[RFC ipsec-next] Non-standard sha256 ICV truncation size

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [RFC ipsec-next] Non-standard sha256 ICV truncation size
@ 2014-05-22 15:10 Horia Geanta
  2014-05-22 15:10 ` [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant Horia Geanta
  0 siblings, 1 reply; 5+ messages in thread
From: Horia Geanta @ 2014-05-22 15:10 UTC (permalink / raw)
  To: Steffen Klassert, Herbert Xu, David S. Miller
  Cc: Lei Xu, Sandeep Malik, netdev, linux-kernel

Hi,

I am sending this patch as RFC, since the change is likely to create
interoperability issues.
I'd like to get some comments on what should be the correct approach in this
standard vs. de facto setup.

Note that an older commit (which is no longer in git's history, but can be found
here https://archive.org/details/git-history-of-linux) changed truncated ICV size
from 128bit to 96bit:

commit 627d1054055f465603bcfb7ef5c9adc5db9b2a53
Author: Michal Ludvig <michal@logix.cz>
Date:   Fri Jan 9 04:55:59 2004 -0800

    [XFRM]: SHA2-256 should be truncated to 96 bits, not 128.

It seems that initially the sha256 ICV was truncated to 128 bits, but later
changed to 96 bits due to interoperability issues - see comment here:
http://oss.sgi.com/archives/netdev/2004-01/msg00824.html

Note that commit above is from 2004, long before RFC4868 was released (2007).

Thanks,
Horia

Lei Xu (1):
  xfrm: make sha256 icv truncation length RFC-compliant

 net/xfrm/xfrm_algo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
1.8.3.1

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant
  2014-05-22 15:10 [RFC ipsec-next] Non-standard sha256 ICV truncation size Horia Geanta
@ 2014-05-22 15:10 ` Horia Geanta
  2014-05-22 16:03   ` Nicolas Dichtel
  0 siblings, 1 reply; 5+ messages in thread
From: Horia Geanta @ 2014-05-22 15:10 UTC (permalink / raw)
  To: Steffen Klassert, Herbert Xu, David S. Miller
  Cc: Lei Xu, Sandeep Malik, netdev, linux-kernel

From: Lei Xu <Lei.Xu@freescale.com>

Currently the sha256 icv truncation length is set to 96bit
while the length is defined as 128bit in RFC4868.
This may result in somer errors when working with other IPsec devices
with the standard truncation length.
Thus, change the sha256 truncation length from 96bit to 128bit.

Signed-off-by: Lei Xu <Lei.Xu@freescale.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
---
 net/xfrm/xfrm_algo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index debe733386f8..ca21ba7a0716 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -220,7 +220,7 @@ static struct xfrm_algo_desc aalg_list[] = {
 
 	.uinfo = {
 		.auth = {
-			.icv_truncbits = 96,
+			.icv_truncbits = 128,
 			.icv_fullbits = 256,
 		}
 	},
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant
  2014-05-22 15:10 ` [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant Horia Geanta
@ 2014-05-22 16:03   ` Nicolas Dichtel
  2014-05-23  6:28     ` Horia Geantă
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Dichtel @ 2014-05-22 16:03 UTC (permalink / raw)
  To: Horia Geanta, Steffen Klassert, Herbert Xu, David S. Miller
  Cc: Lei Xu, Sandeep Malik, netdev, linux-kernel

Le 22/05/2014 17:10, Horia Geanta a écrit :
> From: Lei Xu <Lei.Xu@freescale.com>
>
> Currently the sha256 icv truncation length is set to 96bit
> while the length is defined as 128bit in RFC4868.
> This may result in somer errors when working with other IPsec devices
> with the standard truncation length.
> Thus, change the sha256 truncation length from 96bit to 128bit.
The patch was already proposed, but it was kept as-is for userspace
compatibility.

See: https://lkml.org/lkml/2012/3/7/431

Regards,
Nicolas

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant
  2014-05-22 16:03   ` Nicolas Dichtel
@ 2014-05-23  6:28     ` Horia Geantă
  2014-05-23  8:06       ` Nicolas Dichtel
  0 siblings, 1 reply; 5+ messages in thread
From: Horia Geantă @ 2014-05-23  6:28 UTC (permalink / raw)
  To: nicolas.dichtel, Steffen Klassert, Herbert Xu, David S. Miller
  Cc: Lei Xu, Sandeep Malik, netdev, linux-kernel

On 5/22/2014 7:03 PM, Nicolas Dichtel wrote:
> Le 22/05/2014 17:10, Horia Geanta a écrit :
>> From: Lei Xu <Lei.Xu@freescale.com>
>>
>> Currently the sha256 icv truncation length is set to 96bit
>> while the length is defined as 128bit in RFC4868.
>> This may result in somer errors when working with other IPsec devices
>> with the standard truncation length.
>> Thus, change the sha256 truncation length from 96bit to 128bit.
> The patch was already proposed, but it was kept as-is for userspace
> compatibility.
>
> See: https://lkml.org/lkml/2012/3/7/431

Thanks, somehow I missed that.

So this just means bad luck for user space tools (for e.g. ipsec-tools - 
setkey, racoon - and any other PF_KEY-based tool) that AFAICT cannot 
override the default truncated icv size, right?

Thanks,
Horia

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant
  2014-05-23  6:28     ` Horia Geantă
@ 2014-05-23  8:06       ` Nicolas Dichtel
  0 siblings, 0 replies; 5+ messages in thread
From: Nicolas Dichtel @ 2014-05-23  8:06 UTC (permalink / raw)
  To: Horia Geantă, Steffen Klassert, Herbert Xu, David S. Miller
  Cc: Lei Xu, Sandeep Malik, netdev, linux-kernel

Le 23/05/2014 08:28, Horia Geantă a écrit :
> On 5/22/2014 7:03 PM, Nicolas Dichtel wrote:
>> Le 22/05/2014 17:10, Horia Geanta a écrit :
>>> From: Lei Xu <Lei.Xu@freescale.com>
>>>
>>> Currently the sha256 icv truncation length is set to 96bit
>>> while the length is defined as 128bit in RFC4868.
>>> This may result in somer errors when working with other IPsec devices
>>> with the standard truncation length.
>>> Thus, change the sha256 truncation length from 96bit to 128bit.
>> The patch was already proposed, but it was kept as-is for userspace
>> compatibility.
>>
>> See: https://lkml.org/lkml/2012/3/7/431
>
> Thanks, somehow I missed that.
>
> So this just means bad luck for user space tools (for e.g. ipsec-tools - setkey,
> racoon - and any other PF_KEY-based tool) that AFAICT cannot override the
> default truncated icv size, right?
You can change the default value with the netlink attribute
XFRMA_ALG_AUTH_TRUNC (option 'auth-trunc' in iproute2).


Regards,
Nicolas

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-05-23  8:06 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-22 15:10 [RFC ipsec-next] Non-standard sha256 ICV truncation size Horia Geanta
2014-05-22 15:10 ` [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant Horia Geanta
2014-05-22 16:03   ` Nicolas Dichtel
2014-05-23  6:28     ` Horia Geantă
2014-05-23  8:06       ` Nicolas Dichtel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).