From patchwork Tue Oct 16 08:06:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Maciej_=C5=BBenczykowski?=
 <zenczykowski@gmail.com>
X-Patchwork-Id: 984604
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 42Z7F34wMhz9sBj
	for <patchwork-incoming-netdev@ozlabs.org>;
	Tue, 16 Oct 2018 19:06:47 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727047AbeJPPz6 convert rfc822-to-8bit (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 16 Oct 2018 11:55:58 -0400
Received: from mail-io1-f73.google.com ([209.85.166.73]:53599 "EHLO
	mail-io1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726729AbeJPPz6 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 16 Oct 2018 11:55:58 -0400
Received: by mail-io1-f73.google.com with SMTP id t22-v6so20915742ioc.20
	for <netdev@vger.kernel.org>; Tue, 16 Oct 2018 01:06:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc
	:content-transfer-encoding;
	bh=Zu6P1rSWmNj2bjS8CdzS5H6BDM7PKztO6D2X7zF7APo=;
	b=i0+KNcZc632MvN/1MAnBQbGLT6qFBIBg7GAmlruVxEFGkQtd7azaK/P+E+Wsh7jZnd
	MjbjZ/fRA8lVxmJ53m1HwSpxd9cA7YDi5lbdpBpwqec3Lry9vawTXtPmgdLGKvHHkLAj
	Vjyet8AhV+TIRhF+dzU3Kkz9Tu+Id9uXzZb7rG2i2l4GyKj+LFfZZfRfaHDMpPpRuaO0
	UY06MxBhlnIIk410+70ro/EimnUGwq0Te6vahSTmDFgiQ3pM8F+F/MBpfTUSrFPJgpIu
	JwbKdTHXV0PG0PswaPmghRZuhMTppk8HLXan5UIcEgpmQqgFe8n4r4sIF7uJTQj17EAp
	sh5A==
X-Gm-Message-State: ABuFfoil28gS7OOROm65bsM/QWcD5wLeisjCwocvf07sG36+rtSUaosA
	31fN6insS/LMylJYcvROfEetUw==
X-Google-Smtp-Source: 
 ACcGV60/MqK7ddH+HnVipFb7awzS/447+d47yFCEpE/H0Hr5mDAR80aCmZAcWwxQgNDuCnrETF/C5jP5
X-Received: by 2002:a24:6cc2:: with SMTP id
	w185-v6mr14573801itb.5.1539677205060;
	Tue, 16 Oct 2018 01:06:45 -0700 (PDT)
Date: Tue, 16 Oct 2018 01:06:34 -0700
Message-Id: <20181016080634.139776-1-zenczykowski@gmail.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.19.1.331.ge82ca0e54c-goog
Subject: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use
	RFC4868-compliant truncation
From: "=?UTF-8?q?Maciej=20=C5=BBenczykowski?=" <zenczykowski@gmail.com>
To: "=?UTF-8?q?Maciej=20=C5=BBenczykowski?=" <maze@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	Herbert Xu <herbert@gondor.apana.org.au>
Cc: netdev@vger.kernel.org, Lorenzo Colitti <lorenzo@google.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Maciej Żenczykowski <maze@google.com>

When using the PF_KEY interface, SHA-256 hashes are hardcoded to
use 96-bit truncation.  This is a violation of RFC4868, which
specifies 128-bit truncation.

We cannot fix this without introducing backwards compatibility
concerns unless we make it an optional build time setting
(defaulting to no).  Android will default to yes instead
of carrying an Android specific one line patch.

While the PF_KEY interface is deprecated in favour of netlink XFRM
(which allows the app to specify an arbitrary truncation length),
changing the PF_KEY truncation length from 96 to 128 allows PF_KEY
apps such as racoon to work with standards-compliant VPN servers.

Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Acked-By: Lorenzo Colitti <lorenzo@google.com>
---
 net/xfrm/Kconfig     | 10 ++++++++++
 net/xfrm/xfrm_algo.c |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 4a9ee2d83158..0ede7e81a5d3 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -15,6 +15,16 @@ config XFRM_ALGO
 	select XFRM
 	select CRYPTO
 
+config XFRM_HMAC_SHA256_RFC4868
+	bool "Strict RFC4868 hmac(sha256) 128-bit truncation"
+	depends on XFRM_ALGO
+	default n
+	---help---
+	  Support strict RFC4868 hmac(sha256) 128-bit truncation
+	  (default on Android) instead of the default 96-bit Linux truncation.
+
+	  If unsure, say N.
+
 config XFRM_USER
 	tristate "Transformation user configuration interface"
 	depends on INET
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 44ac85fe2bc9..a70391fb2c1e 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -241,7 +241,11 @@ static struct xfrm_algo_desc aalg_list[] = {
 
 	.uinfo = {
 		.auth = {
+#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
+			.icv_truncbits = 128,
+#else
 			.icv_truncbits = 96,
+#endif
 			.icv_fullbits = 256,
 		}
 	},