admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb1513db7a6ed82d22853608d78bbf72ad8c67c1
linux/net/sctp/Kconfig
Eric Biggers 2f3dd6ec90 sctp: Convert cookie authentication to use HMAC-SHA256 
Convert SCTP cookies to use HMAC-SHA256, instead of the previous choice
of the legacy algorithms HMAC-MD5 and HMAC-SHA1.  Simplify and optimize
the code by using the HMAC-SHA256 library instead of crypto_shash, and
by preparing the HMAC key when it is generated instead of per-operation.

This doesn't break compatibility, since the cookie format is an
implementation detail, not part of the SCTP protocol itself.

Note that the cookie size doesn't change either.  The HMAC field was
already 32 bytes, even though previously at most 20 bytes were actually
compared.  32 bytes exactly fits an untruncated HMAC-SHA256 value.  So,
although we could safely truncate the MAC to something slightly shorter,
for now just keep the cookie size the same.

I also considered SipHash, but that would generate only 8-byte MACs.  An
8-byte MAC *might* suffice here.  However, there's quite a lot of
information in the SCTP cookies: more than in TCP SYN cookies.  So
absent an analysis that occasional forgeries of all that information is
okay in SCTP, I errored on the side of caution.

Remove HMAC-MD5 and HMAC-SHA1 as options, since the new HMAC-SHA256
option is just better.  It's faster as well as more secure.  For
example, benchmarking on x86_64, cookie authentication is now nearly 3x
as fast as the previous default choice and implementation of HMAC-MD5.

Also just make the kernel always support cookie authentication if SCTP
is supported at all, rather than making it optional in the build.  (It
was sort of optional before, but it didn't really work properly.  E.g.,
a kernel with CONFIG_SCTP_COOKIE_HMAC_MD5=n still supported HMAC-MD5
cookie authentication if CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_MD5
happened to be enabled in the kconfig for other reasons.)

Acked-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://patch.msgid.link/20250818205426.30222-5-ebiggers@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-19 19:36:26 -07:00

77 lines
2.1 KiB
Plaintext
Raw Blame History

# SPDX-License-Identifier: GPL-2.0-only
#
# SCTP configuration
#
menuconfig IP_SCTP
tristate "The SCTP Protocol"
depends on INET
depends on IPV6 || IPV6=n
select CRYPTO_LIB_SHA1
select CRYPTO_LIB_SHA256
select CRYPTO_LIB_UTILS
select NET_CRC32C
select NET_UDP_TUNNEL
help
Stream Control Transmission Protocol
From RFC 2960 <http://www.ietf.org/rfc/rfc2960.txt>.
"SCTP is a reliable transport protocol operating on top of a
connectionless packet network such as IP. It offers the following
services to its users:
-- acknowledged error-free non-duplicated transfer of user data,
-- data fragmentation to conform to discovered path MTU size,
-- sequenced delivery of user messages within multiple streams,
with an option for order-of-arrival delivery of individual user
messages,
-- optional bundling of multiple user messages into a single SCTP
packet, and
-- network-level fault tolerance through supporting of multi-
homing at either or both ends of an association."
To compile this protocol support as a module, choose M here: the
module will be called sctp. Debug messages are handled by the
kernel's dynamic debugging framework.
If in doubt, say N.
if IP_SCTP
config SCTP_DBG_OBJCNT
bool "SCTP: Debug object counts"
depends on PROC_FS
help
If you say Y, this will enable debugging support for counting the
type of objects that are currently allocated. This is useful for
identifying memory leaks. This debug information can be viewed by
'cat /proc/net/sctp/sctp_dbg_objcnt'
If unsure, say N
choice
prompt "Default SCTP cookie authentication method"
default SCTP_DEFAULT_COOKIE_HMAC_SHA256
help
This option sets the default SCTP cookie authentication method, for
when a method hasn't been explicitly selected via the
net.sctp.cookie_hmac_alg sysctl.
If unsure, choose the default (HMAC-SHA256).
config SCTP_DEFAULT_COOKIE_HMAC_SHA256
bool "HMAC-SHA256"
config SCTP_DEFAULT_COOKIE_HMAC_NONE
bool "None"
endchoice
config INET_SCTP_DIAG
depends on INET_DIAG
def_tristate INET_DIAG
endif # IP_SCTP
Reference in New Issue View Git Blame Copy Permalink