Changeset View
Standalone View
sys/netipsec/xform_ah.c
Show First 20 Lines • Show All 102 Lines • ▼ Show 20 Lines | SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_enable, | ||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_enable), 0, ""); | CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_enable), 0, ""); | ||||
SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_cleartos, | SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_cleartos, | ||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0, ""); | CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0, ""); | ||||
SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat, | SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat, | ||||
ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); | ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); | ||||
#endif | #endif | ||||
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ | static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ | ||||
static struct timeval lastwarn; | |||||
jhb: BTW, I used rate limiting for the warnings because the set key configurations I tested would… | |||||
Not Done Inline ActionsI think this should be built into gone_in(), honestly. Possibly even a limit of "once" (although I can understand an argument that there is some value in printing at least once more after the deluge of boot messages has scrolled by). cem: I think this should be built into `gone_in()`, honestly. Possibly even a limit of "once"… | |||||
Done Inline ActionsI think it's a bit hard to build into gone_in though I appreciate the sentiment. (For example if a user tries one bad algo and then switches to another bad one, you want them to keep getting messages.) I don't know how gone_in could really cope with that. It could maybe track the last string passed in, but that's kind of crappy as well and in the case of IPsec that would result in spam if you are using a bad hash + bad cipher. jhb: I think it's a bit hard to build into gone_in though I appreciate the sentiment. (For example… | |||||
static struct timeval warninterval = { .tv_sec = 1, .tv_usec = 0 }; | |||||
static int ah_input_cb(struct cryptop*); | static int ah_input_cb(struct cryptop*); | ||||
static int ah_output_cb(struct cryptop*); | static int ah_output_cb(struct cryptop*); | ||||
int | int | ||||
xform_ah_authsize(const struct auth_hash *esph) | xform_ah_authsize(const struct auth_hash *esph) | ||||
{ | { | ||||
int alen; | int alen; | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) | ||||
int keylen; | int keylen; | ||||
thash = auth_algorithm_lookup(sav->alg_auth); | thash = auth_algorithm_lookup(sav->alg_auth); | ||||
if (thash == NULL) { | if (thash == NULL) { | ||||
DPRINTF(("%s: unsupported authentication algorithm %u\n", | DPRINTF(("%s: unsupported authentication algorithm %u\n", | ||||
__func__, sav->alg_auth)); | __func__, sav->alg_auth)); | ||||
return EINVAL; | return EINVAL; | ||||
} | } | ||||
switch (sav->alg_auth) { | |||||
case SADB_AALG_MD5HMAC: | |||||
if (ratecheck(&lastwarn, &warninterval)) | |||||
gone_in(13, "MD5-HMAC authenticator for IPsec"); | |||||
break; | |||||
case SADB_X_AALG_RIPEMD160HMAC: | |||||
jhbAuthorUnsubmitted Done Inline ActionsRFC 8221 doesn't explicitly mention ripemd160 either way (I think's it just a bit obscure). It's use was documented in RFC 2857, but other hits in google suggest it was popular before SHA2. jhb: RFC 8221 doesn't explicitly mention ripemd160 either way (I think's it just a bit obscure). | |||||
cemUnsubmitted Not Done Inline ActionsThere are Reasons not to use shorter hashes (<256 bit) in general; I don't know if they apply here. But I don't feel too bad about removing a hash that isn't even mentioned in the update RFC. cem: There are Reasons not to use shorter hashes (<256 bit) in general; I don't know if they apply… | |||||
jhbAuthorUnsubmitted Done Inline ActionsYes, I'm probably inclined to still remove this one whereas with Camellia there may be a reason to keep it. jhb: Yes, I'm probably inclined to still remove this one whereas with Camellia there may be a reason… | |||||
if (ratecheck(&lastwarn, &warninterval)) | |||||
gone_in(13, "RIPEMD160-HMAC authenticator for IPsec"); | |||||
break; | |||||
case SADB_X_AALG_MD5: | |||||
if (ratecheck(&lastwarn, &warninterval)) | |||||
gone_in(13, "Keyed-MD5 authenticator for IPsec"); | |||||
break; | |||||
case SADB_X_AALG_SHA: | |||||
if (ratecheck(&lastwarn, &warninterval)) | |||||
gone_in(13, "Keyed-SHA1 authenticator for IPsec"); | |||||
break; | |||||
} | |||||
/* | /* | ||||
* Verify the replay state block allocation is consistent with | * Verify the replay state block allocation is consistent with | ||||
* the protocol type. We check here so we can make assumptions | * the protocol type. We check here so we can make assumptions | ||||
* later during protocol processing. | * later during protocol processing. | ||||
*/ | */ | ||||
/* NB: replay state is setup elsewhere (sigh) */ | /* NB: replay state is setup elsewhere (sigh) */ | ||||
if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) { | if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) { | ||||
DPRINTF(("%s: replay state block inconsistency, " | DPRINTF(("%s: replay state block inconsistency, " | ||||
▲ Show 20 Lines • Show All 977 Lines • Show Last 20 Lines |
BTW, I used rate limiting for the warnings because the set key configurations I tested would spam the console twice for each configuration as there were separate configurations for each direction. The rate limit reduced this to one warning per setkey invocation.