Re: [PATCH net] bpf: rework prog_digest into prog_tag

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox.net>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "David S. Miller" <davem@davemloft.net>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Andrew Lutomirski <luto@kernel.org>,
	Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH net] bpf: rework prog_digest into prog_tag
Date: Sat, 14 Jan 2017 00:41:09 +0100	[thread overview]
Message-ID: <58796595.3030904@iogearbox.net> (raw)
In-Reply-To: <CALCETrUjmscreaadCOn6hSEMBEf83JyhwdVtKj1=fAf3MuiDtQ@mail.gmail.com>

On 01/14/2017 12:16 AM, Andy Lutomirski wrote:
> On Fri, Jan 13, 2017 at 2:38 PM, Daniel Borkmann <daniel@iogearbox.net> wrote:
>> Commit 7bd509e311f4 ("bpf: add prog_digest and expose it via
>> fdinfo/netlink") was recently discussed, partially due to
>> admittedly suboptimal name of "prog_digest" in combination
>> with sha1 hash usage, thus inevitably and rightfully concerns
>> about its security in terms of collision resistance were
>> raised with regards to use-cases.
>
> Seems reasonable.  My only question is whether you'd still want to
> switch to SHA-256 just from a code cleanliness perspective.  With
> SHA-256 you can use the easy streaming API I wrote, but with SHA-1
> you're still stuck with the crappy API in lib/, and I'm not
> volunteering to fix up the SHA-1 API.

We'd need to truncate that in kernel anyway to not get a too long
tag, so given that I'm actually fine with it as-is. I was planning
to submit the code for testing to bpf selftests for net-next once
it's merged back, too.

Thanks,
Daniel

next prev parent reply	other threads:[~2017-01-13 23:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-13 22:38 [PATCH net] bpf: rework prog_digest into prog_tag Daniel Borkmann
2017-01-13 23:16 ` Andy Lutomirski
2017-01-13 23:34   ` Alexei Starovoitov
2017-01-13 23:41   ` Daniel Borkmann [this message]
2017-01-13 23:49     ` Andy Lutomirski
2017-01-13 23:59       ` Daniel Borkmann
2017-01-16 19:03 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=58796595.3030904@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=alexei.starovoitov@gmail.com \
    --cc=davem@davemloft.net \
    --cc=luto@amacapital.net \
    --cc=luto@kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.