lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250813040121.90609-1-ebiggers@kernel.org>
Date: Tue, 12 Aug 2025 21:01:18 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: linux-sctp@...r.kernel.org,
	netdev@...r.kernel.org,
	Xin Long <lucien.xin@...il.com>,
	Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc: linux-crypto@...r.kernel.org,
	Eric Biggers <ebiggers@...nel.org>
Subject: [PATCH net-next v2 0/3] sctp: Convert to use crypto lib, and upgrade cookie auth

This series converts SCTP chunk and cookie authentication to use the
crypto library API instead of crypto_shash.  This is much simpler (the
diffstat should speak for itself), and also faster too.  In addition,
this series upgrades the cookie authentication to use HMAC-SHA256.

I've tested that kernels with this series applied can continue to
communicate using SCTP with older ones, in either direction, using any
choice of None, HMAC-SHA1, or HMAC-SHA256 chunk authentication.

Changed in v2:
- Added patch which adds CONFIG_CRYPTO_SHA1 to some selftests configs

Eric Biggers (3):
  selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec
  sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication
  sctp: Convert cookie authentication to use HMAC-SHA256

 Documentation/networking/ip-sysctl.rst       |  11 +-
 include/net/netns/sctp.h                     |   4 +-
 include/net/sctp/auth.h                      |  17 +-
 include/net/sctp/constants.h                 |   9 +-
 include/net/sctp/structs.h                   |  35 +---
 net/sctp/Kconfig                             |  47 ++----
 net/sctp/auth.c                              | 166 ++++---------------
 net/sctp/chunk.c                             |   3 +-
 net/sctp/endpointola.c                       |  23 +--
 net/sctp/protocol.c                          |  11 +-
 net/sctp/sm_make_chunk.c                     |  60 +++----
 net/sctp/sm_statefuns.c                      |   2 +-
 net/sctp/socket.c                            |  41 +----
 net/sctp/sysctl.c                            |  51 +++---
 tools/testing/selftests/net/config           |   1 +
 tools/testing/selftests/net/netfilter/config |   1 +
 16 files changed, 124 insertions(+), 358 deletions(-)


base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
-- 
2.50.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ