From 29f30c592bd74eb2c5e1af888afbd38139432dec Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Wed, 10 May 2017 23:54:04 +0900 Subject: [PATCH] ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation. [v2] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using the PF_KEY interface, SHA-256 hashes are hardcoded to use 96-bit truncation. This is a violation of RFC4868, which specifies 128-bit truncation, but will not be fixed upstream due to backwards compatibility concerns and because the PF_KEY interface is deprecated in favour of netlink XFRM (which allows the app to specify an arbitrary truncation length). Change the hardcoded truncation length from 96 to 128 so that PF_KEY apps such as racoon will work with standards-compliant VPN servers. Note: this is effectively a redo (revert/reapplication) of: commit b8a72fd7c4e9bbaa707db047c0890fc97ba81dad ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation. but in a way that makes clearer what the ANDROID diff is. Bug: 34114242 Bug: 120440497 Signed-off-by: Lorenzo Colitti Signed-off-by: Maciej Żenczykowski Change-Id: I8ee2ac9bb577b5078e8565a5b1f5fd84c2b3f74f --- net/xfrm/xfrm_algo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index d5b95c528d1e..2e80e38bcfd8 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -237,7 +237,7 @@ static struct xfrm_algo_desc aalg_list[] = { .uinfo = { .auth = { - .icv_truncbits = 128, + .icv_truncbits = IS_ENABLED(CONFIG_ANDROID) ? 128 : 96, .icv_fullbits = 256, } },