From: "Maciej Żenczykowski" <zenczykowski@gmail.com>
To: "Maciej Żenczykowski" <maze@google.com>,
"David S . Miller" <davem@davemloft.net>,
"Steffen Klassert" <steffen.klassert@secunet.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>
Cc: netdev@vger.kernel.org, Lorenzo Colitti <lorenzo@google.com>
Subject: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
Date: Tue, 16 Oct 2018 01:06:34 -0700 [thread overview]
Message-ID: <20181016080634.139776-1-zenczykowski@gmail.com> (raw)
From: Maciej Żenczykowski <maze@google.com>
When using the PF_KEY interface, SHA-256 hashes are hardcoded to
use 96-bit truncation. This is a violation of RFC4868, which
specifies 128-bit truncation.
We cannot fix this without introducing backwards compatibility
concerns unless we make it an optional build time setting
(defaulting to no). Android will default to yes instead
of carrying an Android specific one line patch.
While the PF_KEY interface is deprecated in favour of netlink XFRM
(which allows the app to specify an arbitrary truncation length),
changing the PF_KEY truncation length from 96 to 128 allows PF_KEY
apps such as racoon to work with standards-compliant VPN servers.
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
net/xfrm/Kconfig | 10 ++++++++++
net/xfrm/xfrm_algo.c | 4 ++++
2 files changed, 14 insertions(+)
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 4a9ee2d83158..0ede7e81a5d3 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -15,6 +15,16 @@ config XFRM_ALGO
select XFRM
select CRYPTO
+config XFRM_HMAC_SHA256_RFC4868
+ bool "Strict RFC4868 hmac(sha256) 128-bit truncation"
+ depends on XFRM_ALGO
+ default n
+ ---help---
+ Support strict RFC4868 hmac(sha256) 128-bit truncation
+ (default on Android) instead of the default 96-bit Linux truncation.
+
+ If unsure, say N.
+
config XFRM_USER
tristate "Transformation user configuration interface"
depends on INET
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 44ac85fe2bc9..a70391fb2c1e 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -241,7 +241,11 @@ static struct xfrm_algo_desc aalg_list[] = {
.uinfo = {
.auth = {
+#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
+ .icv_truncbits = 128,
+#else
.icv_truncbits = 96,
+#endif
.icv_fullbits = 256,
}
},
--
2.19.1.331.ge82ca0e54c-goog
next reply other threads:[~2018-10-16 15:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-16 8:06 Maciej Żenczykowski [this message]
2018-10-16 8:08 ` [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation Maciej Żenczykowski
2018-10-16 8:14 ` Lorenzo Colitti
2018-10-17 5:59 ` Herbert Xu
2018-10-17 6:01 ` Maciej Żenczykowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181016080634.139776-1-zenczykowski@gmail.com \
--to=zenczykowski@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=lorenzo@google.com \
--cc=maze@google.com \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).