[PATCH 1/1] sctp: Add optional SHA256 hmac cookie generation

Petr Vorel <pvorel@xxxxxxx> · Thu, 23 Dec 2021 23:49:11 +0100

Signed-off-by: Petr Vorel <pvorel@xxxxxxx>
---
Hi,

WARNING: While I tested this with LTP SCTP and IPsec over SCTP tests,
it'd be good to review carefully.

Also this may not be that useful given that CRYPTO_SHA256 will be most
likely enabled due being selected by ENCRYPTED_KEYS [=y] && KEYS [=y]
or BT [=m] && NET [=y] && !S390 && (RFKILL [=m] || !RFKILL [=m]).

Kind regards,
Petr

 net/sctp/Kconfig    | 13 +++++++++++++
 net/sctp/protocol.c |  2 ++
 net/sctp/sysctl.c   |  6 ++++++
 3 files changed, 21 insertions(+)

diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
index 5da599ff84a9..0f508d0b1864 100644
--- a/net/sctp/Kconfig
+++ b/net/sctp/Kconfig
@@ -68,6 +68,12 @@ config SCTP_DEFAULT_COOKIE_HMAC_SHA1
 	  Enable optional SHA1 hmac based SCTP cookie generation
 	select SCTP_COOKIE_HMAC_SHA1
 
+config SCTP_DEFAULT_COOKIE_HMAC_SHA256
+	bool "Enable optional SHA256 hmac cookie generation"
+	help
+	  Enable optional SHA256 hmac based SCTP cookie generation
+	select SCTP_COOKIE_HMAC_SHA256
+
 config SCTP_DEFAULT_COOKIE_HMAC_NONE
 	bool "Use no hmac alg in SCTP cookie generation"
 	help
@@ -89,6 +95,13 @@ config SCTP_COOKIE_HMAC_SHA1
 	select CRYPTO_HMAC if SCTP_COOKIE_HMAC_SHA1
 	select CRYPTO_SHA1 if SCTP_COOKIE_HMAC_SHA1
 
+config SCTP_COOKIE_HMAC_SHA256
+	bool "Enable optional SHA256 hmac cookie generation"
+	help
+	  Enable optional SHA256 hmac based SCTP cookie generation
+	select CRYPTO_HMAC if SCTP_COOKIE_HMAC_SHA256
+	select CRYPTO_SHA256 if SCTP_COOKIE_HMAC_SHA256
+
 config INET_SCTP_DIAG
 	depends on INET_DIAG
 	def_tristate INET_DIAG
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 35928fefae33..3a0b76e26878 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1317,6 +1317,8 @@ static int __net_init sctp_defaults_init(struct net *net)
 	net->sctp.sctp_hmac_alg			= "md5";
 #elif defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1)
 	net->sctp.sctp_hmac_alg			= "sha1";
+#elif defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA256)
+	net->sctp.sctp_hmac_alg			= "sha256";
 #else
 	net->sctp.sctp_hmac_alg			= NULL;
 #endif
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index b46a416787ec..05bfc66effeb 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -400,6 +400,12 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
 			net->sctp.sctp_hmac_alg = "sha1";
 			changed = true;
 		}
+#endif
+#ifdef CONFIG_CRYPTO_SHA256
+		if (!strncmp(tmp, "sha256", 6)) {
+			net->sctp.sctp_hmac_alg = "sha256";
+			changed = true;
+		}
 #endif
 		if (!strncmp(tmp, "none", 4)) {
 			net->sctp.sctp_hmac_alg = NULL;
-- 
2.34.1







