Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp674069lqh; Thu, 28 Mar 2024 12:42:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVqdvVJscqwPYKsUdkbs9/mJnw8zphz4lzJasmSApvzA8LSOnkYaVjmcjdHDKuXy6Wcc6UOCP/69UR1siDSusJ5VHM+DS/I+SMdwlgLvg== X-Google-Smtp-Source: AGHT+IEpJbNP2iZkElbwMoWd3Qhv7B2j2QkD5QHlfpaBCFXqroy3I/X762FqOYecnNUe971fdxFO X-Received: by 2002:a17:90a:dac3:b0:299:1777:134c with SMTP id g3-20020a17090adac300b002991777134cmr442112pjx.33.1711654949689; Thu, 28 Mar 2024 12:42:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711654949; cv=pass; d=google.com; s=arc-20160816; b=DDZGxMOAk3cdSBYskZH9DSupRuYsC5FDQ4gSRmMx5evb15jw8yOOd0+jSioKBN4HcP 3ttn9emSgQvyUGqKO8Ti3N/66qB332icPXD6+i+WJR5yI1C+BViZpsu5Wl0qIvBaI8x/ OQH1t0sKplwWXlD8NWoaPBej3k0nGcapjeThJCML6/g/AxEu+FOFaxXHnc8NZjt0fQH3 nHnME478+fCNvUTMBzLRMKX5g5JQd/+Oa60KHX0PVk3tRHdcEce0nYTT3oTXW68BtXea XM7rnmGKxTUiLuAOFF7slkNW+ldIN8lwfJ0Au6jTwjsCYV9F9R3VkHrAmWbWaFAXSgo2 oliQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=R9rFKgdnjl1+qP2ulkGzbGF6DQvxAxPK/GjEf2hMSac=; fh=4j3Dg8FUHWYwcETh239mCkf73QaGYJ0Xo95czIAA4qQ=; b=nau90cSsteDl+fUxXbd+NVGgcnueX30M3dJFDp0V2WlSRmgeIY56f89MGxWTBbsA/r vezo+25KwB0+nuCcqvZ04Uq54RAkaCmWymH9H4Z15Sjag6gGnqgH5ei7ZeyYWoiVsb0w wKKJvBpaUhNneSwAszoL169Iq/W/Ci6V/sTY/5NAi8eQX2yKYFPWz5deV9VTknKWSgNG uY6d6u9WYOPLQ4A3ngdUi19lukQArKk6sp7k8siryRb46JCjXzExBqDnloDoL8Osx3Qb MH8NGv2KDuYM4dwVdeaItVUuOiHQ+MHS1HUa9TeD/pXaR9yICtJ+nKTKdIoZJ1JPyTdp I33A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F5df2u2t; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-crypto+bounces-3035-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3035-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t6-20020a17090ad50600b002a2093a01f8si1491345pju.179.2024.03.28.12.42.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 12:42:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3035-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F5df2u2t; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-crypto+bounces-3035-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3035-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 13E03294186 for ; Thu, 28 Mar 2024 19:42:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 451C7130A54; Thu, 28 Mar 2024 19:42:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F5df2u2t" X-Original-To: linux-crypto@vger.kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87AD35FBA7 for ; Thu, 28 Mar 2024 19:42:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711654945; cv=none; b=LeHrZZ5eeEjvy8DaULVmwiXxGFql6Q8M2rwDzXKQAd4bY7Zdn0ipaufPHlDyhNspOg8EgJUjzy//Fu2vHkElmN0dxtaaeAf/FgukzLrzrW9UPaFKC5dIdkTFYDLuMdlIlgJt7DRXpVgxdVE227rigipCwtpDrtthVPxGzBqZmD4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711654945; c=relaxed/simple; bh=G54bg5q8nSHx+bWgKyzuXCJMK6dG285yA0AuuEKhQKI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=kmDyHVevc2FHpI9/uveL5p7ePnvVA2DmaFuIl9u8n9Xabj3iJbgnn08qRu4bTPuydzKQnyxKfHo0itg0NJK/0mwTsOxKzh2WwgvxcVteTQAxfnmOezlfKhDS1kBLl62w6H5W+vYJglWd1K4N4v0vwBRimSg6S8F52xMfWD4CwOk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=F5df2u2t; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1711654941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R9rFKgdnjl1+qP2ulkGzbGF6DQvxAxPK/GjEf2hMSac=; b=F5df2u2ttAPAcMRAylxaI75/GGm/jIZufXMTJ98gfxEUHosSLc1yNcj+tCFyO7nIzFXO1C BUIlrN2dlyMkTp5I4DfuN7IKcL+Cewh+ADUcvl0gl8FbzNnFB6j2R/siKdlDTf5bCFt9IB /LE7bpb5hJedD0IQ1zy45WznJViS/CI= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-577-0pJKG3AIMS6c6E2O9qbhYg-1; Thu, 28 Mar 2024 15:42:16 -0400 X-MC-Unique: 0pJKG3AIMS6c6E2O9qbhYg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 76DF729AC03F; Thu, 28 Mar 2024 19:42:16 +0000 (UTC) Received: from aion.redhat.com (unknown [10.22.32.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 61E11C53361; Thu, 28 Mar 2024 19:42:16 +0000 (UTC) Received: by aion.redhat.com (Postfix, from userid 1000) id DED8812E8CC; Thu, 28 Mar 2024 15:42:15 -0400 (EDT) Date: Thu, 28 Mar 2024 15:42:15 -0400 From: Scott Mayhew To: Chuck Lever III Cc: jaganmohan kanakala , Linux NFS Mailing List , David Howells , "linux-crypto@vger.kernel.org" Subject: Re: [External] : Re: LINUX NFS support for SHA256 hash types Message-ID: References: <2DC5A71F-F7B7-401B-954E-6A0656BDC6A9@oracle.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 On Mon, 25 Mar 2024, Chuck Lever III wrote: >=20 >=20 > > On Mar 25, 2024, at 2:34=E2=80=AFAM, jaganmohan kanakala wrote: > >=20 > > Hi Chuck, > >=20 > > Following up with my earlier email, I've noted from the following commi= t that the support for SHA 256/384 has now been added to Linux NFS. > > https://github.com/torvalds/linux/commit/a40cf7530d3104793f9361e69e84ad= a7960724f2 > >=20 > > The commit message says that the implementation was in 'beta' at the ti= me of the commit. Is the implementation still in the 'beta' stage? >=20 > "Beta" was used simply to mean that the code did not have > significant test or deployment experience. So far there > have been only a few bugs, all known to be fixed at the > moment. >=20 >=20 > > I have an NFS client where I'm trying to support SHA 256 for Krb5. How = can I verify my implementation with the Linux NFS server? >=20 > You will need a Linux distribution whose user space > Kerberos libraries support AES_SHA2 enctypes, and of > course a recent kernel. Scott, anything else? Does the > KDC need to handle these enctypes too? It depends on whether both the NFS client and the NFS server support the enctype negotiation extension (RFC 4537). If they do, then the KDC doesn't need to be able to handle those enctypes. -Scott >=20 > -- Chuck Lever >=20 >=20