On Wed, Aug 13, 2025 at 12:03 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > This series converts SCTP chunk and cookie authentication to use the > crypto library API instead of crypto_shash. This is much simpler (the > diffstat should speak for itself), and also faster too. In addition, > this series upgrades the cookie authentication to use HMAC-SHA256. > > I've tested that kernels with this series applied can continue to > communicate using SCTP with older ones, in either direction, using any > choice of None, HMAC-SHA1, or HMAC-SHA256 chunk authentication. > > Changed in v2: > - Added patch which adds CONFIG_CRYPTO_SHA1 to some selftests configs > > Eric Biggers (3): > selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec > sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication > sctp: Convert cookie authentication to use HMAC-SHA256 > > Documentation/networking/ip-sysctl.rst | 11 +- > include/net/netns/sctp.h | 4 +- > include/net/sctp/auth.h | 17 +- > include/net/sctp/constants.h | 9 +- > include/net/sctp/structs.h | 35 +--- > net/sctp/Kconfig | 47 ++---- > net/sctp/auth.c | 166 ++++--------------- > net/sctp/chunk.c | 3 +- > net/sctp/endpointola.c | 23 +-- > net/sctp/protocol.c | 11 +- > net/sctp/sm_make_chunk.c | 60 +++---- > net/sctp/sm_statefuns.c | 2 +- > net/sctp/socket.c | 41 +---- > net/sctp/sysctl.c | 51 +++--- > tools/testing/selftests/net/config | 1 + > tools/testing/selftests/net/netfilter/config | 1 + > 16 files changed, 124 insertions(+), 358 deletions(-) > > > base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 > -- > 2.50.1 > Acked-by: Xin Long <lucien.xin@xxxxxxxxx>
