lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZLeyLedVE2pwGEnK@gauss3.secunet.de>
Date: Wed, 19 Jul 2023 11:51:41 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Leon Romanovsky <leon@...nel.org>
CC: Louis Peens <louis.peens@...igine.com>, David Miller
	<davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, Simon Horman
	<simon.horman@...igine.com>, Shihong Wang <shihong.wang@...igine.com>,
	<netdev@...r.kernel.org>, <oss-drivers@...igine.com>
Subject: Re: [PATCH net-next 1/2] xfrm: add the description of
 CHACHA20-POLY1305 for xfrm algorithm description

On Wed, Jul 19, 2023 at 12:35:09PM +0300, Leon Romanovsky wrote:
> On Wed, Jul 19, 2023 at 11:27:27AM +0200, Steffen Klassert wrote:
> > On Wed, Jul 19, 2023 at 11:18:29AM +0200, Louis Peens wrote:
> > > From: Shihong Wang <shihong.wang@...igine.com>
> > > 
> > > Add the description of CHACHA20-POLY1305 for xfrm algorithm description
> > > and set pfkey_supported to 1 so that xfrm supports that the algorithm
> > > can be offloaded to the NIC.
> > > 
> > > Signed-off-by: Shihong Wang <shihong.wang@...igine.com>
> > > Acked-by: Simon Horman <simon.horman@...igine.com>
> > > Signed-off-by: Louis Peens <louis.peens@...igine.com>
> > > ---
> > >  include/uapi/linux/pfkeyv2.h | 1 +
> > >  net/xfrm/xfrm_algo.c         | 9 ++++++++-
> > >  2 files changed, 9 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
> > > index 8abae1f6749c..d0ab530e1069 100644
> > > --- a/include/uapi/linux/pfkeyv2.h
> > > +++ b/include/uapi/linux/pfkeyv2.h
> > > @@ -331,6 +331,7 @@ struct sadb_x_filter {
> > >  #define SADB_X_EALG_CAMELLIACBC		22
> > >  #define SADB_X_EALG_NULL_AES_GMAC	23
> > >  #define SADB_X_EALG_SM4CBC		24
> > > +#define SADB_X_EALG_CHACHA20_POLY1305	25
> > 
> > Please don't add new stuff to pfkey, use netlink instead. This interface
> > is deprecated and will go away someday
> 
> Steffen, I have general questions.
> >From where did all these SADB_X_EALG_* values come?
> And there are they used?

The pfkey interface was used by the old ipsec tools:
https://ipsec-tools.sourceforge.net/

The development of ipsec-tools has been abandoned
in 2014, as you can see at the webpage.

The pfkey interface is still there because the ipsec
tools are shipped in some disto versions that are
still under support.

Anyway, this was a reminder to me that we should
start the official deprecation process soon.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ