[PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections

Eric Biggers Tue, 09 Jun 2020 17:58:49 -0700

From: Eric Biggers <ebigg...@google.com>

The crypto algorithms selected by the ESP and AH kconfig options are
out-of-date with the guidance of RFC 8221, which lists the legacy
algorithms MD5 and DES as "MUST NOT" be implemented, and some more
modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented.
But the options select the legacy algorithms, not the modern ones.


Therefore, modify these options to select the MUST algorithms --
and *only* the MUST algorithms.

Also improve the help text.

Suggested-by: Herbert Xu <herb...@gondor.apana.org.au>
Suggested-by: Steffen Klassert <steffen.klass...@secunet.com>
Cc: Corentin Labbe <cla...@baylibre.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Eric Biggers <ebigg...@google.com>
---
 net/ipv4/Kconfig | 21 +++++++++++++++++++--
 net/ipv6/Kconfig | 21 +++++++++++++++++++--
 net/xfrm/Kconfig | 15 +++++++++------
 3 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 39a7a21744dc03..14fc8d6582499b 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -342,7 +342,17 @@ config INET_AH
        tristate "IP: AH transformation"
        select XFRM_AH
        ---help---
-         Support for IPsec AH.
+         Support for IPsec AH (Authentication Header).
+
+         AH can be used with various authentication algorithms.  Besides
+         enabling AH support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
+
+         Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED".  It is
+         better to use ESP only, using an AEAD cipher such as AES-GCM.
 
          If unsure, say Y.
 
@@ -350,7 +360,14 @@ config INET_ESP
        tristate "IP: ESP transformation"
        select XFRM_ESP
        ---help---
-         Support for IPsec ESP.
+         Support for IPsec ESP (Encapsulating Security Payload).
+
+         ESP can be used with various encryption and authentication algorithms.
+         Besides enabling ESP support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
 
          If unsure, say Y.
 
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 70313f16319dd2..7398085ab10d58 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -51,7 +51,17 @@ config INET6_AH
        tristate "IPv6: AH transformation"
        select XFRM_AH
        ---help---
-         Support for IPsec AH.
+         Support for IPsec AH (Authentication Header).
+
+         AH can be used with various authentication algorithms.  Besides
+         enabling AH support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
+
+         Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED".  It is
+         better to use ESP only, using an AEAD cipher such as AES-GCM.
 
          If unsure, say Y.
 
@@ -59,7 +69,14 @@ config INET6_ESP
        tristate "IPv6: ESP transformation"
        select XFRM_ESP
        ---help---
-         Support for IPsec ESP.
+         Support for IPsec ESP (Encapsulating Security Payload).
+
+         ESP can be used with various encryption and authentication algorithms.
+         Besides enabling ESP support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
 
          If unsure, say Y.
 
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index b2ff8df2c836ef..e77ba529229cf5 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -67,26 +67,29 @@ config XFRM_STATISTICS
 
          If unsure, say N.
 
+# This option selects XFRM_ALGO along with the AH authentication algorithms 
that
+# RFC 8221 lists as MUST be implemented.
 config XFRM_AH
        tristate
        select XFRM_ALGO
        select CRYPTO
        select CRYPTO_HMAC
-       select CRYPTO_MD5
-       select CRYPTO_SHA1
+       select CRYPTO_SHA256
 
+# This option selects XFRM_ALGO along with the ESP encryption and 
authentication
+# algorithms that RFC 8221 lists as MUST be implemented.
 config XFRM_ESP
        tristate
        select XFRM_ALGO
        select CRYPTO
+       select CRYPTO_AES
        select CRYPTO_AUTHENC
-       select CRYPTO_HMAC
-       select CRYPTO_MD5
        select CRYPTO_CBC
-       select CRYPTO_SHA1
-       select CRYPTO_DES
        select CRYPTO_ECHAINIV
+       select CRYPTO_GCM
+       select CRYPTO_HMAC
        select CRYPTO_SEQIV
+       select CRYPTO_SHA256
 
 config XFRM_IPCOMP
        tristate
-- 
2.26.2

[PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections

Reply via email to