Heads up on Linux kernel supported TCP-AO algorithms
Dmitry Safonov
0x7f454c46 at gmail.com
Tue Apr 28 01:38:37 CEST 2026
Hi Bird devs,
I'm writing because I see your supported algorithms definition for TCP-AO is
: static const char * const tcp_ao_alg_names[] = {
: [ALG_CMAC_AES128_AO] = "cmac(aes128)",
: [ALG_HMAC_MD5] = "hmac(md5)",
: [ALG_HMAC_SHA1] = "hmac(sha1)",
: [ALG_HMAC_SHA224] = "hmac(sha224)",
: [ALG_HMAC_SHA256] = "hmac(sha256)",
: [ALG_HMAC_SHA384] = "hmac(sha384)",
: [ALG_HMAC_SHA512] = "hmac(sha512)",
: };
There is currently a discussion in the Linux kernel mailing list about
removing the support of algorithms, leaving only cmac(aes128),
hmac(sha1) and hmac(sha256) [1]. If you have users who depend on any
but these, please let us know on the mailing list. Otherwise, please
make sure to depricate it before Linux v7.2 gets released without
them.
[1] https://lore.kernel.org/lkml/20260427172727.9310-1-ebiggers@kernel.org/
Thanks,
Dmitry
More information about the Bird-users
mailing list