Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1064392rwb; Fri, 13 Jan 2023 07:31:45 -0800 (PST) X-Google-Smtp-Source: AMrXdXuqzaCjDyQAXQUSXcUJyntnS6HyjyIokQH2R3maHOtdb77xuNZDZXxnFPf47OKfQGdjp9XB X-Received: by 2002:a17:907:7707:b0:844:c651:ce4b with SMTP id kw7-20020a170907770700b00844c651ce4bmr66466163ejc.33.1673623905495; Fri, 13 Jan 2023 07:31:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673623905; cv=none; d=google.com; s=arc-20160816; b=h9viM6rumZQde57SDDYF0TjTRn+F00IiK1Y+msbYNvGxxRdejG1hckVi76J+46WdnR p999jrt/kTT+LwZucdi5LMlylRlG09jCNRMM8gzGhjrvBi2ZHpi/pvggfSj28UBhfFCZ xNLwcxkm4Z/YEgYlxsfzV4ZVrFWqaSb8kUn/uY9hmwSnirvPfKfBpy+9dEA/3Mg/8Md7 fw8OLmWm3/smKZlCeyrG8uPFpGkCjMDUrQyUomA54vSzKyxH8RAMwoVXxAu3pEc1hyMc 7/qo5TdIkup2S24THymSiEYbjXUFD7At1loIiHgryn2vsr21UpUuxcAC3owycvaTty3N a9xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:date:cc:to:from:subject:dkim-signature; bh=K6f5OvJC+GPvzXKlL54NAlIn1/Msy8BjJHktPSfW40s=; b=pYcjCoWcSrUzSRV37B9fmCPvQ/LJMabCNCwtNiqo38QMDHkGkJ58KPUa9I3nCUL1Mj 0Vop8TPfO9qyvQCFa4scy6Rbhl3CA6n5QZA/BPB2NF8juc4ar2s0pao+Ga/SPLn+iXmT w0Z9GCJ1bwx50+HMnAYYvqqnJUCUpp9KEg/CHkb/CtqGu6hx/nRySWtNjbCTtl8Jt/5f XseYoV/CoyVHzBv75xTKo6Sch9BvlNnsu0DUSdSmDCshJZBH2zAukoOHiVc3crRbAqWi mtDh52bEz2aHLnyEhS6nfSZULLFaHpiyWK7afHO+ud7obXt+B8Yfbm4CT/mepElWkEZ1 skng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p6hCvcF6; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ht17-20020a170907609100b007adfe2889efsi21722388ejc.607.2023.01.13.07.31.12; Fri, 13 Jan 2023 07:31:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p6hCvcF6; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229468AbjAMP2d (ORCPT + 99 others); Fri, 13 Jan 2023 10:28:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229762AbjAMP2P (ORCPT ); Fri, 13 Jan 2023 10:28:15 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F0387BCCE for ; Fri, 13 Jan 2023 07:21:29 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5123B6216C for ; Fri, 13 Jan 2023 15:21:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 792B5C433EF; Fri, 13 Jan 2023 15:21:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673623288; bh=GaZaw107gxwriZK+L4c6AgIgxci+B5Iy1+skH2T7jnQ=; h=Subject:From:To:Cc:Date:From; b=p6hCvcF6gXewOyCQf0kUiM7Si8r4RdWhcUTSH03Ak181MNLwnwBLvfBdWXFw83J9S a2GsGiMRI1yxU5fH7WUF1iDytwXO7efV5PPwNcIcElWHH7OcNZMzEFK+cOcTs22UIk fnfLPxBXTOuMip06IVjKzVJez7aicy5RV3uRCnYX0GzqYGr/0KNthlF0bLxvbjhbE1 FbmNc+4Ywl03x/1gB0DEaZoc2AkVyRIWmu5WlkbC7cibixFa9Gt+J5asj1M2X7aTVR On7i9mN+1dRs6lEbE7Emf0V6DpeU5keGaH4+GBcGe8eQf2TddxzIELsM/jFwfgPxIR gzXX4Am0/79AA== Subject: [PATCH v1 00/41] RPCSEC GSS krb5 enhancements From: Chuck Lever To: linux-nfs@vger.kernel.org Cc: dhowells@redhat.com, simo@redhat.com Date: Fri, 13 Jan 2023 10:21:26 -0500 Message-ID: <167362164696.8960.16701168753472560115.stgit@bazille.1015granger.net> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Some light reading for your three-day weekend! The purpose of this series is to improve/harden the security provided by the Linux kernel's RPCSEC GSS Kerberos 5 mechanism. There are lots of clean-ups in this series, but the pertinent feature is the addition of a clean deprecation path for the DES- and SHA1-based encryption types in accordance with Internet BCPs. This series disables DES-based enctypes by default, provides a mechanism for disabling SHA1-based enctypes, and introduces two modern enctypes that do not use deprecated crypto algorithms. Not only does that improve security for Kerberos 5 users, but it also prepares SunRPC for eventually switching to a shared common kernel Kerberos 5 implementation, which surely will not implement any deprecated encryption types (in particular, DES-based ones). Today, MIT supports both of the newly-introduced enctypes, but Heimdal does not appear to. Thus distributions can enable and disable kernel support to match their user space enctype support. Scott has been kicking the tires -- we've found no regressions with the current SHA1-based enctypes, and the others are disabled by default until we have an opportunity for interop testing. The KUnit tests for the new enctypes pass and this implementation successfully interoperates with itself using those enctypes. Therefore I believe it to be ready to merge. When this series gets merged, the Linux NFS community should select and announce a date-certain for removal of DES-based enctype code. --- Chuck Lever (41): SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h SUNRPC: Remove .blocksize field from struct gss_krb5_enctype SUNRPC: Remove .conflen field from struct gss_krb5_enctype SUNRPC: Improve Kerberos confounder generation SUNRPC: Obscure Kerberos session key SUNRPC: Refactor set-up for aux_cipher SUNRPC: Obscure Kerberos encryption keys SUNRPC: Obscure Kerberos signing keys SUNRPC: Obscure Kerberos integrity keys SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism SUNRPC: Remove another switch on ctx->enctype SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods SUNRPC: Hoist KDF into struct gss_krb5_enctype SUNRPC: Clean up cipher set up for v1 encryption types SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() SUNRPC: Add new subkey length fields SUNRPC: Refactor CBC with CTS into helpers SUNRPC: Add gk5e definitions for RFC 8009 encryption types SUNRPC: Add KDF-HMAC-SHA2 SUNRPC: Add RFC 8009 encryption and decryption functions SUNRPC: Advertise support for RFC 8009 encryption types SUNRPC: Support the Camellia enctypes SUNRPC: Add KDF_FEEDBACK_CMAC SUNRPC: Advertise support for the Camellia encryption types SUNRPC: Move remaining internal definitions to gss_krb5_internal.h SUNRPC: Add KUnit tests for rpcsec_krb5.ko SUNRPC: Export get_gss_krb5_enctype() SUNRPC: Add KUnit tests RFC 3961 Key Derivation SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types SUNRPC: Add KDF-HMAC-SHA2 Kunit tests SUNRPC: Add RFC 8009 checksum KUnit tests SUNRPC: Add RFC 8009 encryption KUnit tests SUNRPC: Add encryption self-tests fs/nfsd/nfsctl.c | 74 +- include/linux/sunrpc/gss_krb5.h | 198 +-- include/linux/sunrpc/gss_krb5_enctypes.h | 41 - net/sunrpc/.kunitconfig | 30 + net/sunrpc/Kconfig | 96 +- net/sunrpc/auth_gss/Makefile | 2 + net/sunrpc/auth_gss/auth_gss.c | 17 + net/sunrpc/auth_gss/gss_krb5_crypto.c | 651 +++++-- net/sunrpc/auth_gss/gss_krb5_internal.h | 235 +++ net/sunrpc/auth_gss/gss_krb5_keys.c | 416 ++++- net/sunrpc/auth_gss/gss_krb5_mech.c | 732 +++++--- net/sunrpc/auth_gss/gss_krb5_seal.c | 122 +- net/sunrpc/auth_gss/gss_krb5_seqnum.c | 2 + net/sunrpc/auth_gss/gss_krb5_test.c | 2040 ++++++++++++++++++++++ net/sunrpc/auth_gss/gss_krb5_unseal.c | 63 +- net/sunrpc/auth_gss/gss_krb5_wrap.c | 124 +- net/sunrpc/auth_gss/svcauth_gss.c | 65 + 17 files changed, 4003 insertions(+), 905 deletions(-) delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h create mode 100644 net/sunrpc/.kunitconfig create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c -- Chuck Lever