From patchwork Wed Jun 10 00:54:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 217888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 159F1C433E3 for ; Wed, 10 Jun 2020 00:57:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E8F97206C3 for ; Wed, 10 Jun 2020 00:57:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591750674; bh=1VHYOFq6Hh8pYrYgBpr7MiYq+c0pldyy3vs15UpfgZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=X7zYmZSCJfAU46vUFNphD3I3vbozw4oRHK92vFasUd/WEMGZE6VevguuYZR2emjBv dEgfiufXrqKwCiCltrr92QP3fQcbT06HHy2rqQtN9e3L1SG0D0fmaL6W9nbbJrfWpo 8MV1To+hybaK6w7iDuzM235rz2FF2kiZV0qn+K/Y= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726100AbgFJA5t (ORCPT ); Tue, 9 Jun 2020 20:57:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:43878 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726039AbgFJA5p (ORCPT ); Tue, 9 Jun 2020 20:57:45 -0400 Received: from sol.hsd1.ca.comcast.net (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 57FDC2078C; Wed, 10 Jun 2020 00:57:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591750664; bh=1VHYOFq6Hh8pYrYgBpr7MiYq+c0pldyy3vs15UpfgZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GkwnvswEp/4d8XU0ugPiRb3ZrWlW4Gyta0V4Z2OhsYdEhmHVEuW7YwIntAbdp425K fbM/J1nd/yNtgWN/j6qzKmGfY6nzbsJ2W7PSG7nZDIvAuZvYRegMaK4Mnu6GLdt4c6 Rkhcc8fa7dg4xZpLN1mo9CsjsopC/Fm95KruwkpQ= From: Eric Biggers To: netdev@vger.kernel.org Cc: linux-crypto@vger.kernel.org, Corentin Labbe , Greg Kroah-Hartman , Herbert Xu , Steffen Klassert Subject: [PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections Date: Tue, 9 Jun 2020 17:54:02 -0700 Message-Id: <20200610005402.152495-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200610005402.152495-1-ebiggers@kernel.org> References: <20200610005402.152495-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Biggers The crypto algorithms selected by the ESP and AH kconfig options are out-of-date with the guidance of RFC 8221, which lists the legacy algorithms MD5 and DES as "MUST NOT" be implemented, and some more modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. But the options select the legacy algorithms, not the modern ones. Therefore, modify these options to select the MUST algorithms -- and *only* the MUST algorithms. Also improve the help text. Suggested-by: Herbert Xu Suggested-by: Steffen Klassert Cc: Corentin Labbe Cc: Greg Kroah-Hartman Signed-off-by: Eric Biggers --- net/ipv4/Kconfig | 21 +++++++++++++++++++-- net/ipv6/Kconfig | 21 +++++++++++++++++++-- net/xfrm/Kconfig | 15 +++++++++------ 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 39a7a21744dc03..14fc8d6582499b 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -342,7 +342,17 @@ config INET_AH tristate "IP: AH transformation" select XFRM_AH ---help--- - Support for IPsec AH. + Support for IPsec AH (Authentication Header). + + AH can be used with various authentication algorithms. Besides + enabling AH support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. + + Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is + better to use ESP only, using an AEAD cipher such as AES-GCM. If unsure, say Y. @@ -350,7 +360,14 @@ config INET_ESP tristate "IP: ESP transformation" select XFRM_ESP ---help--- - Support for IPsec ESP. + Support for IPsec ESP (Encapsulating Security Payload). + + ESP can be used with various encryption and authentication algorithms. + Besides enabling ESP support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. If unsure, say Y. diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index 70313f16319dd2..7398085ab10d58 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig @@ -51,7 +51,17 @@ config INET6_AH tristate "IPv6: AH transformation" select XFRM_AH ---help--- - Support for IPsec AH. + Support for IPsec AH (Authentication Header). + + AH can be used with various authentication algorithms. Besides + enabling AH support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. + + Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is + better to use ESP only, using an AEAD cipher such as AES-GCM. If unsure, say Y. @@ -59,7 +69,14 @@ config INET6_ESP tristate "IPv6: ESP transformation" select XFRM_ESP ---help--- - Support for IPsec ESP. + Support for IPsec ESP (Encapsulating Security Payload). + + ESP can be used with various encryption and authentication algorithms. + Besides enabling ESP support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. If unsure, say Y. diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig index b2ff8df2c836ef..e77ba529229cf5 100644 --- a/net/xfrm/Kconfig +++ b/net/xfrm/Kconfig @@ -67,26 +67,29 @@ config XFRM_STATISTICS If unsure, say N. +# This option selects XFRM_ALGO along with the AH authentication algorithms that +# RFC 8221 lists as MUST be implemented. config XFRM_AH tristate select XFRM_ALGO select CRYPTO select CRYPTO_HMAC - select CRYPTO_MD5 - select CRYPTO_SHA1 + select CRYPTO_SHA256 +# This option selects XFRM_ALGO along with the ESP encryption and authentication +# algorithms that RFC 8221 lists as MUST be implemented. config XFRM_ESP tristate select XFRM_ALGO select CRYPTO + select CRYPTO_AES select CRYPTO_AUTHENC - select CRYPTO_HMAC - select CRYPTO_MD5 select CRYPTO_CBC - select CRYPTO_SHA1 - select CRYPTO_DES select CRYPTO_ECHAINIV + select CRYPTO_GCM + select CRYPTO_HMAC select CRYPTO_SEQIV + select CRYPTO_SHA256 config XFRM_IPCOMP tristate