Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp2113663rwb; Sun, 15 Jan 2023 09:23:28 -0800 (PST) X-Google-Smtp-Source: AMrXdXsPTouBTucmspc1g0J76gDtmx0WTRM14qeSAtCac02qp0IZJQddHmzLXOXOexRr5Mk6yUs0 X-Received: by 2002:a17:902:d292:b0:189:b4d0:aee with SMTP id t18-20020a170902d29200b00189b4d00aeemr16474982plc.67.1673803408445; Sun, 15 Jan 2023 09:23:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673803408; cv=none; d=google.com; s=arc-20160816; b=RrTZBcEAUfrffZJVyob9gNeLo+RBP78y+q3rnuKjFFrKOUGwsM7834/R3bffeX5nvp NRrj95gaYwhUgrek1wXuZarmVQ4EHIrOsbD93XoMfZOduoJ6mL7pa6ueD2u+j69KMXhK tiNuWUwvevetkLxsKkWp7Uq1QBAJoJ5lUnpG9fIuMeBtXGRYYt2NK0Bu4yt1XwCn5GBk ee9WTwHv+8Q8VEFkNWUU4oza3TUC9EErkLVu5auaHHmJksiquXTbvAXFhUSz0U5flgCN X6Rj9zHZPHKzfFZDZ33F6oQ9WIsvXxnHtqbL9vAH/3VQ57KTZ+9cyEi4SY27768SAONw vvWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=Iktbq4nvjuCEB7AXtqk5K97oKgbc9aZKfhahubIrydE=; b=qXOutx5cZ9Jkg6on17y+4mYtes9J2NUDpj5xKbxNzdfckn4Wnww3GZJb6/q/hBn++H mJ5GEAwTbU9oWQgPMki1IiDqdPQGB7XMWj/ViTHIEm5ODtfqjIVVZ0y6XciJwC3cSN59 4rPmvjB2w38KIC9AidXWcfhE30S9+97WtFRRv2/trV2nGxRgPntmcbdqu6V/Lh8O4rBH tvAf29DnfE9qaEZL6BeOsZaVFjbSEiqphe5UcjLgu7qRmt9exi/vmz9Obh6F/bdQ3yEv SSdui4W+PWj9uivDRhuW9Q0mh7542Q0q6rH6r1qghtm4e77WXZZ5CJwBeIUHyK8BTW5s tYsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WMG0sOkU; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h11-20020a170902f2cb00b001945d411bb1si10173612plc.302.2023.01.15.09.23.17; Sun, 15 Jan 2023 09:23:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WMG0sOkU; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231447AbjAORXM (ORCPT + 99 others); Sun, 15 Jan 2023 12:23:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230401AbjAORXL (ORCPT ); Sun, 15 Jan 2023 12:23:11 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6FF276BB; Sun, 15 Jan 2023 09:23:10 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7403D60DB5; Sun, 15 Jan 2023 17:23:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93E60C433D2; Sun, 15 Jan 2023 17:23:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673803389; bh=Jlg66vxg3W43j3tYt7vzFrl+OZjxf9aBpjHbmjIIEYk=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=WMG0sOkUlNNt7XScLX2zQomenVKSn2HDBuaH035ysEmtwKtz9DNCW7fUpzGOmGhsn zaUH6YFkLnwNSqtrYcEGza3IQPseAPvrW0Kh4ljsj1Z4bLuiPE2kwNlVjoWAk2ktrK oIPWArcRu3zzbMFa84BlzB1aa/YE0XWbIGxmd4ObUcyPZKs6b7z15j6exEMwc+A/6A C+ZncCYs8o91ulHUKH2TQZlaoQlHAcMlZl5OP+ZsDCxOPbWdITmfIQREjANriMH8OH K+JyYVmeNtm4mj/Vfj+7A6CaZPeeb0JD1OK7M8SbMmQjmeCIVkDoG6qSPm3n98HxbT 8OS2VVNEL0DqQ== Subject: [PATCH v2 27/41] SUNRPC: Support the Camellia enctypes From: Chuck Lever To: linux-nfs@vger.kernel.org Cc: dhowells@redhat.com, simo@redhat.com, linux-kselftest@vger.kernel.org Date: Sun, 15 Jan 2023 12:23:08 -0500 Message-ID: <167380338876.10651.2238029008488959799.stgit@bazille.1015granger.net> In-Reply-To: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> References: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Chuck Lever RFC 6803 defines two encryption types that use Camellia ciphers (RFC 3713) and CMAC digests. Implement support for those in SunRPC's GSS Kerberos 5 mechanism. There has not been an explicit request to support these enctypes. However, this new set of enctypes provides a good alternative to the AES-SHA1 enctypes that are to be deprecated at some point. As this implementation is still a "beta", the default is to not build it automatically. Tested-by: Scott Mayhew Signed-off-by: Chuck Lever --- include/linux/sunrpc/gss_krb5.h | 4 +++ net/sunrpc/Kconfig | 13 ++++++++ net/sunrpc/auth_gss/gss_krb5_mech.c | 55 +++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index 8ff397b5c04b..cbb6c8192890 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -176,6 +176,8 @@ enum seal_alg { #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 +#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011 +#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012 #define CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013 #define CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */ @@ -220,6 +222,8 @@ enum seal_alg { #define ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014 #define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 +#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 +#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001A #define ENCTYPE_UNKNOWN 0x01ff /* diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig index b1aa2318e1dc..def7e1ce348b 100644 --- a/net/sunrpc/Kconfig +++ b/net/sunrpc/Kconfig @@ -76,6 +76,19 @@ config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 SHA-1 digests. These include aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96. +config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA + bool "Enable Kerberos encryption types based on Camellia and CMAC" + depends on RPCSEC_GSS_KRB5 + depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA + depends on CRYPTO_CMAC + default n + select RPCSEC_GSS_KRB5_CRYPTOSYSTEM + help + Choose Y to enable the use of Kerberos 5 encryption types + that utilize Camellia ciphers (RFC 3713) and CMAC digests + (NIST Special Publication 800-38B). These include + camellia128-cts-cmac and camellia256-cts-cmac. + config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 bool "Enable Kerberos enctypes based on AES and SHA-2" depends on RPCSEC_GSS_KRB5 diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 97a365608233..4e7cb49a06de 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -147,6 +147,61 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { }, #endif +#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA) + /* + * Camellia-128 with CMAC (RFC 6803) + */ + { + .etype = ENCTYPE_CAMELLIA128_CTS_CMAC, + .ctype = CKSUMTYPE_CMAC_CAMELLIA128, + .name = "camellia128-cts-cmac", + .encrypt_name = "cts(cbc(camellia))", + .aux_cipher = "cbc(camellia)", + .cksum_name = "cmac(camellia)", + .cksumlength = BITS2OCTETS(128), + .keyed_cksum = 1, + .keylength = BITS2OCTETS(128), + .Kc_length = BITS2OCTETS(128), + .Ke_length = BITS2OCTETS(128), + .Ki_length = BITS2OCTETS(128), + + .import_ctx = gss_krb5_import_ctx_v2, + .encrypt = gss_krb5_aes_encrypt, + .decrypt = gss_krb5_aes_decrypt, + + .get_mic = gss_krb5_get_mic_v2, + .verify_mic = gss_krb5_verify_mic_v2, + .wrap = gss_krb5_wrap_v2, + .unwrap = gss_krb5_unwrap_v2, + }, + /* + * Camellia-256 with CMAC (RFC 6803) + */ + { + .etype = ENCTYPE_CAMELLIA256_CTS_CMAC, + .ctype = CKSUMTYPE_CMAC_CAMELLIA256, + .name = "camellia256-cts-cmac", + .encrypt_name = "cts(cbc(camellia))", + .aux_cipher = "cbc(camellia)", + .cksum_name = "cmac(camellia)", + .cksumlength = BITS2OCTETS(128), + .keyed_cksum = 1, + .keylength = BITS2OCTETS(256), + .Kc_length = BITS2OCTETS(256), + .Ke_length = BITS2OCTETS(256), + .Ki_length = BITS2OCTETS(256), + + .import_ctx = gss_krb5_import_ctx_v2, + .encrypt = gss_krb5_aes_encrypt, + .decrypt = gss_krb5_aes_decrypt, + + .get_mic = gss_krb5_get_mic_v2, + .verify_mic = gss_krb5_verify_mic_v2, + .wrap = gss_krb5_wrap_v2, + .unwrap = gss_krb5_unwrap_v2, + }, +#endif + #if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2) /* * AES-128 with SHA-256 (RFC 8009)