Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp1744270rdg; Sat, 14 Oct 2023 16:03:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHFxn1XD+tK51x08Ktd88F7f6PNndRT1Sl76FfqGMxeBaGzbAe4KKJzV1cosAGwLeiS0F4k X-Received: by 2002:a17:902:f543:b0:1c7:2740:cfb3 with SMTP id h3-20020a170902f54300b001c72740cfb3mr38711901plf.35.1697324598373; Sat, 14 Oct 2023 16:03:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697324598; cv=none; d=google.com; s=arc-20160816; b=N5SQ9gE9SBcMn2chAoIJuKjpQmX5AIctKpxFZFATX/hK+HkjPAc8uze1QLG4Evi4bK 1m4nDRK18Om6mXLxuwarDXBzoVZBfOQMPPIPsNUi3w9DVeWD1q3/CL8zgVctOhjkuD38 mPifibVYbHkL5CKWVNYbzpAy3PNyAe48PoHJOF10Dv2FolwY/wpkZZrkvT42cb/sbJyr 5T4NpRdAA/dMEM5vS2AItunSI6F+gjmUbgv50p/BQmD72nUYdjiLA+Ejj34FSIs3qnPL LbL/azYkW81WvNljEDdNU2AKurE4zvmuMbJmwpvLkYarzyECeqSIGFrZHzN+PmWQyMCq oIgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=g4FZTSl0d4ZJADlSvm57nChfceUNZzU0dP0RCDb94EA=; fh=JCI4JREBQz7hJhQqZteBRN3STy7K6ODk+xB6N5Lj1LY=; b=061Kbmklq5Uii0W2fKrDb87b8hQYoPXGcDkgiNx7LN24WPgsoG6Yk8tcAhNhgecClE 9drnNZlqH9CO4whRsm8BQYjpm4tURK5iXthFL3x7noajAxYfmrkscCRxhfg6wTuEmmC4 /vRQXfv9D7bl8erEgWOV7koX0PP9WwegNVYZsYVj40Y49Av0KVPM5pyWCDJNOs67XD8+ zvJvvEpif+Xo871gHF41zzxEolZwP4RAK3IBrCihpNlOFOIN2yKsOy3DaOyFI3D4T0El zjenHtevL8CyMjsYHeME0YRuL4/WGgdYrTGKRtYx4VYlTy6Tn1wDR8S6rgmNcBG6idHl C92A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=g6IRxgfb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id k1-20020a170902c40100b001b8b4330585si8364622plk.510.2023.10.14.16.03.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 16:03:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=g6IRxgfb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 3B4FE807EDA9; Sat, 14 Oct 2023 16:03:16 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229872AbjJNXDO (ORCPT + 99 others); Sat, 14 Oct 2023 19:03:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229735AbjJNXDN (ORCPT ); Sat, 14 Oct 2023 19:03:13 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E156B7 for ; Sat, 14 Oct 2023 16:03:10 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id A5D393F546 for ; Sat, 14 Oct 2023 23:03:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697324588; bh=g4FZTSl0d4ZJADlSvm57nChfceUNZzU0dP0RCDb94EA=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=g6IRxgfbQK3zPzzy8ZM4tHFvebXOwaBBDqrCHAP8FETXV8N5PYtQnfnUnd73aglwL TWqJQdwOTz/GxjVnyhDLFzdzb1xzHsCRf6Xl7ditzx8UtVUodBqrc8+T4tEzoLv4Hk Ws222R8dpFMHhuwYg5F/YUIkK79LVkHIUu4qrexu3la1tBia9q6MpWTXS6mrN8HnRr 9whh4Ejmic4GTBd8aUeabjzSv5skocfNijJUebWkDlHpWJW91rVV12T3oMMpecgm2e L5deCUhkzrGSCPw1odN9ECRzVmxemqw89iBScgnizuylz3Mv9opmTIkBjwPMwQ3GsK HPEsLKx39u5Ow== Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-32da47641b5so480104f8f.0 for ; Sat, 14 Oct 2023 16:03:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697324588; x=1697929388; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g4FZTSl0d4ZJADlSvm57nChfceUNZzU0dP0RCDb94EA=; b=XGzN0dKOU0jsbLCI2X01GOBN2Y8qOpvWThFPkqYXPM3Uw/z1rULwTMTN/XViQOnMDh wkbBiPnAkBp24JFZduKIvFV3CIZny3gLN9m2222Yhsgh+Z+bTgxW6KRBkGKMh07pFa9r 2lEuEykQgHLFZItuNKFVDKo4ToadXTsUj2qNXsRHZRQLZHSPexXMZiC5dlqYc1My0swt +aengFNx+ZeqDIqvMsBmq6taMYqHSCTm8IP2bahsxWzw16Y4NhALN1jfxlREpZfkNm9/ P0XhTIJSYj7FZYwqlV7S8d/xkZa2KTSiilp6zLu9zD35qIGBUD99Exs5tYKTkrV0STFa gvXw== X-Gm-Message-State: AOJu0Yzwn4uyGkdM9tnJIsMnO8HuzihqLL6gkBLcnqc01YplHLsvGK2L aRRQoO0o1QWTfrcuhtBVDU12sP4R2jo1sexjSWDO0ba0LUOxm0B7hrbaJBzwXbzfSvjIGi3gMYb RLhf0nwAOXZIvGcBdV4EKyO/XJq8pv0NXhWtJ1Rg5Kj9fM1WR2tPJya0/6g== X-Received: by 2002:a05:6000:1b07:b0:321:6450:62ea with SMTP id f7-20020a0560001b0700b00321645062eamr26180425wrz.36.1697324588153; Sat, 14 Oct 2023 16:03:08 -0700 (PDT) X-Received: by 2002:a05:6000:1b07:b0:321:6450:62ea with SMTP id f7-20020a0560001b0700b00321645062eamr26180409wrz.36.1697324587746; Sat, 14 Oct 2023 16:03:07 -0700 (PDT) MIME-Version: 1.0 References: <20231008040140.1647892-1-dimitri.ledkov@canonical.com> <2e52c8b4-e70a-453f-853a-1962c8167dfa@gmail.com> In-Reply-To: <2e52c8b4-e70a-453f-853a-1962c8167dfa@gmail.com> From: Dimitri John Ledkov Date: Sun, 15 Oct 2023 00:02:32 +0100 Message-ID: Subject: Re: [PATCH] crypto: remove md4 driver To: Denis Kenzior Cc: Herbert Xu , "David S. Miller" , Maxime Coquelin , Alexandre Torgue , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, James Prestwood , Marcel Holtmann Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sat, 14 Oct 2023 16:03:16 -0700 (PDT) On Fri, 13 Oct 2023 at 15:37, Denis Kenzior wrote: > > Hi Herbert, > > On 10/13/23 05:39, Herbert Xu wrote: > > On Sun, Oct 08, 2023 at 05:01:39AM +0100, Dimitri John Ledkov wrote: > >> No internal users left and cryptographically insecure. Users should > >> upgrade to something else, e.g. sha256 blake3. > >> > >> Some drivers have their own full or partial md4 implementation without > >> using crypto/md4. > >> > >> Userspace code search indicates a few copies of hash_info.h > >> https://codesearch.debian.net/search?q=HASH_ALGO_MD4&literal=1 without > >> need for MD4. > >> > >> Preserve uapi hash algorithm indexes and array length, but rename the > >> MD4 enum. > >> > >> Signed-off-by: Dimitri John Ledkov > >> --- > >> crypto/Kconfig | 6 - > >> crypto/Makefile | 1 - > >> crypto/hash_info.c | 4 +- > >> crypto/md4.c | 241 --------------------------------- > >> crypto/tcrypt.c | 12 -- > >> crypto/testmgr.c | 6 - > >> crypto/testmgr.h | 42 ------ > >> include/uapi/linux/hash_info.h | 2 +- > >> 8 files changed, 3 insertions(+), 311 deletions(-) > >> delete mode 100644 crypto/md4.c > > > > Patch applied. Thanks. > > Does this patch break userspace? > > Here's a thread regarding MD4 the last time its removal was attempted: > https://lore.kernel.org/linux-crypto/20210818144617.110061-1-ardb@kernel.org/ > > Please note that iwd does use MD4 hashes here: > https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/checksum.c#n63 > > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/eap-mschapv2.c#n165 > Thank you for this reference. The WiFI eap mschapv2 based authentication indeed relies on MD4. The IWD code uses kernel as a basically impromptu userspace library to gain access to MD4, which sounds like a poor way of doing this. In comparison NetworkManager uses userspace crypto libraries to compute that. Note that iwd has an alternative code path of using md4 hashed password, meaning it does still work on kernels without MD4. It worries me a lot that this is still in active use. MS-CHAPv2 has been completely broken since 2012 with a cloud service at the time offered to automatically crack any communication. It is insecure, does not provide any confidentiality, and worse off allows to steal & reuse credentials to later impersonate the original user. It is worse than unencrypted WiFi in that sense. Even Windows 11 since at least 22H2 release prohibits such connections. I will propose patches to IWD to stop using the md5 crypto kernel interface. As much as it is convenient, users of insecure & obsolete cryptography must not hold up removal of such methods from the kernel. -- okurrr, Dimitri