Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation

Lorenzo Colitti Tue, 16 Oct 2018 01:15:02 -0700

On Tue, Oct 16, 2018 at 5:06 PM Maciej Żenczykowski
<[email protected]> wrote:
> +config XFRM_HMAC_SHA256_RFC4868
> +       bool "Strict RFC4868 hmac(sha256) 128-bit truncation"
> +       depends on XFRM_ALGO
> +       default n
> +       ---help---
> +         Support strict RFC4868 hmac(sha256) 128-bit truncation
> +         (default on Android) instead of the default 96-bit Linux truncation.


Not sure it's worth mentioning Android here, given that other
contributors from other organizations have attempted to change this as
well.

>         .uinfo = {
>                 .auth = {
> +#if IS_ENABLED(CONFIG_XFRM_HMAC_SHA256_RFC4868)
> +                       .icv_truncbits = 128,
> +#else
>                         .icv_truncbits = 96,
> +#endif

Also, consider adding a Tested: line saying that this allows
pf_key_test.py to pass on upstream kernels.

Other than that,

Acked-By: Lorenzo Colitti <[email protected]>

Re: [PATCH] net-xfrm: add build time cfg option to PF_KEY SHA256 to use RFC4868-compliant truncation

Reply via email to