* Complete list of AF_ALG algorithms used by iwd
@ 2026-05-04 4:50 Eric Biggers
2026-05-04 12:58 ` James Prestwood
0 siblings, 1 reply; 2+ messages in thread
From: Eric Biggers @ 2026-05-04 4:50 UTC (permalink / raw)
To: iwd, Marcel Holtmann, James Prestwood
Cc: linux-crypto, linux-wireless, linux-kernel, Demi Marie Obenour
With AF_ALG being on its way out due to its frequent vulnerabilities,
iwd will need to be fixed to follow the standard practice of using
userspace crypto code (for example, libcrypto) instead. In the mean
time, AF_ALG is at least going to need to be hardened by removing
unnecessary functionality, for example unnecessary algorithms.
Based on the iwd and libell source code, it appears iwd is relying on
the following algorithm names from AF_ALG. Please confirm that this
list is correct and that these are the ones we need to keep for iwd:
cmac(aes)
hmac(md5)
hmac(sha1)
hmac(sha224)
hmac(sha256)
hmac(sha384)
hmac(sha512)
md4
md5
sha1
sha224
sha256
sha384
sha512
ecb(aes)
cbc(aes)
ctr(aes)
ecb(des)
cbc(des)
cbc(des3_ede)
Also, does iwd always hold CAP_NET_ADMIN? We're also considering adding
a privilege check to AF_ALG. (It's TBD whether it would be
unconditional or controlled by a sysctl.)
- Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Complete list of AF_ALG algorithms used by iwd
2026-05-04 4:50 Complete list of AF_ALG algorithms used by iwd Eric Biggers
@ 2026-05-04 12:58 ` James Prestwood
0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2026-05-04 12:58 UTC (permalink / raw)
To: Eric Biggers, iwd, Marcel Holtmann
Cc: linux-crypto, linux-wireless, linux-kernel, Demi Marie Obenour
Hi Eric,
On 5/3/26 9:50 PM, Eric Biggers wrote:
> With AF_ALG being on its way out due to its frequent vulnerabilities,
> iwd will need to be fixed to follow the standard practice of using
> userspace crypto code (for example, libcrypto) instead. In the mean
> time, AF_ALG is at least going to need to be hardened by removing
> unnecessary functionality, for example unnecessary algorithms.
>
> Based on the iwd and libell source code, it appears iwd is relying on
> the following algorithm names from AF_ALG. Please confirm that this
> list is correct and that these are the ones we need to keep for iwd:
>
> cmac(aes)
> hmac(md5)
> hmac(sha1)
> hmac(sha224)
> hmac(sha256)
> hmac(sha384)
> hmac(sha512)
> md4
> md5
> sha1
> sha224
> sha256
> sha384
> sha512
> ecb(aes)
> cbc(aes)
> ctr(aes)
> ecb(des)
> cbc(des)
> cbc(des3_ede)
This looks correct from IWD's standpoint, but ELL does support
additional checksums:
- sha3-224
- sha3-256
- sha3-384
- sha3-512
- hmac(sha3-224)
- hmac(sha3-256)
- hmac(sha3-384)
- hmac(sha3-512)
Marcel may be able to comment on what projects are using these, if any.
>
> Also, does iwd always hold CAP_NET_ADMIN? We're also considering adding
> a privilege check to AF_ALG. (It's TBD whether it would be
> unconditional or controlled by a sysctl.)
Yes we require CAP_NET_ADMIN:
https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/iwd.service.in#n15
Thanks,
James
>
> - Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-04 12:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-04 4:50 Complete list of AF_ALG algorithms used by iwd Eric Biggers
2026-05-04 12:58 ` James Prestwood
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox