From owner-svn-src-head@freebsd.org Wed Jul 29 19:57:59 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F48F9AD695; Wed, 29 Jul 2015 19:57:59 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7079BFE6; Wed, 29 Jul 2015 19:57:59 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t6TJvrrs015090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Jul 2015 12:57:53 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t6TJvrUG015089; Wed, 29 Jul 2015 12:57:53 -0700 (PDT) (envelope-from jmg) Date: Wed, 29 Jul 2015 12:57:53 -0700 From: John-Mark Gurney To: Ermal =?iso-8859-1?Q?Lu=E7i?= Cc: George Neville-Neil , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r286000 - head/sys/netipsec Message-ID: <20150729195753.GM78154@funkthat.com> References: <201507290715.t6T7FHGb094456@repo.freebsd.org> <20150729154036.GG78154@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Wed, 29 Jul 2015 12:57:53 -0700 (PDT) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 19:57:59 -0000 Ermal Lui wrote this message on Wed, Jul 29, 2015 at 19:23 +0200: > On Wed, Jul 29, 2015 at 5:40 PM, John-Mark Gurney wrote: > > > Ermal Lui wrote this message on Wed, Jul 29, 2015 at 14:53 +0200: > > > this was forgotten part on my patches merge from gnn@. > > > Can it be fixed by correcting the patches rather than re-introducing > > this? > > > > > > Most probably the constant definition is wrong on the transforms and also > > > some part of code removal was missed. > > > > No, it cannot be fixed by changing opencrypto/xform.c to truncate the > > hash size... The reason it cannot be is that OCF is not an IPsec only > > framework... > > > > Geli also uses the HMAC constructions, and I have not confirmed if they > > use the full hash size or not... I would be open to adding a field to > > the crypto descriptor that limited how much of the hash is copied out... > > > > It would have been helpful to comment more of these changes... If you > > make a change for a reason (RFC, etc), then throw that in the comments, > > which allows someone following to understand why and prevent their > > removal... At least if they were commented as to why they changed, we > > would have known to rework the change... > > > Yes you are right but according to me this is standard practice being done > allover SSL/IPSec.... > I am not sure which standard GELI follows to comment on that! This also depends upon all future protocols following that standard, and no one needing those extra bits for validation, etc. > Also then it would be better to review the declarations on the transform > since they are apparently not generic, no? The declarations in xform.c need to be what the algorithm specifies, not what gets used by the various protocols... Any deviation from the algorithm specification should be delt with in protocol code, not here... This prevenst a future problem where a prtocol doesn't use that convention, and then it becomes a mess to unwind where these changes were, and fix them all... It's stuff like this which is part of the reason I decided to call GCM, NIST_GCM... OpenBSD has a hacked version that is only good for IPsec, apparently TLS and anything else that does the crazy lets put part of the IV w/ the key... The xform tables are already terribly overloaded, and I wanted to split them out into parameters and implementation, but because IPsec and others reach into those tables, it makes it more difficult... > > > On Wed, Jul 29, 2015 at 9:15 AM, John-Mark Gurney > > wrote: > > > > > > > Author: jmg > > > > Date: Wed Jul 29 07:15:16 2015 > > > > New Revision: 286000 > > > > URL: https://svnweb.freebsd.org/changeset/base/286000 > > > > > > > > Log: > > > > RFC4868 section 2.3 requires that the output be half... This fixes > > > > problems that was introduced in r285336... I have verified that > > > > HMAC-SHA2-256 both ah only and w/ AES-CBC interoperate w/ a NetBSD > > > > 6.1.5 vm... > > > > > > > > Reviewed by: gnn -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."