ESP_AUTH HMAC_SHA1_96
hipconf transform order <integer> (1=AES, 2=3DES, 3=NULL and place them to order like 213 for the order 3DES, AES and NULL)