Subject: Re: opencrypto(9) API botch: HMAC sizes, IPsec vs. TLS vs. known-answer
To: Jonathan Stone <>
From: Jason Thorpe <>
List: tech-kern
Date: 05/02/2004 19:08:27
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed

On Apr 28, 2004, at 8:06 PM, Jonathan Stone wrote:

> So.... anyone got any bright ideas on how to address the problem?

1. Rename the current HMAC crypto operations to CRYPTO_HMAC_MD5_96 and 
CRYPTO_HMAC_SHA1_96 (different API, same ABI).

2. Add new CRYPTO_HMAC_MD5_128 and CRYPTO_HMAC_SHA1_160 operations.

3. All devices that provide a CRYPTO_HMAC_MD5_128 or 
CRYPTO_HMAC_SHA1_160 must also provide a CRYPTO_HMAC_MD5_96 and 
CRYPTO_HMAC_SHA1_96, i.e. do the truncation in the back-end.

4. Anything that wants something other than the aforementioned sizes (I 
doubt there will be very many that use something different) can use the 
128 / 160 versions and truncate themselves.

This seems to me like the least disruptive solution.

         -- Jason R. Thorpe <>

content-type: application/pgp-signature; x-mac-type=70674453;
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

Version: GnuPG v1.2.3 (Darwin)