[Openswan dev] SHA2 hashes support in Openswan

Avesh Agarwal avagarwa at redhat.com
Tue May 29 16:33:16 EDT 2012


Current implementation of sha2 (384, 512) in Openswan for both IKE and
ESP  for IKEv1 and IKEv2 has several issues and is far from complete,
and I found some issues with SHA256 with IKEv2 as described below. The
current implementation has following issues:

1. SHA384 support is missing majorly and even SHA512 support is not
complete for both IKEv1 and IKEv2. These algos does not even get
registered at run time in Openswan.

2. Openswan code only supports block size of 512 (HMAC_BUFSIZE) which is
fine for upto SHA256, but breaks SHA384/512 as block size defined for
SHA384/512 is 1024. Due to this it does not interop, and although
between 2 openswan nodes it seems to work but incorrect keys are
calculated. So had to modify the "struct hash_desc" to include a new
field "hash_block_size".

3. IKEv2 exchange involves wrong values of sha2 hashes due to mess of
value conversion between IKEv1 and IKEv2 and this leads to breaking
interop and crashing of openswan at times.

4. IKEv2 hardcoded SHA1 algorithms for ESP (extremely ridiculous) when
creating child SA keys and breaks md5, sha256, sha384 and sha512 during
interop with third party implementations.

I think I have done some extensive testing of various hashes md5, sha1,
sha(256, 384, 512) for both IKE and ESP for ikev1 and ikev2 between 2
openswan nodes and with other implementation like strongswan. By far,
things seem to be working fine. I appreciate any feedback on the patch.

Thanks and Regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-sha2.patch
Type: text/x-diff
Size: 30871 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/dev/attachments/20120529/6c0c8ed9/attachment-0001.bin>

More information about the Dev mailing list