ANDROID: make PF_KEY SHA256 use RFC-compliant truncation.

When using the PF_KEY interface, SHA-256 hashes are hardcoded to use 96-bit truncation. This is a violation of RFC4868, which specifies 128-bit truncation, but will not be fixed upstream due to backwards compatibility concerns and because the PF_KEY interface is deprecated in favour of netlink XFRM (which allows the app to specify an arbitrary truncation length). Change the hardcoded truncation length from 96 to 128 so that PF_KEY apps such as racoon will work with standards-compliant VPN servers. Bug: 34114242 Change-Id: Ie46bff4b6358f18117d0be241171d677d31d33f7 Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
author: Lorenzo Colitti <lorenzo@google.com> 2017-05-10 23:54:04 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2017-05-11 03:14:56 +0000
commit: 07c5dc53899533ba8bbe109efee8b6bbb527322b (patch)
tree: e67d365b5a1e69be31f305b342130da05d538d2d
parent: 0d32a2517a11e933c3c61a879e71dbdfd966ddb7 (diff)
download: x86_64-07c5dc53899533ba8bbe109efee8b6bbb527322b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index ab4ef72f0b1d..daed579d138b 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -220,7 +220,7 @@ static struct xfrm_algo_desc aalg_list[] = {
 
 	.uinfo = {
 		.auth = {
-			.icv_truncbits = 96,
+			.icv_truncbits = 128,
 			.icv_fullbits = 256,
 		}
 	},
author	Lorenzo Colitti <lorenzo@google.com>	2017-05-10 23:54:04 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2017-05-11 03:14:56 +0000
commit	07c5dc53899533ba8bbe109efee8b6bbb527322b (patch)
tree	e67d365b5a1e69be31f305b342130da05d538d2d
parent	0d32a2517a11e933c3c61a879e71dbdfd966ddb7 (diff)
download	x86_64-07c5dc53899533ba8bbe109efee8b6bbb527322b.tar.gz