All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
@ 2018-10-16  8:06 Maciej Żenczykowski
  2018-10-16  8:08 ` Maciej Żenczykowski
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Maciej Żenczykowski @ 2018-10-16  8:06 UTC (permalink / raw)
  To: Maciej Żenczykowski, David S . Miller, Steffen Klassert, Herbert Xu
  Cc: netdev, Lorenzo Colitti

From: Maciej Żenczykowski <maze@google.com>

When using the PF_KEY interface, SHA-256 hashes are hardcoded to
use 96-bit truncation.  This is a violation of RFC4868, which
specifies 128-bit truncation.

We cannot fix this without introducing backwards compatibility
concerns unless we make it an optional build time setting
(defaulting to no).  Android will default to yes instead
of carrying an Android specific one line patch.

While the PF_KEY interface is deprecated in favour of netlink XFRM
(which allows the app to specify an arbitrary truncation length),
changing the PF_KEY truncation length from 96 to 128 allows PF_KEY
apps such as racoon to work with standards-compliant VPN servers.

Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/xfrm/Kconfig     | 10 ++++++++++
 net/xfrm/xfrm_algo.c |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 4a9ee2d83158..0ede7e81a5d3 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -15,6 +15,16 @@ config XFRM_ALGO
 	select XFRM
 	select CRYPTO
 
+config XFRM_HMAC_SHA256_RFC4868
+	bool "Strict RFC4868 hmac(sha256) 128-bit truncation"
+	depends on XFRM_ALGO
+	default n
+	---help---
+	  Support strict RFC4868 hmac(sha256) 128-bit truncation
+	  (default on Android) instead of the default 96-bit Linux truncation.
+
+	  If unsure, say N.
+
 config XFRM_USER
 	tristate "Transformation user configuration interface"
 	depends on INET
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 44ac85fe2bc9..a70391fb2c1e 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -241,7 +241,11 @@ static struct xfrm_algo_desc aalg_list[] = {
 
 	.uinfo = {
 		.auth = {
+#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
+			.icv_truncbits = 128,
+#else
 			.icv_truncbits = 96,
+#endif
 			.icv_fullbits = 256,
 		}
 	},
-- 
2.19.1.331.ge82ca0e54c-goog

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
  2018-10-16  8:06 [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation Maciej Żenczykowski
@ 2018-10-16  8:08 ` Maciej Żenczykowski
  2018-10-16  8:14 ` Lorenzo Colitti
  2018-10-17  5:59 ` Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Maciej Żenczykowski @ 2018-10-16  8:08 UTC (permalink / raw)
  To: David Miller, steffen.klassert, Herbert Xu; +Cc: Linux NetDev, Lorenzo Colitti

Yes, I realize there's been similar submits in the past,
but we're trying to get rid of or upstream android kernel networking
divergences...
maybe this approach will be more palatable?

Thanks,
Maciej

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
  2018-10-16  8:06 [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation Maciej Żenczykowski
  2018-10-16  8:08 ` Maciej Żenczykowski
@ 2018-10-16  8:14 ` Lorenzo Colitti
  2018-10-17  5:59 ` Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Lorenzo Colitti @ 2018-10-16  8:14 UTC (permalink / raw)
  To: Maciej Żenczykowski
  Cc: Maciej Żenczykowski, David Miller, Steffen Klassert,
	Herbert Xu, netdev

On Tue, Oct 16, 2018 at 5:06 PM Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
> +config XFRM_HMAC_SHA256_RFC4868
> +       bool "Strict RFC4868 hmac(sha256) 128-bit truncation"
> +       depends on XFRM_ALGO
> +       default n
> +       ---help---
> +         Support strict RFC4868 hmac(sha256) 128-bit truncation
> +         (default on Android) instead of the default 96-bit Linux truncation.

Not sure it's worth mentioning Android here, given that other
contributors from other organizations have attempted to change this as
well.

>         .uinfo = {
>                 .auth = {
> +#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
> +                       .icv_truncbits = 128,
> +#else
>                         .icv_truncbits = 96,
> +#endif

Also, consider adding a Tested: line saying that this allows
pf_key_test.py to pass on upstream kernels.

Other than that,

Acked-By: Lorenzo Colitti <lorenzo@google.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
  2018-10-16  8:06 [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation Maciej Żenczykowski
  2018-10-16  8:08 ` Maciej Żenczykowski
  2018-10-16  8:14 ` Lorenzo Colitti
@ 2018-10-17  5:59 ` Herbert Xu
  2018-10-17  6:01   ` Maciej Żenczykowski
  2 siblings, 1 reply; 5+ messages in thread
From: Herbert Xu @ 2018-10-17  5:59 UTC (permalink / raw)
  To: Maciej Żenczykowski; +Cc: maze, davem, steffen.klassert, netdev, lorenzo

Maciej Żenczykowski <zenczykowski@gmail.com> wrote:
>
> +#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
> +                       .icv_truncbits = 128,
> +#else
>                        .icv_truncbits = 96,
> +#endif

Nack.  We don't want a build-time configuration knob for this.
This needs to be decided at run-time.

In fact you can already do this at run-time anyway through the
xfrm interface.  So please please please just ditch whatever that
you're using that's still glued to the long-obsolete (more than a
decade) af_key interface and switch it over to xfrm.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation
  2018-10-17  5:59 ` Herbert Xu
@ 2018-10-17  6:01   ` Maciej Żenczykowski
  0 siblings, 0 replies; 5+ messages in thread
From: Maciej Żenczykowski @ 2018-10-17  6:01 UTC (permalink / raw)
  To: Herbert Xu
  Cc: David S. Miller, steffen.klassert, Linux NetDev, Lorenzo Colitti

I'm afraid it's nothing we're using.  It's what people are using.
I guess we'll just carry this patch for a few more years.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-10-17 13:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-16  8:06 [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation Maciej Żenczykowski
2018-10-16  8:08 ` Maciej Żenczykowski
2018-10-16  8:14 ` Lorenzo Colitti
2018-10-17  5:59 ` Herbert Xu
2018-10-17  6:01   ` Maciej Żenczykowski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.