Re: [PATCH iproute2-next v2] man8: ip-sr: Document that passphrase must be high-entropy

[Eric Biggers <ebiggers@kernel.org>]

On Sat, Aug 23, 2025 at 01:39:22AM +0200, Paolo Lungaroni wrote:
> > 
> > Passwords and keys don't belong on the command line, since command lines
> > are often visible to all users.  Standard input is the correct way to do
> > it.  The issue you seem to referring to is that the command currently
> > works only when standard input is a tty.  It should of course be fixed
> > to work for any file, which would allow automation via something like
> > 'ip sr hmac set 17 sha256 < passphrase.txt'.  (And to be clear, that's a
> > separate issue from the lack of passphrase stretching.)
> > 
> > When giving example commands, please also use sha256 instead of sha1.
> > 
> > - Eric
> 
> Ciao Eric,
> 
> The scheme I followed to develop my patch proposal is inspired by the one
> already present in ip xfrm and ip macsec.
> These two features require the configuration of key entered inline in the
> command prompt.

Well, then those are wrong too.

> Regarding your statement: 'And to be clear, that's a separate issue from the
> lack of passphrase stretching,' yes, you're right: they are indeed separate.
> 
> According to RFC8754, 'The pre-shared key identified by HMAC Key ID' is used
> as
> is in the HMAC computation.
> 
> I'm trying to understand how 'stretching the passphrase' could work with other
> network appliances that are not Linux. Stretching the passphrase only in the
> Linux implementation seems to make it incompatible with RFC8754 and,
> consequently, with other software and hardware that implement Segment Routing
> over IPv6 HMAC.

The RFC just says there is a pre-shared HMAC key.  How it is generated
and shared is outside the scope of the RFC.

> As an example, at the computation level, I need to use the same key when
> communicating with hardware routers and when calculating an HMAC that the
> hardware device can verify. If we implement passphrase stretching in Linux,
> what would be the input string I should provide in iproute2 to ensure that the
> same key used in the hardware device (which does not perform passphrase
> stretching) is used?

The key stretching should of course be in userspace, not the kernel.

> Could you please clarify what you intend to do

Nothing.  I don't care about this feature myself.  I'm just letting the
people who do care about this feature know about this security bug that
I happened to notice.  If they don't care either, then oh well.

- Eric