aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp/Kconfig
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2012-10-24 05:20:03 -0400
committerDavid S. Miller <davem@davemloft.net>2012-10-26 02:22:18 -0400
commit3c68198e75111a905ac2412be12bf7b29099729b (patch)
tree109b39430631746fd4266d5fdbf8351c6c2e20d1 /net/sctp/Kconfig
parent342567ccf088a6c4777ef352f559fe46aaeb047e (diff)
sctp: Make hmac algorithm selection for cookie generation dynamic
Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to generate cookie values when establishing new connections via two build time config options. Theres no real reason to make this a static selection. We can add a sysctl that allows for the dynamic selection of these algorithms at run time, with the default value determined by the corresponding crypto library availability. This comes in handy when, for example running a system in FIPS mode, where use of md5 is disallowed, but SHA1 is permitted. Note: This new sysctl has no corresponding socket option to select the cookie hmac algorithm. I chose not to implement that intentionally, as RFC 6458 contains no option for this value, and I opted not to pollute the socket option namespace. Change notes: v2) * Updated subject to have the proper sctp prefix as per Dave M. * Replaced deafult selection options with new options that allow developers to explicitly select available hmac algs at build time as per suggestion by Vlad Y. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: Vlad Yasevich <vyasevich@gmail.com> CC: "David S. Miller" <davem@davemloft.net> CC: netdev@vger.kernel.org Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/Kconfig')
-rw-r--r--net/sctp/Kconfig39
1 files changed, 13 insertions, 26 deletions
diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
index 126b014eb79b..a9edd2e205f4 100644
--- a/net/sctp/Kconfig
+++ b/net/sctp/Kconfig
@@ -9,7 +9,6 @@ menuconfig IP_SCTP
9 select CRYPTO 9 select CRYPTO
10 select CRYPTO_HMAC 10 select CRYPTO_HMAC
11 select CRYPTO_SHA1 11 select CRYPTO_SHA1
12 select CRYPTO_MD5 if SCTP_HMAC_MD5
13 select LIBCRC32C 12 select LIBCRC32C
14 ---help--- 13 ---help---
15 Stream Control Transmission Protocol 14 Stream Control Transmission Protocol
@@ -68,33 +67,21 @@ config SCTP_DBG_OBJCNT
68 67
69 If unsure, say N 68 If unsure, say N
70 69
71choice 70config SCTP_COOKIE_HMAC_MD5
72 prompt "SCTP: Cookie HMAC Algorithm" 71 bool "Enable optional MD5 hmac cookie generation"
73 default SCTP_HMAC_MD5
74 help 72 help
75 HMAC algorithm to be used during association initialization. It 73 Enable optional MD5 hmac based SCTP cookie generation
76 is strongly recommended to use HMAC-SHA1 or HMAC-MD5. See 74 default y
77 configuration for Cryptographic API and enable those algorithms 75 select CRYPTO_HMAC if SCTP_COOKIE_HMAC_MD5
78 to make usable by SCTP. 76 select CRYPTO_MD5 if SCTP_COOKIE_HMAC_MD5
79 77
80config SCTP_HMAC_NONE 78config SCTP_COOKIE_HMAC_SHA1
81 bool "None" 79 bool "Enable optional SHA1 hmac cookie generation"
82 help
83 Choosing this disables the use of an HMAC during association
84 establishment. It is advised to use either HMAC-MD5 or HMAC-SHA1.
85
86config SCTP_HMAC_SHA1
87 bool "HMAC-SHA1"
88 help
89 Enable the use of HMAC-SHA1 during association establishment. It
90 is advised to use either HMAC-MD5 or HMAC-SHA1.
91
92config SCTP_HMAC_MD5
93 bool "HMAC-MD5"
94 help 80 help
95 Enable the use of HMAC-MD5 during association establishment. It is 81 Enable optional SHA1 hmac based SCTP cookie generation
96 advised to use either HMAC-MD5 or HMAC-SHA1. 82 default y
83 select CRYPTO_HMAC if SCTP_COOKIE_HMAC_SHA1
84 select CRYPTO_SHA1 if SCTP_COOKIE_HMAC_SHA1
97 85
98endchoice
99 86
100endif # IP_SCTP 87endif # IP_SCTP