Received: by 2002:a05:6a10:8a4d:0:0:0:0 with SMTP id dn13csp464565pxb; Thu, 12 Aug 2021 22:06:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz327MzylATrGRA02bK+3WY7Kmu1/X0f3hEd4/cM2yb3xD+pKtP7xOjjfwtxP/VYItlgOm/ X-Received: by 2002:aa7:d4d3:: with SMTP id t19mr697678edr.131.1628831162401; Thu, 12 Aug 2021 22:06:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628831162; cv=none; d=google.com; s=arc-20160816; b=YgJ1KxKjEtVvmcSPCNhUqUZvEYu4wYgv3GF5oPzvz/jaoEgCZRyFgKJ+bzKJ+sPvwW NFiOLVDpPk+CWdeC/91iN0cA8aFHKio1H/CGaIF6QKGemwLeI5CKje42rkVyl44Fq0DZ ZRQHnvkptm7U78nlr8lXVxyC0aFpRECyDHCc3edmbtBNeRGdtiTtavJdGvx+gfk0D318 ZbLA/XtwexmH7N2vWdnGW7O9zcihx99dlMvDg8BT2MNjqicHD/cbqMK6DQe4rrKi7MAH cq/XCNJeFt+DfiPE1lqAJthXEgIJb82Ye6dcc2ei6+0ikUIJJtAD/BlbOcCcQ9veouHC cX1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Xkxv6+rPgNFYK0bumQmdFxc99xFlqWZ0vPYKbCDn8/k=; b=n0EmquyNwSdFldeH7NZJWXfygy2tQiR8sIbdtdchdC2qXbOCiYcQy1NEgs7QVaTdWF jxY7cbfqv/N2odSnoKH8eoU3WCtjspqhs9cMGn6tu3Co/mA1efJmo5RaC5a2kF495zyQ cZPAQry6XAaDUuyUk90A0PIycPruwpwqToIIG6MBPqguXKBDz0YEyh+QNoYn79P4FDDI j56H+PlPdndcH7CpjUUGT/+IdBAg2SIAmjlQ+x0pztWN3HAq/kDL/AEzlYkVL3vkMV+m 3hi8IHBrpnVtz+ZTDuRLfifjnlF6fRReLGcrlo9oec6P/G4HApnqJT9ZYPLheUZGKRwY G3sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kzg19FPk; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kl25si527346ejc.370.2021.08.12.22.05.26; Thu, 12 Aug 2021 22:06:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kzg19FPk; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236982AbhHMErB (ORCPT + 99 others); Fri, 13 Aug 2021 00:47:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234019AbhHMErB (ORCPT ); Fri, 13 Aug 2021 00:47:01 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38DE7C061756; Thu, 12 Aug 2021 21:46:35 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id d6so13484415edt.7; Thu, 12 Aug 2021 21:46:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Xkxv6+rPgNFYK0bumQmdFxc99xFlqWZ0vPYKbCDn8/k=; b=Kzg19FPkyWXsZFoUcJlKFXqgNZCxjU5l0w2yvoZGadKGRsoud4alyqsDXsDAht79SA vp06uvlACdNppSbFEiUcpjoWf/r2o+KmvRaTSOL7sPC2x+S+qRj94p810QJnm47BMOpy gyKxuDFBmZplr0/Vg0tAkDD1y5Dbf5n26kDj2DSgPNruRc6lr21uaRm7lUCwQEGqlDls SY6cpxc7E/o1nBgrtWAOXpJwPmqi10gMOtG2TYJ/wG8y7shA9n6Tx5b4pow57AywBAlk S2El78ZwtrLideuIQK27S4LpDyUHa9Eulc4QvlJPKQuGYV7hc66a5fSu99nRseEcL3Mg ngcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Xkxv6+rPgNFYK0bumQmdFxc99xFlqWZ0vPYKbCDn8/k=; b=ScA/WLIN9HZxT8/2b/T+VngNOnpXyAd/SrVqXCf4gaTNxMNYyoMNLRXayF0eBJee0K U8HPVFsagf3jS0EQHsbWw3ScqKZUzbjJU1UHXBLmpUQNGSJlyMDwjUTuITP3dX2OJMdK W0JTjnFgHB3pEr+svoJBaF5hvEsGwNZeghkSPSUVDSbwT4qBhgKFm7Sgz2xv2LDcNJwX nrn0JZ6Y2O6jvCmtGoVLhAvuZxNvZ7fqbuzo8Xy3hT5utN2NxWqhJ1feof8ekK0lgcVC /ZpvH16PuCU5Ne4NoXctConN75cuVjeu1ImVQ7x9qyEeda/1isJLxVVJR9ZRBMW/kptC tUaw== X-Gm-Message-State: AOAM533ay5DHFm9bvYG54c/dXFD34tsPA2/aWBfaaF2ft5KZ53AES4oD dLbh1lC4FSCF7AmHwkKpJV+ZeiZAw8OaS7ST8mc= X-Received: by 2002:a05:6402:b7a:: with SMTP id cb26mr634654edb.33.1628829993727; Thu, 12 Aug 2021 21:46:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: ronnie sahlberg Date: Fri, 13 Aug 2021 14:46:21 +1000 Message-ID: Subject: Re: Building cifs.ko without any support for insecure crypto? To: Eric Biggers Cc: linux-cifs , Steve French , "samba-technical@lists.samba.org" , linux-crypto@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Aug 13, 2021 at 1:34 PM Eric Biggers wrote: > > Hi! > > We should be working to eliminate any uses of insecure crypto algorithms (e.g. > DES, ARC4, MD4, MD5) from the kernel. In particular, it should be possible to > build a kernel for a modern system without including any such algorithms. > > Currently, CONFIG_CIFS is problematic because it selects all these algorithms > (kconfig options: CONFIG_CRYPTO_LIB_DES, CONFIG_CRYPTO_LIB_ARC4, > CONFIG_CRYPTO_MD4, CONFIG_CRYPTO_MD5). > > It looks like these algorithms might only be used by SMB2.0 and earlier, and the > more modern SMB versions don't use them. Is that the case? It mostly looks > like that, but there's one case I'm not sure about -- there's a call chain which > appears to use ARC4 and HMAC-MD5 even with the most recent SMB version: > > smb311_operations.sess_setup() > SMB2_sess_setup() > SMB2_sess_auth_rawntlmssp_authenticate() > build_ntlmssp_auth_blob() > setup_ntlmv2_rsp() md4 and md5 are used with the NTLMSSP authentication for all dialects, including the latest 3.1.1. The only other authentication mechanism for SMB is krb5. This means that if we build a kernel without md4/md5 then we can no longer use NTLMSSP user/password style authentication, only kerberos. I guess that the use cases where a kernel without these algorithms are present are ok with kerberos as the only authentication mech. Afaik arc4 is only used for signing in the smb1 case. > > Also, there's already an option CONFIG_CIFS_ALLOW_INSECURE_LEGACY=n which > disables support for SMB2.0 and earlier. However, it doesn't actually compile > out the code but rather just prevents it from being used. That means that the > DES and ARC4 library interfaces are still depended on at link time, so they > can't be omitted. Have there been any considerations towards making > CONFIG_CIFS_ALLOW_INSECURE_LEGACY=n compile out the code for SMB2.0 and earlier? I think initially we just wanted to disable its use. If we want to compile a kernel completely without arc4/md4/md5 I think we would need to: 1, Change CONFIG_CIFS_ALLOW_INSECURE_LEGACY=n to compile out the code as you suggests. This should remove the dependency for arc4. I think this would be a good thing to do. 2, Have a different CONFIG_... to compile out the use of NTLMSSP authentication. This must be a different define since md4/md5 are also used for non-legacy dialects. And this should remove the dependency of md4/5. For the latter, I guess we would need a global, i.e. not cifs-specific, config option for this. I assume other users of rc4/md4/md5 would also want this. A new CONFIG_INSECURE_CRYPTO=n ? Ronnie Sahlberg > > - Eric