Ever since commit 2c94b8eca1a2 ("SUNRPC: Use au_rslack when computing
reply buffer size"). It changed how "req->rq_rcvsize" is calculated. It
used to use au_cslack value which was nice and large and changed it to
au_rslack value which turns out to be too small.
Since 5.1, v3 mount with sec=krb5p fails against an Ontap server
because client's receive buffer it too small.
For gss krb5p, we need to account for the mic token in the verifier,
and the wrap token in the wrap token.
RFC 4121 defines:
mic token
Octet no Name Description
--------------------------------------------------------------
0..1 TOK_ID Identification field. Tokens emitted by
GSS_GetMIC() contain the hex value 04 04
expressed in big-endian order in this
field.
2 Flags Attributes field, as described in section
4.2.2.
3..7 Filler Contains five octets of hex value FF.
8..15 SND_SEQ Sequence number field in clear text,
expressed in big-endian order.
16..last SGN_CKSUM Checksum of the "to-be-signed" data and
octet 0..15, as described in section 4.2.4.
that's 16bytes (GSS_KRB5_TOK_HDR_LEN) + chksum
wrap token
Octet no Name Description
--------------------------------------------------------------
0..1 TOK_ID Identification field. Tokens emitted by
GSS_Wrap() contain the hex value 05 04
expressed in big-endian order in this
field.
2 Flags Attributes field, as described in section
4.2.2.
3 Filler Contains the hex value FF.
4..5 EC Contains the "extra count" field, in big-
endian order as described in section 4.2.3.
6..7 RRC Contains the "right rotation count" in big-
endian order, as described in section
4.2.5.
8..15 SND_SEQ Sequence number field in clear text,
expressed in big-endian order.
16..last Data Encrypted data for Wrap tokens with
confidentiality, or plaintext data followed
by the checksum for Wrap tokens without
confidentiality, as described in section
4.2.4.
Also 16bytes of header (GSS_KRB5_TOK_HDR_LEN), encrypted data, and cksum
(other things like padding)
RFC 3961 defines known cksum sizes:
Checksum type sumtype checksum section or
value size reference
---------------------------------------------------------------------
CRC32 1 4 6.1.3
rsa-md4 2 16 6.1.2
rsa-md4-des 3 24 6.2.5
des-mac 4 16 6.2.7
des-mac-k 5 8 6.2.8
rsa-md4-des-k 6 16 6.2.6
rsa-md5 7 16 6.1.1
rsa-md5-des 8 24 6.2.4
rsa-md5-des3 9 24 ??
sha1 (unkeyed) 10 20 ??
hmac-sha1-des3-kd 12 20 6.3
hmac-sha1-des3 13 20 ??
sha1 (unkeyed) 14 20 ??
hmac-sha1-96-aes128 15 20 [KRB5-AES]
hmac-sha1-96-aes256 16 20 [KRB5-AES]
[reserved] 0x8003 ? [GSS-KRB5]
Linux kernel now mainly supports type 15,16 so max cksum size is 20bytes.
(GSS_KRB5_MAX_CKSUM_LEN)
Re-use already existing define of GSS_KRB5_MAX_SLACK_NEEDED that's used
for encoding the gss_wrap tokens (same tokens are used in reply).
Fixes: 2c94b8eca1a2 ("SUNRPC: Use au_rslack when computing reply buffer size")
Signed-off-by: Olga Kornievskaia <[email protected]>
---
net/sunrpc/auth_gss/auth_gss.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 24ca861..d6cd2a5 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -20,6 +20,7 @@
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/auth.h>
#include <linux/sunrpc/auth_gss.h>
+#include <linux/sunrpc/gss_krb5.h>
#include <linux/sunrpc/svcauth_gss.h>
#include <linux/sunrpc/gss_err.h>
#include <linux/workqueue.h>
@@ -1050,7 +1051,7 @@ static void gss_pipe_free(struct gss_pipe *p)
goto err_put_mech;
auth = &gss_auth->rpc_auth;
auth->au_cslack = GSS_CRED_SLACK >> 2;
- auth->au_rslack = GSS_VERF_SLACK >> 2;
+ auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
auth->au_verfsize = GSS_VERF_SLACK >> 2;
auth->au_ralign = GSS_VERF_SLACK >> 2;
auth->au_flags = 0;
--
1.8.3.1
> On Mar 26, 2020, at 10:24 AM, Olga Kornievskaia <[email protected]> wrote:
>
> Ever since commit 2c94b8eca1a2 ("SUNRPC: Use au_rslack when computing
> reply buffer size"). It changed how "req->rq_rcvsize" is calculated. It
> used to use au_cslack value which was nice and large and changed it to
> au_rslack value which turns out to be too small.
>
> Since 5.1, v3 mount with sec=krb5p fails against an Ontap server
> because client's receive buffer it too small.
>
> For gss krb5p, we need to account for the mic token in the verifier,
> and the wrap token in the wrap token.
>
> RFC 4121 defines:
> mic token
> Octet no Name Description
> --------------------------------------------------------------
> 0..1 TOK_ID Identification field. Tokens emitted by
> GSS_GetMIC() contain the hex value 04 04
> expressed in big-endian order in this
> field.
> 2 Flags Attributes field, as described in section
> 4.2.2.
> 3..7 Filler Contains five octets of hex value FF.
> 8..15 SND_SEQ Sequence number field in clear text,
> expressed in big-endian order.
> 16..last SGN_CKSUM Checksum of the "to-be-signed" data and
> octet 0..15, as described in section 4.2.4.
>
> that's 16bytes (GSS_KRB5_TOK_HDR_LEN) + chksum
>
> wrap token
> Octet no Name Description
> --------------------------------------------------------------
> 0..1 TOK_ID Identification field. Tokens emitted by
> GSS_Wrap() contain the hex value 05 04
> expressed in big-endian order in this
> field.
> 2 Flags Attributes field, as described in section
> 4.2.2.
> 3 Filler Contains the hex value FF.
> 4..5 EC Contains the "extra count" field, in big-
> endian order as described in section 4.2.3.
> 6..7 RRC Contains the "right rotation count" in big-
> endian order, as described in section
> 4.2.5.
> 8..15 SND_SEQ Sequence number field in clear text,
> expressed in big-endian order.
> 16..last Data Encrypted data for Wrap tokens with
> confidentiality, or plaintext data followed
> by the checksum for Wrap tokens without
> confidentiality, as described in section
> 4.2.4.
>
> Also 16bytes of header (GSS_KRB5_TOK_HDR_LEN), encrypted data, and cksum
> (other things like padding)
>
> RFC 3961 defines known cksum sizes:
> Checksum type sumtype checksum section or
> value size reference
> ---------------------------------------------------------------------
> CRC32 1 4 6.1.3
> rsa-md4 2 16 6.1.2
> rsa-md4-des 3 24 6.2.5
> des-mac 4 16 6.2.7
> des-mac-k 5 8 6.2.8
> rsa-md4-des-k 6 16 6.2.6
> rsa-md5 7 16 6.1.1
> rsa-md5-des 8 24 6.2.4
> rsa-md5-des3 9 24 ??
> sha1 (unkeyed) 10 20 ??
> hmac-sha1-des3-kd 12 20 6.3
> hmac-sha1-des3 13 20 ??
> sha1 (unkeyed) 14 20 ??
> hmac-sha1-96-aes128 15 20 [KRB5-AES]
> hmac-sha1-96-aes256 16 20 [KRB5-AES]
> [reserved] 0x8003 ? [GSS-KRB5]
>
> Linux kernel now mainly supports type 15,16 so max cksum size is 20bytes.
> (GSS_KRB5_MAX_CKSUM_LEN)
>
> Re-use already existing define of GSS_KRB5_MAX_SLACK_NEEDED that's used
> for encoding the gss_wrap tokens (same tokens are used in reply).
>
> Fixes: 2c94b8eca1a2 ("SUNRPC: Use au_rslack when computing reply buffer size")
> Signed-off-by: Olga Kornievskaia <[email protected]>
Reviewed-by: Chuck Lever <[email protected]>
> ---
> net/sunrpc/auth_gss/auth_gss.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index 24ca861..d6cd2a5 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -20,6 +20,7 @@
> #include <linux/sunrpc/clnt.h>
> #include <linux/sunrpc/auth.h>
> #include <linux/sunrpc/auth_gss.h>
> +#include <linux/sunrpc/gss_krb5.h>
> #include <linux/sunrpc/svcauth_gss.h>
> #include <linux/sunrpc/gss_err.h>
> #include <linux/workqueue.h>
> @@ -1050,7 +1051,7 @@ static void gss_pipe_free(struct gss_pipe *p)
> goto err_put_mech;
> auth = &gss_auth->rpc_auth;
> auth->au_cslack = GSS_CRED_SLACK >> 2;
> - auth->au_rslack = GSS_VERF_SLACK >> 2;
> + auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
> auth->au_verfsize = GSS_VERF_SLACK >> 2;
> auth->au_ralign = GSS_VERF_SLACK >> 2;
> auth->au_flags = 0;
> --
> 1.8.3.1
>
--
Chuck Lever