[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200610005402.152495-4-ebiggers@kernel.org>
Date: Tue, 9 Jun 2020 17:54:02 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: netdev@...r.kernel.org
Cc: linux-crypto@...r.kernel.org, Corentin Labbe <clabbe@...libre.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Steffen Klassert <steffen.klassert@...unet.com>
Subject: [PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections
From: Eric Biggers <ebiggers@...gle.com>
The crypto algorithms selected by the ESP and AH kconfig options are
out-of-date with the guidance of RFC 8221, which lists the legacy
algorithms MD5 and DES as "MUST NOT" be implemented, and some more
modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented.
But the options select the legacy algorithms, not the modern ones.
Therefore, modify these options to select the MUST algorithms --
and *only* the MUST algorithms.
Also improve the help text.
Suggested-by: Herbert Xu <herbert@...dor.apana.org.au>
Suggested-by: Steffen Klassert <steffen.klassert@...unet.com>
Cc: Corentin Labbe <clabbe@...libre.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
net/ipv4/Kconfig | 21 +++++++++++++++++++--
net/ipv6/Kconfig | 21 +++++++++++++++++++--
net/xfrm/Kconfig | 15 +++++++++------
3 files changed, 47 insertions(+), 10 deletions(-)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 39a7a21744dc03..14fc8d6582499b 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -342,7 +342,17 @@ config INET_AH
tristate "IP: AH transformation"
select XFRM_AH
---help---
- Support for IPsec AH.
+ Support for IPsec AH (Authentication Header).
+
+ AH can be used with various authentication algorithms. Besides
+ enabling AH support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
+
+ Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is
+ better to use ESP only, using an AEAD cipher such as AES-GCM.
If unsure, say Y.
@@ -350,7 +360,14 @@ config INET_ESP
tristate "IP: ESP transformation"
select XFRM_ESP
---help---
- Support for IPsec ESP.
+ Support for IPsec ESP (Encapsulating Security Payload).
+
+ ESP can be used with various encryption and authentication algorithms.
+ Besides enabling ESP support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 70313f16319dd2..7398085ab10d58 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -51,7 +51,17 @@ config INET6_AH
tristate "IPv6: AH transformation"
select XFRM_AH
---help---
- Support for IPsec AH.
+ Support for IPsec AH (Authentication Header).
+
+ AH can be used with various authentication algorithms. Besides
+ enabling AH support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
+
+ Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is
+ better to use ESP only, using an AEAD cipher such as AES-GCM.
If unsure, say Y.
@@ -59,7 +69,14 @@ config INET6_ESP
tristate "IPv6: ESP transformation"
select XFRM_ESP
---help---
- Support for IPsec ESP.
+ Support for IPsec ESP (Encapsulating Security Payload).
+
+ ESP can be used with various encryption and authentication algorithms.
+ Besides enabling ESP support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index b2ff8df2c836ef..e77ba529229cf5 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -67,26 +67,29 @@ config XFRM_STATISTICS
If unsure, say N.
+# This option selects XFRM_ALGO along with the AH authentication algorithms that
+# RFC 8221 lists as MUST be implemented.
config XFRM_AH
tristate
select XFRM_ALGO
select CRYPTO
select CRYPTO_HMAC
- select CRYPTO_MD5
- select CRYPTO_SHA1
+ select CRYPTO_SHA256
+# This option selects XFRM_ALGO along with the ESP encryption and authentication
+# algorithms that RFC 8221 lists as MUST be implemented.
config XFRM_ESP
tristate
select XFRM_ALGO
select CRYPTO
+ select CRYPTO_AES
select CRYPTO_AUTHENC
- select CRYPTO_HMAC
- select CRYPTO_MD5
select CRYPTO_CBC
- select CRYPTO_SHA1
- select CRYPTO_DES
select CRYPTO_ECHAINIV
+ select CRYPTO_GCM
+ select CRYPTO_HMAC
select CRYPTO_SEQIV
+ select CRYPTO_SHA256
config XFRM_IPCOMP
tristate
--
2.26.2
Powered by blists - more mailing lists