From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,T_MIXED_ES,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6466BC65BAF for ; Wed, 12 Dec 2018 21:20:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 038632084E for ; Wed, 12 Dec 2018 21:20:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="XjyE0Vvg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 038632084E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726440AbeLLVU0 (ORCPT ); Wed, 12 Dec 2018 16:20:26 -0500 Received: from userp2120.oracle.com ([156.151.31.85]:45512 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726248AbeLLVUZ (ORCPT ); Wed, 12 Dec 2018 16:20:25 -0500 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wBCLIWDs087913; Wed, 12 Dec 2018 21:20:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=mMQfgV1r9pZlmx5BHjmq+6735j8+UMG68SpNOk5sv3g=; b=XjyE0VvgxZuDF/XXxhxDsup5RobIttgAximjCwgKI2EiP3Jep2rYla6GwKHq9KNPaYZH dIGMAYPKtsz+r+ULUM+JsE/roa9x4lN3/4wTdNI9WfB3Kz0QUTGOc89qkKTW2UF8hqGu /yp+MYDPkX4JZSBtV9QflB7j6gAWNb+afo1VkJKi86p4zUYOzGswywiD9mKJ/OQEurle MLXfxA39V4Sh3Ig+cq+uVfqVtfftrkyuVUIe5/++WqJ/qCjicDMIpYitVCs9C+UNkFK2 NixcsR0hsCP+PTbDMbPEByGF8Ac/dyB8sFMdlmq8HbGtPsaix3++PRAQqNDr5G9fbXEa lQ== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2120.oracle.com with ESMTP id 2pb7tf0p4g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 12 Dec 2018 21:20:14 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id wBCLKDaK002774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 12 Dec 2018 21:20:13 GMT Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id wBCLK9Ah024018; Wed, 12 Dec 2018 21:20:10 GMT Received: from anon-dhcp-171.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 12 Dec 2018 13:20:08 -0800 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Re: [PATCH v3 16/24] SUNRPC: Remove support for kerberos_v1 From: Chuck Lever In-Reply-To: <20181210163044.4198.33386.stgit@manet.1015granger.net> Date: Wed, 12 Dec 2018 16:20:04 -0500 Cc: linux-rdma , Anna Schumaker , Linux NFS Mailing List Content-Transfer-Encoding: quoted-printable Message-Id: <8E583942-5064-4096-ACFB-FDD4BA052957@oracle.com> References: <20181210161723.4198.51071.stgit@manet.1015granger.net> <20181210163044.4198.33386.stgit@manet.1015granger.net> To: Trond Myklebust X-Mailer: Apple Mail (2.3445.9.1) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9105 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812120182 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi Trond- > On Dec 10, 2018, at 11:30 AM, Chuck Lever = wrote: >=20 > Kerberos v1 allows the selection of encryption types that are known > to be insecure and are no longer widely deployed. Also there is no > convenient facility for testing v1 or these enctypes, so essentially > this code has been untested for some time. >=20 > Note that RFC 6649 deprecates DES and Arcfour_56 in Kerberos, and > RFC 8429 (October 2018) deprecates DES3 and Arcfour. >=20 > Support for DES_CBC_RAW, DES_CBC_CRC, DES_CBC_MD4, DES_CBC_MD5, > DES3_CBC_RAW, and ARCFOUR_HMAC encryption in the Linux kernel > RPCSEC_GSS implementation is removed by this patch. Wondering what kind of impact this will have on folks who have the deprecated encryption types in their krb5.keytab or with a KDC that might uses DES3 for user principals. Anna suggested putting this change behind a KCONFIG option. > Signed-off-by: Chuck Lever > --- > include/linux/sunrpc/gss_krb5.h | 39 --- > include/linux/sunrpc/gss_krb5_enctypes.h | 2=20 > net/sunrpc/Kconfig | 3=20 > net/sunrpc/auth_gss/Makefile | 2=20 > net/sunrpc/auth_gss/gss_krb5_crypto.c | 423 = ------------------------------ > net/sunrpc/auth_gss/gss_krb5_keys.c | 53 ---- > net/sunrpc/auth_gss/gss_krb5_mech.c | 278 -------------------- > net/sunrpc/auth_gss/gss_krb5_seal.c | 73 ----- > net/sunrpc/auth_gss/gss_krb5_seqnum.c | 164 ------------ > net/sunrpc/auth_gss/gss_krb5_unseal.c | 80 ------ > net/sunrpc/auth_gss/gss_krb5_wrap.c | 254 ------------------ > 11 files changed, 12 insertions(+), 1359 deletions(-) > delete mode 100644 net/sunrpc/auth_gss/gss_krb5_seqnum.c >=20 > diff --git a/include/linux/sunrpc/gss_krb5.h = b/include/linux/sunrpc/gss_krb5.h > index 02c0412..57f4a49 100644 > --- a/include/linux/sunrpc/gss_krb5.h > +++ b/include/linux/sunrpc/gss_krb5.h > @@ -105,7 +105,6 @@ struct krb5_ctx { > struct crypto_sync_skcipher *acceptor_enc_aux; > struct crypto_sync_skcipher *initiator_enc_aux; > u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session = key */ > - u8 cksum[GSS_KRB5_MAX_KEYLEN]; > s32 endtime; > atomic_t seq_send; > atomic64_t seq_send64; > @@ -235,11 +234,6 @@ enum seal_alg { > + GSS_KRB5_MAX_CKSUM_LEN) >=20 > u32 > -make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen, > - struct xdr_buf *body, int body_offset, u8 *cksumkey, > - unsigned int usage, struct xdr_netobj *cksumout); > - > -u32 > make_checksum_v2(struct krb5_ctx *, char *header, int hdrlen, > struct xdr_buf *body, int body_offset, u8 *key, > unsigned int usage, struct xdr_netobj *cksum); > @@ -268,25 +262,6 @@ u32 gss_verify_mic_kerberos(struct gss_ctx *, = struct xdr_buf *, > void *iv, void *in, void *out, int length);=20 >=20 > int > -gss_encrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf = *outbuf, > - int offset, struct page **pages); > - > -int > -gss_decrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf = *inbuf, > - int offset); > - > -s32 > -krb5_make_seq_num(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *key, > - int direction, > - u32 seqnum, unsigned char *cksum, unsigned char *buf); > - > -s32 > -krb5_get_seq_num(struct krb5_ctx *kctx, > - unsigned char *cksum, > - unsigned char *buf, int *direction, u32 *seqnum); > - > -int > xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int = shiftlen); >=20 > u32 > @@ -297,11 +272,6 @@ u32 gss_verify_mic_kerberos(struct gss_ctx *, = struct xdr_buf *, > gfp_t gfp_mask); >=20 > u32 > -gss_krb5_des3_make_key(const struct gss_krb5_enctype *gk5e, > - struct xdr_netobj *randombits, > - struct xdr_netobj *key); > - > -u32 > gss_krb5_aes_make_key(const struct gss_krb5_enctype *gk5e, > struct xdr_netobj *randombits, > struct xdr_netobj *key); > @@ -316,14 +286,5 @@ u32 gss_verify_mic_kerberos(struct gss_ctx *, = struct xdr_buf *, > struct xdr_buf *buf, u32 *plainoffset, > u32 *plainlen); >=20 > -int > -krb5_rc4_setup_seq_key(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *cipher, > - unsigned char *cksum); > - > -int > -krb5_rc4_setup_enc_key(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *cipher, > - s32 seqnum); > void > gss_krb5_make_confounder(char *p, u32 conflen); > diff --git a/include/linux/sunrpc/gss_krb5_enctypes.h = b/include/linux/sunrpc/gss_krb5_enctypes.h > index ec6234e..7a8abcf 100644 > --- a/include/linux/sunrpc/gss_krb5_enctypes.h > +++ b/include/linux/sunrpc/gss_krb5_enctypes.h > @@ -1,4 +1,4 @@ > /* > * Dumb way to share this static piece of information with nfsd > */ > -#define KRB5_SUPPORTED_ENCTYPES "18,17,16,23,3,1,2" > +#define KRB5_SUPPORTED_ENCTYPES "18,17" > diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig > index ac09ca8..80c8efc 100644 > --- a/net/sunrpc/Kconfig > +++ b/net/sunrpc/Kconfig > @@ -18,9 +18,8 @@ config SUNRPC_SWAP > config RPCSEC_GSS_KRB5 > tristate "Secure RPC: Kerberos V mechanism" > depends on SUNRPC && CRYPTO > - depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS > + depends on CRYPTO_MD5 && CRYPTO_CTS > depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && = CRYPTO_AES > - depends on CRYPTO_ARC4 > default y > select SUNRPC_GSS > help > diff --git a/net/sunrpc/auth_gss/Makefile = b/net/sunrpc/auth_gss/Makefile > index c374268..b5a65a0 100644 > --- a/net/sunrpc/auth_gss/Makefile > +++ b/net/sunrpc/auth_gss/Makefile > @@ -12,4 +12,4 @@ auth_rpcgss-y :=3D auth_gss.o gss_generic_token.o \ > obj-$(CONFIG_RPCSEC_GSS_KRB5) +=3D rpcsec_gss_krb5.o >=20 > rpcsec_gss_krb5-y :=3D gss_krb5_mech.o gss_krb5_seal.o = gss_krb5_unseal.o \ > - gss_krb5_seqnum.o gss_krb5_wrap.o gss_krb5_crypto.o = gss_krb5_keys.o > + gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o > diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c = b/net/sunrpc/auth_gss/gss_krb5_crypto.c > index 4f43383..896dd87 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c > +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c > @@ -138,230 +138,6 @@ > return crypto_ahash_update(req); > } >=20 > -static int > -arcfour_hmac_md5_usage_to_salt(unsigned int usage, u8 salt[4]) > -{ > - unsigned int ms_usage; > - > - switch (usage) { > - case KG_USAGE_SIGN: > - ms_usage =3D 15; > - break; > - case KG_USAGE_SEAL: > - ms_usage =3D 13; > - break; > - default: > - return -EINVAL; > - } > - salt[0] =3D (ms_usage >> 0) & 0xff; > - salt[1] =3D (ms_usage >> 8) & 0xff; > - salt[2] =3D (ms_usage >> 16) & 0xff; > - salt[3] =3D (ms_usage >> 24) & 0xff; > - > - return 0; > -} > - > -static u32 > -make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int = hdrlen, > - struct xdr_buf *body, int body_offset, u8 = *cksumkey, > - unsigned int usage, struct xdr_netobj *cksumout) > -{ > - struct scatterlist sg[1]; > - int err =3D -1; > - u8 *checksumdata; > - u8 *rc4salt; > - struct crypto_ahash *md5; > - struct crypto_ahash *hmac_md5; > - struct ahash_request *req; > - > - if (cksumkey =3D=3D NULL) > - return GSS_S_FAILURE; > - > - if (cksumout->len < kctx->gk5e->cksumlength) { > - dprintk("%s: checksum buffer length, %u, too small for = %s\n", > - __func__, cksumout->len, kctx->gk5e->name); > - return GSS_S_FAILURE; > - } > - > - rc4salt =3D kmalloc_array(4, sizeof(*rc4salt), GFP_NOFS); > - if (!rc4salt) > - return GSS_S_FAILURE; > - > - if (arcfour_hmac_md5_usage_to_salt(usage, rc4salt)) { > - dprintk("%s: invalid usage value %u\n", __func__, = usage); > - goto out_free_rc4salt; > - } > - > - checksumdata =3D kmalloc(GSS_KRB5_MAX_CKSUM_LEN, GFP_NOFS); > - if (!checksumdata) > - goto out_free_rc4salt; > - > - md5 =3D crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); > - if (IS_ERR(md5)) > - goto out_free_cksum; > - > - hmac_md5 =3D crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, > - CRYPTO_ALG_ASYNC); > - if (IS_ERR(hmac_md5)) > - goto out_free_md5; > - > - req =3D ahash_request_alloc(md5, GFP_NOFS); > - if (!req) > - goto out_free_hmac_md5; > - > - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, = NULL); > - > - err =3D crypto_ahash_init(req); > - if (err) > - goto out; > - sg_init_one(sg, rc4salt, 4); > - ahash_request_set_crypt(req, sg, NULL, 4); > - err =3D crypto_ahash_update(req); > - if (err) > - goto out; > - > - sg_init_one(sg, header, hdrlen); > - ahash_request_set_crypt(req, sg, NULL, hdrlen); > - err =3D crypto_ahash_update(req); > - if (err) > - goto out; > - err =3D xdr_process_buf(body, body_offset, body->len - = body_offset, > - checksummer, req); > - if (err) > - goto out; > - ahash_request_set_crypt(req, NULL, checksumdata, 0); > - err =3D crypto_ahash_final(req); > - if (err) > - goto out; > - > - ahash_request_free(req); > - req =3D ahash_request_alloc(hmac_md5, GFP_NOFS); > - if (!req) > - goto out_free_hmac_md5; > - > - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, = NULL); > - > - err =3D crypto_ahash_setkey(hmac_md5, cksumkey, = kctx->gk5e->keylength); > - if (err) > - goto out; > - > - sg_init_one(sg, checksumdata, crypto_ahash_digestsize(md5)); > - ahash_request_set_crypt(req, sg, checksumdata, > - crypto_ahash_digestsize(md5)); > - err =3D crypto_ahash_digest(req); > - if (err) > - goto out; > - > - memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength); > - cksumout->len =3D kctx->gk5e->cksumlength; > -out: > - ahash_request_free(req); > -out_free_hmac_md5: > - crypto_free_ahash(hmac_md5); > -out_free_md5: > - crypto_free_ahash(md5); > -out_free_cksum: > - kfree(checksumdata); > -out_free_rc4salt: > - kfree(rc4salt); > - return err ? GSS_S_FAILURE : 0; > -} > - > -/* > - * checksum the plaintext data and hdrlen bytes of the token header > - * The checksum is performed over the first 8 bytes of the > - * gss token header and then over the data body > - */ > -u32 > -make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen, > - struct xdr_buf *body, int body_offset, u8 *cksumkey, > - unsigned int usage, struct xdr_netobj *cksumout) > -{ > - struct crypto_ahash *tfm; > - struct ahash_request *req; > - struct scatterlist sg[1]; > - int err =3D -1; > - u8 *checksumdata; > - unsigned int checksumlen; > - > - if (kctx->gk5e->ctype =3D=3D CKSUMTYPE_HMAC_MD5_ARCFOUR) > - return make_checksum_hmac_md5(kctx, header, hdrlen, > - body, body_offset, > - cksumkey, usage, = cksumout); > - > - if (cksumout->len < kctx->gk5e->cksumlength) { > - dprintk("%s: checksum buffer length, %u, too small for = %s\n", > - __func__, cksumout->len, kctx->gk5e->name); > - return GSS_S_FAILURE; > - } > - > - checksumdata =3D kmalloc(GSS_KRB5_MAX_CKSUM_LEN, GFP_NOFS); > - if (checksumdata =3D=3D NULL) > - return GSS_S_FAILURE; > - > - tfm =3D crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, = CRYPTO_ALG_ASYNC); > - if (IS_ERR(tfm)) > - goto out_free_cksum; > - > - req =3D ahash_request_alloc(tfm, GFP_NOFS); > - if (!req) > - goto out_free_ahash; > - > - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, = NULL); > - > - checksumlen =3D crypto_ahash_digestsize(tfm); > - > - if (cksumkey !=3D NULL) { > - err =3D crypto_ahash_setkey(tfm, cksumkey, > - kctx->gk5e->keylength); > - if (err) > - goto out; > - } > - > - err =3D crypto_ahash_init(req); > - if (err) > - goto out; > - sg_init_one(sg, header, hdrlen); > - ahash_request_set_crypt(req, sg, NULL, hdrlen); > - err =3D crypto_ahash_update(req); > - if (err) > - goto out; > - err =3D xdr_process_buf(body, body_offset, body->len - = body_offset, > - checksummer, req); > - if (err) > - goto out; > - ahash_request_set_crypt(req, NULL, checksumdata, 0); > - err =3D crypto_ahash_final(req); > - if (err) > - goto out; > - > - switch (kctx->gk5e->ctype) { > - case CKSUMTYPE_RSA_MD5: > - err =3D kctx->gk5e->encrypt(kctx->seq, NULL, = checksumdata, > - checksumdata, checksumlen); > - if (err) > - goto out; > - memcpy(cksumout->data, > - checksumdata + checksumlen - = kctx->gk5e->cksumlength, > - kctx->gk5e->cksumlength); > - break; > - case CKSUMTYPE_HMAC_SHA1_DES3: > - memcpy(cksumout->data, checksumdata, = kctx->gk5e->cksumlength); > - break; > - default: > - BUG(); > - break; > - } > - cksumout->len =3D kctx->gk5e->cksumlength; > -out: > - ahash_request_free(req); > -out_free_ahash: > - crypto_free_ahash(tfm); > -out_free_cksum: > - kfree(checksumdata); > - return err ? GSS_S_FAILURE : 0; > -} > - > /* > * checksum the plaintext data and hdrlen bytes of the token header > * Per rfc4121, sec. 4.2.4, the checksum is performed over the data > @@ -526,35 +302,6 @@ struct encryptor_desc { > return 0; > } >=20 > -int > -gss_encrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf = *buf, > - int offset, struct page **pages) > -{ > - int ret; > - struct encryptor_desc desc; > - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm); > - > - BUG_ON((buf->len - offset) % crypto_sync_skcipher_blocksize(tfm) = !=3D 0); > - > - skcipher_request_set_sync_tfm(req, tfm); > - skcipher_request_set_callback(req, 0, NULL, NULL); > - > - memset(desc.iv, 0, sizeof(desc.iv)); > - desc.req =3D req; > - desc.pos =3D offset; > - desc.outbuf =3D buf; > - desc.pages =3D pages; > - desc.fragno =3D 0; > - desc.fraglen =3D 0; > - > - sg_init_table(desc.infrags, 4); > - sg_init_table(desc.outfrags, 4); > - > - ret =3D xdr_process_buf(buf, offset, buf->len - offset, = encryptor, &desc); > - skcipher_request_zero(req); > - return ret; > -} > - > struct decryptor_desc { > u8 iv[GSS_KRB5_MAX_BLOCKSIZE]; > struct skcipher_request *req; > @@ -609,32 +356,6 @@ struct decryptor_desc { > return 0; > } >=20 > -int > -gss_decrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf = *buf, > - int offset) > -{ > - int ret; > - struct decryptor_desc desc; > - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm); > - > - /* XXXJBF: */ > - BUG_ON((buf->len - offset) % crypto_sync_skcipher_blocksize(tfm) = !=3D 0); > - > - skcipher_request_set_sync_tfm(req, tfm); > - skcipher_request_set_callback(req, 0, NULL, NULL); > - > - memset(desc.iv, 0, sizeof(desc.iv)); > - desc.req =3D req; > - desc.fragno =3D 0; > - desc.fraglen =3D 0; > - > - sg_init_table(desc.frags, 4); > - > - ret =3D xdr_process_buf(buf, offset, buf->len - offset, = decryptor, &desc); > - skcipher_request_zero(req); > - return ret; > -} > - > /* > * This function makes the assumption that it was ultimately called > * from gss_wrap(). > @@ -942,147 +663,3 @@ struct decryptor_desc { > ret =3D GSS_S_FAILURE; > return ret; > } > - > -/* > - * Compute Kseq given the initial session key and the checksum. > - * Set the key of the given cipher. > - */ > -int > -krb5_rc4_setup_seq_key(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *cipher, > - unsigned char *cksum) > -{ > - struct crypto_shash *hmac; > - struct shash_desc *desc; > - u8 Kseq[GSS_KRB5_MAX_KEYLEN]; > - u32 zeroconstant =3D 0; > - int err; > - > - dprintk("%s: entered\n", __func__); > - > - hmac =3D crypto_alloc_shash(kctx->gk5e->cksum_name, 0, 0); > - if (IS_ERR(hmac)) { > - dprintk("%s: error %ld, allocating hash '%s'\n", > - __func__, PTR_ERR(hmac), = kctx->gk5e->cksum_name); > - return PTR_ERR(hmac); > - } > - > - desc =3D kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), > - GFP_NOFS); > - if (!desc) { > - dprintk("%s: failed to allocate shash descriptor for = '%s'\n", > - __func__, kctx->gk5e->cksum_name); > - crypto_free_shash(hmac); > - return -ENOMEM; > - } > - > - desc->tfm =3D hmac; > - desc->flags =3D 0; > - > - /* Compute intermediate Kseq from session key */ > - err =3D crypto_shash_setkey(hmac, kctx->Ksess, = kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - err =3D crypto_shash_digest(desc, (u8 *)&zeroconstant, 4, Kseq); > - if (err) > - goto out_err; > - > - /* Compute final Kseq from the checksum and intermediate Kseq */ > - err =3D crypto_shash_setkey(hmac, Kseq, kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - err =3D crypto_shash_digest(desc, cksum, 8, Kseq); > - if (err) > - goto out_err; > - > - err =3D crypto_sync_skcipher_setkey(cipher, Kseq, = kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - err =3D 0; > - > -out_err: > - kzfree(desc); > - crypto_free_shash(hmac); > - dprintk("%s: returning %d\n", __func__, err); > - return err; > -} > - > -/* > - * Compute Kcrypt given the initial session key and the plaintext = seqnum. > - * Set the key of cipher kctx->enc. > - */ > -int > -krb5_rc4_setup_enc_key(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *cipher, > - s32 seqnum) > -{ > - struct crypto_shash *hmac; > - struct shash_desc *desc; > - u8 Kcrypt[GSS_KRB5_MAX_KEYLEN]; > - u8 zeroconstant[4] =3D {0}; > - u8 seqnumarray[4]; > - int err, i; > - > - dprintk("%s: entered, seqnum %u\n", __func__, seqnum); > - > - hmac =3D crypto_alloc_shash(kctx->gk5e->cksum_name, 0, 0); > - if (IS_ERR(hmac)) { > - dprintk("%s: error %ld, allocating hash '%s'\n", > - __func__, PTR_ERR(hmac), = kctx->gk5e->cksum_name); > - return PTR_ERR(hmac); > - } > - > - desc =3D kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), > - GFP_NOFS); > - if (!desc) { > - dprintk("%s: failed to allocate shash descriptor for = '%s'\n", > - __func__, kctx->gk5e->cksum_name); > - crypto_free_shash(hmac); > - return -ENOMEM; > - } > - > - desc->tfm =3D hmac; > - desc->flags =3D 0; > - > - /* Compute intermediate Kcrypt from session key */ > - for (i =3D 0; i < kctx->gk5e->keylength; i++) > - Kcrypt[i] =3D kctx->Ksess[i] ^ 0xf0; > - > - err =3D crypto_shash_setkey(hmac, Kcrypt, = kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - err =3D crypto_shash_digest(desc, zeroconstant, 4, Kcrypt); > - if (err) > - goto out_err; > - > - /* Compute final Kcrypt from the seqnum and intermediate Kcrypt = */ > - err =3D crypto_shash_setkey(hmac, Kcrypt, = kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - seqnumarray[0] =3D (unsigned char) ((seqnum >> 24) & 0xff); > - seqnumarray[1] =3D (unsigned char) ((seqnum >> 16) & 0xff); > - seqnumarray[2] =3D (unsigned char) ((seqnum >> 8) & 0xff); > - seqnumarray[3] =3D (unsigned char) ((seqnum >> 0) & 0xff); > - > - err =3D crypto_shash_digest(desc, seqnumarray, 4, Kcrypt); > - if (err) > - goto out_err; > - > - err =3D crypto_sync_skcipher_setkey(cipher, Kcrypt, > - kctx->gk5e->keylength); > - if (err) > - goto out_err; > - > - err =3D 0; > - > -out_err: > - kzfree(desc); > - crypto_free_shash(hmac); > - dprintk("%s: returning %d\n", __func__, err); > - return err; > -} > diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c = b/net/sunrpc/auth_gss/gss_krb5_keys.c > index 550fdf1..de327ae 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_keys.c > +++ b/net/sunrpc/auth_gss/gss_krb5_keys.c > @@ -242,59 +242,6 @@ u32 krb5_derive_key(const struct gss_krb5_enctype = *gk5e, > return ret; > } >=20 > -#define smask(step) ((1< -#define pstep(x, step) (((x)&smask(step))^(((x)>>step)&smask(step))) > -#define parity_char(x) pstep(pstep(pstep((x), 4), 2), 1) > - > -static void mit_des_fixup_key_parity(u8 key[8]) > -{ > - int i; > - for (i =3D 0; i < 8; i++) { > - key[i] &=3D 0xfe; > - key[i] |=3D 1^parity_char(key[i]); > - } > -} > - > -/* > - * This is the des3 key derivation postprocess function > - */ > -u32 gss_krb5_des3_make_key(const struct gss_krb5_enctype *gk5e, > - struct xdr_netobj *randombits, > - struct xdr_netobj *key) > -{ > - int i; > - u32 ret =3D EINVAL; > - > - if (key->len !=3D 24) { > - dprintk("%s: key->len is %d\n", __func__, key->len); > - goto err_out; > - } > - if (randombits->len !=3D 21) { > - dprintk("%s: randombits->len is %d\n", > - __func__, randombits->len); > - goto err_out; > - } > - > - /* take the seven bytes, move them around into the top 7 bits of = the > - 8 key bytes, then compute the parity bits. Do this three = times. */ > - > - for (i =3D 0; i < 3; i++) { > - memcpy(key->data + i*8, randombits->data + i*7, 7); > - key->data[i*8+7] =3D (((key->data[i*8]&1)<<1) | > - ((key->data[i*8+1]&1)<<2) | > - ((key->data[i*8+2]&1)<<3) | > - ((key->data[i*8+3]&1)<<4) | > - ((key->data[i*8+4]&1)<<5) | > - ((key->data[i*8+5]&1)<<6) | > - ((key->data[i*8+6]&1)<<7)); > - > - mit_des_fixup_key_parity(key->data + i*8); > - } > - ret =3D 0; > -err_out: > - return ret; > -} > - > /* > * This is the aes key derivation postprocess function > */ > diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c = b/net/sunrpc/auth_gss/gss_krb5_mech.c > index eab71fc..0837543 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_mech.c > +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c > @@ -54,69 +54,6 @@ >=20 > static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] =3D = { > /* > - * DES (All DES enctypes are mapped to the same gss = functionality) > - */ > - { > - .etype =3D ENCTYPE_DES_CBC_RAW, > - .ctype =3D CKSUMTYPE_RSA_MD5, > - .name =3D "des-cbc-crc", > - .encrypt_name =3D "cbc(des)", > - .cksum_name =3D "md5", > - .encrypt =3D krb5_encrypt, > - .decrypt =3D krb5_decrypt, > - .mk_key =3D NULL, > - .signalg =3D SGN_ALG_DES_MAC_MD5, > - .sealalg =3D SEAL_ALG_DES, > - .keybytes =3D 7, > - .keylength =3D 8, > - .blocksize =3D 8, > - .conflen =3D 8, > - .cksumlength =3D 8, > - .keyed_cksum =3D 0, > - }, > - /* > - * RC4-HMAC > - */ > - { > - .etype =3D ENCTYPE_ARCFOUR_HMAC, > - .ctype =3D CKSUMTYPE_HMAC_MD5_ARCFOUR, > - .name =3D "rc4-hmac", > - .encrypt_name =3D "ecb(arc4)", > - .cksum_name =3D "hmac(md5)", > - .encrypt =3D krb5_encrypt, > - .decrypt =3D krb5_decrypt, > - .mk_key =3D NULL, > - .signalg =3D SGN_ALG_HMAC_MD5, > - .sealalg =3D SEAL_ALG_MICROSOFT_RC4, > - .keybytes =3D 16, > - .keylength =3D 16, > - .blocksize =3D 1, > - .conflen =3D 8, > - .cksumlength =3D 8, > - .keyed_cksum =3D 1, > - }, > - /* > - * 3DES > - */ > - { > - .etype =3D ENCTYPE_DES3_CBC_RAW, > - .ctype =3D CKSUMTYPE_HMAC_SHA1_DES3, > - .name =3D "des3-hmac-sha1", > - .encrypt_name =3D "cbc(des3_ede)", > - .cksum_name =3D "hmac(sha1)", > - .encrypt =3D krb5_encrypt, > - .decrypt =3D krb5_decrypt, > - .mk_key =3D gss_krb5_des3_make_key, > - .signalg =3D SGN_ALG_HMAC_SHA1_DES3_KD, > - .sealalg =3D SEAL_ALG_DES3KD, > - .keybytes =3D 21, > - .keylength =3D 24, > - .blocksize =3D 8, > - .conflen =3D 8, > - .cksumlength =3D 20, > - .keyed_cksum =3D 1, > - }, > - /* > * AES128 > */ > { > @@ -227,15 +164,6 @@ > if (IS_ERR(p)) > goto out_err; >=20 > - switch (alg) { > - case ENCTYPE_DES_CBC_CRC: > - case ENCTYPE_DES_CBC_MD4: > - case ENCTYPE_DES_CBC_MD5: > - /* Map all these key types to ENCTYPE_DES_CBC_RAW */ > - alg =3D ENCTYPE_DES_CBC_RAW; > - break; > - } > - > if (!supported_gss_krb5_enctype(alg)) { > printk(KERN_WARNING "gss_kerberos_mech: unsupported " > "encryption key algorithm %d\n", alg); > @@ -271,81 +199,6 @@ > return p; > } >=20 > -static int > -gss_import_v1_context(const void *p, const void *end, struct krb5_ctx = *ctx) > -{ > - u32 seq_send; > - int tmp; > - > - p =3D simple_get_bytes(p, end, &ctx->initiate, = sizeof(ctx->initiate)); > - if (IS_ERR(p)) > - goto out_err; > - > - /* Old format supports only DES! Any other enctype uses new = format */ > - ctx->enctype =3D ENCTYPE_DES_CBC_RAW; > - > - ctx->gk5e =3D get_gss_krb5_enctype(ctx->enctype); > - if (ctx->gk5e =3D=3D NULL) { > - p =3D ERR_PTR(-EINVAL); > - goto out_err; > - } > - > - /* The downcall format was designed before we completely = understood > - * the uses of the context fields; so it includes some stuff we > - * just give some minimal sanity-checking, and some we ignore > - * completely (like the next twenty bytes): */ > - if (unlikely(p + 20 > end || p + 20 < p)) { > - p =3D ERR_PTR(-EFAULT); > - goto out_err; > - } > - p +=3D 20; > - p =3D simple_get_bytes(p, end, &tmp, sizeof(tmp)); > - if (IS_ERR(p)) > - goto out_err; > - if (tmp !=3D SGN_ALG_DES_MAC_MD5) { > - p =3D ERR_PTR(-ENOSYS); > - goto out_err; > - } > - p =3D simple_get_bytes(p, end, &tmp, sizeof(tmp)); > - if (IS_ERR(p)) > - goto out_err; > - if (tmp !=3D SEAL_ALG_DES) { > - p =3D ERR_PTR(-ENOSYS); > - goto out_err; > - } > - p =3D simple_get_bytes(p, end, &ctx->endtime, = sizeof(ctx->endtime)); > - if (IS_ERR(p)) > - goto out_err; > - p =3D simple_get_bytes(p, end, &seq_send, sizeof(seq_send)); > - if (IS_ERR(p)) > - goto out_err; > - atomic_set(&ctx->seq_send, seq_send); > - p =3D simple_get_netobj(p, end, &ctx->mech_used); > - if (IS_ERR(p)) > - goto out_err; > - p =3D get_key(p, end, ctx, &ctx->enc); > - if (IS_ERR(p)) > - goto out_err_free_mech; > - p =3D get_key(p, end, ctx, &ctx->seq); > - if (IS_ERR(p)) > - goto out_err_free_key1; > - if (p !=3D end) { > - p =3D ERR_PTR(-EFAULT); > - goto out_err_free_key2; > - } > - > - return 0; > - > -out_err_free_key2: > - crypto_free_sync_skcipher(ctx->seq); > -out_err_free_key1: > - crypto_free_sync_skcipher(ctx->enc); > -out_err_free_mech: > - kfree(ctx->mech_used.data); > -out_err: > - return PTR_ERR(p); > -} > - > static struct crypto_sync_skcipher * > context_v2_alloc_cipher(struct krb5_ctx *ctx, const char *cname, u8 = *key) > { > @@ -377,124 +230,6 @@ > } >=20 > static int > -context_derive_keys_des3(struct krb5_ctx *ctx, gfp_t gfp_mask) > -{ > - struct xdr_netobj c, keyin, keyout; > - u8 cdata[GSS_KRB5_K5CLENGTH]; > - u32 err; > - > - c.len =3D GSS_KRB5_K5CLENGTH; > - c.data =3D cdata; > - > - keyin.data =3D ctx->Ksess; > - keyin.len =3D ctx->gk5e->keylength; > - keyout.len =3D ctx->gk5e->keylength; > - > - /* seq uses the raw key */ > - ctx->seq =3D context_v2_alloc_cipher(ctx, = ctx->gk5e->encrypt_name, > - ctx->Ksess); > - if (ctx->seq =3D=3D NULL) > - goto out_err; > - > - ctx->enc =3D context_v2_alloc_cipher(ctx, = ctx->gk5e->encrypt_name, > - ctx->Ksess); > - if (ctx->enc =3D=3D NULL) > - goto out_free_seq; > - > - /* derive cksum */ > - set_cdata(cdata, KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM); > - keyout.data =3D ctx->cksum; > - err =3D krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, = gfp_mask); > - if (err) { > - dprintk("%s: Error %d deriving cksum key\n", > - __func__, err); > - goto out_free_enc; > - } > - > - return 0; > - > -out_free_enc: > - crypto_free_sync_skcipher(ctx->enc); > -out_free_seq: > - crypto_free_sync_skcipher(ctx->seq); > -out_err: > - return -EINVAL; > -} > - > -/* > - * Note that RC4 depends on deriving keys using the sequence > - * number or the checksum of a token. Therefore, the final keys > - * cannot be calculated until the token is being constructed! > - */ > -static int > -context_derive_keys_rc4(struct krb5_ctx *ctx) > -{ > - struct crypto_shash *hmac; > - char sigkeyconstant[] =3D "signaturekey"; > - int slen =3D strlen(sigkeyconstant) + 1; /* include null = terminator */ > - struct shash_desc *desc; > - int err; > - > - dprintk("RPC: %s: entered\n", __func__); > - /* > - * derive cksum (aka Ksign) key > - */ > - hmac =3D crypto_alloc_shash(ctx->gk5e->cksum_name, 0, 0); > - if (IS_ERR(hmac)) { > - dprintk("%s: error %ld allocating hash '%s'\n", > - __func__, PTR_ERR(hmac), ctx->gk5e->cksum_name); > - err =3D PTR_ERR(hmac); > - goto out_err; > - } > - > - err =3D crypto_shash_setkey(hmac, ctx->Ksess, = ctx->gk5e->keylength); > - if (err) > - goto out_err_free_hmac; > - > - > - desc =3D kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), = GFP_NOFS); > - if (!desc) { > - dprintk("%s: failed to allocate hash descriptor for = '%s'\n", > - __func__, ctx->gk5e->cksum_name); > - err =3D -ENOMEM; > - goto out_err_free_hmac; > - } > - > - desc->tfm =3D hmac; > - desc->flags =3D 0; > - > - err =3D crypto_shash_digest(desc, sigkeyconstant, slen, = ctx->cksum); > - kzfree(desc); > - if (err) > - goto out_err_free_hmac; > - /* > - * allocate hash, and skciphers for data and seqnum encryption > - */ > - ctx->enc =3D crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, = 0, 0); > - if (IS_ERR(ctx->enc)) { > - err =3D PTR_ERR(ctx->enc); > - goto out_err_free_hmac; > - } > - > - ctx->seq =3D crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, = 0, 0); > - if (IS_ERR(ctx->seq)) { > - crypto_free_sync_skcipher(ctx->enc); > - err =3D PTR_ERR(ctx->seq); > - goto out_err_free_hmac; > - } > - > - dprintk("RPC: %s: returning success\n", __func__); > - > - err =3D 0; > - > -out_err_free_hmac: > - crypto_free_shash(hmac); > -out_err: > - dprintk("RPC: %s: returning %d\n", __func__, err); > - return err; > -} > - > -static int > context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask) > { > struct xdr_netobj c, keyin, keyout; > @@ -635,9 +370,6 @@ > p =3D simple_get_bytes(p, end, &ctx->enctype, = sizeof(ctx->enctype)); > if (IS_ERR(p)) > goto out_err; > - /* Map ENCTYPE_DES3_CBC_SHA1 to ENCTYPE_DES3_CBC_RAW */ > - if (ctx->enctype =3D=3D ENCTYPE_DES3_CBC_SHA1) > - ctx->enctype =3D ENCTYPE_DES3_CBC_RAW; > ctx->gk5e =3D get_gss_krb5_enctype(ctx->enctype); > if (ctx->gk5e =3D=3D NULL) { > dprintk("gss_kerberos_mech: unsupported krb5 enctype = %u\n", > @@ -665,10 +397,6 @@ > ctx->mech_used.len =3D gss_kerberos_mech.gm_oid.len; >=20 > switch (ctx->enctype) { > - case ENCTYPE_DES3_CBC_RAW: > - return context_derive_keys_des3(ctx, gfp_mask); > - case ENCTYPE_ARCFOUR_HMAC: > - return context_derive_keys_rc4(ctx); > case ENCTYPE_AES128_CTS_HMAC_SHA1_96: > case ENCTYPE_AES256_CTS_HMAC_SHA1_96: > return context_derive_keys_new(ctx, gfp_mask); > @@ -694,11 +422,7 @@ > if (ctx =3D=3D NULL) > return -ENOMEM; >=20 > - if (len =3D=3D 85) > - ret =3D gss_import_v1_context(p, end, ctx); > - else > - ret =3D gss_import_v2_context(p, end, ctx, gfp_mask); > - > + ret =3D gss_import_v2_context(p, end, ctx, gfp_mask); > if (ret =3D=3D 0) { > ctx_id->internal_ctx_id =3D ctx; > if (endtime) > diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c = b/net/sunrpc/auth_gss/gss_krb5_seal.c > index 48fe4a5..feb0f2a 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_seal.c > +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c > @@ -70,32 +70,6 @@ > #endif >=20 > static void * > -setup_token(struct krb5_ctx *ctx, struct xdr_netobj *token) > -{ > - u16 *ptr; > - void *krb5_hdr; > - int body_size =3D GSS_KRB5_TOK_HDR_LEN + ctx->gk5e->cksumlength; > - > - token->len =3D g_token_size(&ctx->mech_used, body_size); > - > - ptr =3D (u16 *)token->data; > - g_make_token_header(&ctx->mech_used, body_size, (unsigned char = **)&ptr); > - > - /* ptr now at start of header described in rfc 1964, section = 1.2.1: */ > - krb5_hdr =3D ptr; > - *ptr++ =3D KG_TOK_MIC_MSG; > - /* > - * signalg is stored as if it were converted from LE to host = endian, even > - * though it's an opaque pair of bytes according to the RFC. > - */ > - *ptr++ =3D (__force u16)cpu_to_le16(ctx->gk5e->signalg); > - *ptr++ =3D SEAL_ALG_NONE; > - *ptr =3D 0xffff; > - > - return krb5_hdr; > -} > - > -static void * > setup_token_v2(struct krb5_ctx *ctx, struct xdr_netobj *token) > { > u16 *ptr; > @@ -124,45 +98,6 @@ > } >=20 > static u32 > -gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text, > - struct xdr_netobj *token) > -{ > - char cksumdata[GSS_KRB5_MAX_CKSUM_LEN]; > - struct xdr_netobj md5cksum =3D {.len =3D = sizeof(cksumdata), > - .data =3D cksumdata}; > - void *ptr; > - s32 now; > - u32 seq_send; > - u8 *cksumkey; > - > - dprintk("RPC: %s\n", __func__); > - BUG_ON(ctx =3D=3D NULL); > - > - now =3D get_seconds(); > - > - ptr =3D setup_token(ctx, token); > - > - if (ctx->gk5e->keyed_cksum) > - cksumkey =3D ctx->cksum; > - else > - cksumkey =3D NULL; > - > - if (make_checksum(ctx, ptr, 8, text, 0, cksumkey, > - KG_USAGE_SIGN, &md5cksum)) > - return GSS_S_FAILURE; > - > - memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data, md5cksum.len); > - > - seq_send =3D atomic_fetch_inc(&ctx->seq_send); > - > - if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff, > - seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr = + 8)) > - return GSS_S_FAILURE; > - > - return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : = GSS_S_COMPLETE; > -} > - > -static u32 > gss_get_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *text, > struct xdr_netobj *token) > { > @@ -210,14 +145,10 @@ > struct krb5_ctx *ctx =3D gss_ctx->internal_ctx_id; >=20 > switch (ctx->enctype) { > - default: > - BUG(); > - case ENCTYPE_DES_CBC_RAW: > - case ENCTYPE_DES3_CBC_RAW: > - case ENCTYPE_ARCFOUR_HMAC: > - return gss_get_mic_v1(ctx, text, token); > case ENCTYPE_AES128_CTS_HMAC_SHA1_96: > case ENCTYPE_AES256_CTS_HMAC_SHA1_96: > return gss_get_mic_v2(ctx, text, token); > + default: > + return GSS_S_FAILURE; > } > } > diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c = b/net/sunrpc/auth_gss/gss_krb5_seqnum.c > deleted file mode 100644 > index fb66562..0000000 > --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c > +++ /dev/null > @@ -1,164 +0,0 @@ > -/* > - * linux/net/sunrpc/gss_krb5_seqnum.c > - * > - * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/util_seqnum.c > - * > - * Copyright (c) 2000 The Regents of the University of Michigan. > - * All rights reserved. > - * > - * Andy Adamson > - */ > - > -/* > - * Copyright 1993 by OpenVision Technologies, Inc. > - * > - * Permission to use, copy, modify, distribute, and sell this = software > - * and its documentation for any purpose is hereby granted without = fee, > - * provided that the above copyright notice appears in all copies and > - * that both that copyright notice and this permission notice appear = in > - * supporting documentation, and that the name of OpenVision not be = used > - * in advertising or publicity pertaining to distribution of the = software > - * without specific, written prior permission. OpenVision makes no > - * representations about the suitability of this software for any > - * purpose. It is provided "as is" without express or implied = warranty. > - * > - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, > - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, = IN NO > - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR > - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM = LOSS OF > - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE = OR > - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE = USE OR > - * PERFORMANCE OF THIS SOFTWARE. > - */ > - > -#include > -#include > -#include > - > -#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) > -# define RPCDBG_FACILITY RPCDBG_AUTH > -#endif > - > -static s32 > -krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 = seqnum, > - unsigned char *cksum, unsigned char *buf) > -{ > - struct crypto_sync_skcipher *cipher; > - unsigned char plain[8]; > - s32 code; > - > - dprintk("RPC: %s:\n", __func__); > - cipher =3D crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, = 0, 0); > - if (IS_ERR(cipher)) > - return PTR_ERR(cipher); > - > - plain[0] =3D (unsigned char) ((seqnum >> 24) & 0xff); > - plain[1] =3D (unsigned char) ((seqnum >> 16) & 0xff); > - plain[2] =3D (unsigned char) ((seqnum >> 8) & 0xff); > - plain[3] =3D (unsigned char) ((seqnum >> 0) & 0xff); > - plain[4] =3D direction; > - plain[5] =3D direction; > - plain[6] =3D direction; > - plain[7] =3D direction; > - > - code =3D krb5_rc4_setup_seq_key(kctx, cipher, cksum); > - if (code) > - goto out; > - > - code =3D krb5_encrypt(cipher, cksum, plain, buf, 8); > -out: > - crypto_free_sync_skcipher(cipher); > - return code; > -} > -s32 > -krb5_make_seq_num(struct krb5_ctx *kctx, > - struct crypto_sync_skcipher *key, > - int direction, > - u32 seqnum, > - unsigned char *cksum, unsigned char *buf) > -{ > - unsigned char plain[8]; > - > - if (kctx->enctype =3D=3D ENCTYPE_ARCFOUR_HMAC) > - return krb5_make_rc4_seq_num(kctx, direction, seqnum, > - cksum, buf); > - > - plain[0] =3D (unsigned char) (seqnum & 0xff); > - plain[1] =3D (unsigned char) ((seqnum >> 8) & 0xff); > - plain[2] =3D (unsigned char) ((seqnum >> 16) & 0xff); > - plain[3] =3D (unsigned char) ((seqnum >> 24) & 0xff); > - > - plain[4] =3D direction; > - plain[5] =3D direction; > - plain[6] =3D direction; > - plain[7] =3D direction; > - > - return krb5_encrypt(key, cksum, plain, buf, 8); > -} > - > -static s32 > -krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum, > - unsigned char *buf, int *direction, s32 *seqnum) > -{ > - struct crypto_sync_skcipher *cipher; > - unsigned char plain[8]; > - s32 code; > - > - dprintk("RPC: %s:\n", __func__); > - cipher =3D crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, = 0, 0); > - if (IS_ERR(cipher)) > - return PTR_ERR(cipher); > - > - code =3D krb5_rc4_setup_seq_key(kctx, cipher, cksum); > - if (code) > - goto out; > - > - code =3D krb5_decrypt(cipher, cksum, buf, plain, 8); > - if (code) > - goto out; > - > - if ((plain[4] !=3D plain[5]) || (plain[4] !=3D plain[6]) > - || (plain[4] !=3D plain[7])) { > - code =3D (s32)KG_BAD_SEQ; > - goto out; > - } > - > - *direction =3D plain[4]; > - > - *seqnum =3D ((plain[0] << 24) | (plain[1] << 16) | > - (plain[2] << 8) | (plain[3])); > -out: > - crypto_free_sync_skcipher(cipher); > - return code; > -} > - > -s32 > -krb5_get_seq_num(struct krb5_ctx *kctx, > - unsigned char *cksum, > - unsigned char *buf, > - int *direction, u32 *seqnum) > -{ > - s32 code; > - unsigned char plain[8]; > - struct crypto_sync_skcipher *key =3D kctx->seq; > - > - dprintk("RPC: krb5_get_seq_num:\n"); > - > - if (kctx->enctype =3D=3D ENCTYPE_ARCFOUR_HMAC) > - return krb5_get_rc4_seq_num(kctx, cksum, buf, > - direction, seqnum); > - > - if ((code =3D krb5_decrypt(key, cksum, buf, plain, 8))) > - return code; > - > - if ((plain[4] !=3D plain[5]) || (plain[4] !=3D plain[6]) || > - (plain[4] !=3D plain[7])) > - return (s32)KG_BAD_SEQ; > - > - *direction =3D plain[4]; > - > - *seqnum =3D ((plain[0]) | > - (plain[1] << 8) | (plain[2] << 16) | (plain[3] << = 24)); > - > - return 0; > -} > diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c = b/net/sunrpc/auth_gss/gss_krb5_unseal.c > index ef2b25b..f0f646a 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c > +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c > @@ -71,78 +71,6 @@ > * supposedly taken over. */ >=20 > static u32 > -gss_verify_mic_v1(struct krb5_ctx *ctx, > - struct xdr_buf *message_buffer, struct xdr_netobj = *read_token) > -{ > - int signalg; > - int sealalg; > - char cksumdata[GSS_KRB5_MAX_CKSUM_LEN]; > - struct xdr_netobj md5cksum =3D {.len =3D = sizeof(cksumdata), > - .data =3D cksumdata}; > - s32 now; > - int direction; > - u32 seqnum; > - unsigned char *ptr =3D (unsigned char = *)read_token->data; > - int bodysize; > - u8 *cksumkey; > - > - dprintk("RPC: krb5_read_token\n"); > - > - if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, > - read_token->len)) > - return GSS_S_DEFECTIVE_TOKEN; > - > - if ((ptr[0] !=3D ((KG_TOK_MIC_MSG >> 8) & 0xff)) || > - (ptr[1] !=3D (KG_TOK_MIC_MSG & 0xff))) > - return GSS_S_DEFECTIVE_TOKEN; > - > - /* XXX sanity-check bodysize?? */ > - > - signalg =3D ptr[2] + (ptr[3] << 8); > - if (signalg !=3D ctx->gk5e->signalg) > - return GSS_S_DEFECTIVE_TOKEN; > - > - sealalg =3D ptr[4] + (ptr[5] << 8); > - if (sealalg !=3D SEAL_ALG_NONE) > - return GSS_S_DEFECTIVE_TOKEN; > - > - if ((ptr[6] !=3D 0xff) || (ptr[7] !=3D 0xff)) > - return GSS_S_DEFECTIVE_TOKEN; > - > - if (ctx->gk5e->keyed_cksum) > - cksumkey =3D ctx->cksum; > - else > - cksumkey =3D NULL; > - > - if (make_checksum(ctx, ptr, 8, message_buffer, 0, > - cksumkey, KG_USAGE_SIGN, &md5cksum)) > - return GSS_S_FAILURE; > - > - if (memcmp(md5cksum.data, ptr + GSS_KRB5_TOK_HDR_LEN, > - ctx->gk5e->cksumlength)) > - return GSS_S_BAD_SIG; > - > - /* it got through unscathed. Make sure the context is unexpired = */ > - > - now =3D get_seconds(); > - > - if (now > ctx->endtime) > - return GSS_S_CONTEXT_EXPIRED; > - > - /* do sequencing checks */ > - > - if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, > - &direction, &seqnum)) > - return GSS_S_FAILURE; > - > - if ((ctx->initiate && direction !=3D 0xff) || > - (!ctx->initiate && direction !=3D 0)) > - return GSS_S_BAD_SIG; > - > - return GSS_S_COMPLETE; > -} > - > -static u32 > gss_verify_mic_v2(struct krb5_ctx *ctx, > struct xdr_buf *message_buffer, struct xdr_netobj = *read_token) > { > @@ -214,14 +142,10 @@ > struct krb5_ctx *ctx =3D gss_ctx->internal_ctx_id; >=20 > switch (ctx->enctype) { > - default: > - BUG(); > - case ENCTYPE_DES_CBC_RAW: > - case ENCTYPE_DES3_CBC_RAW: > - case ENCTYPE_ARCFOUR_HMAC: > - return gss_verify_mic_v1(ctx, message_buffer, = read_token); > case ENCTYPE_AES128_CTS_HMAC_SHA1_96: > case ENCTYPE_AES256_CTS_HMAC_SHA1_96: > return gss_verify_mic_v2(ctx, message_buffer, = read_token); > + default: > + return GSS_S_FAILURE; > } > } > diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c = b/net/sunrpc/auth_gss/gss_krb5_wrap.c > index 5cdde6c..98c99d3 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c > +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c > @@ -146,244 +146,6 @@ > } > } >=20 > -/* Assumptions: the head and tail of inbuf are ours to play with. > - * The pages, however, may be real pages in the page cache and we = replace > - * them with scratch pages from **pages before writing to them. */ > -/* XXX: obviously the above should be documentation of wrap = interface, > - * and shouldn't be in this kerberos-specific file. */ > - > -/* XXX factor out common code with seal/unseal. */ > - > -static u32 > -gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, > - struct xdr_buf *buf, struct page **pages) > -{ > - char cksumdata[GSS_KRB5_MAX_CKSUM_LEN]; > - struct xdr_netobj md5cksum =3D {.len =3D = sizeof(cksumdata), > - .data =3D cksumdata}; > - int blocksize =3D 0, plainlen; > - unsigned char *ptr, *msg_start; > - s32 now; > - int headlen; > - struct page **tmp_pages; > - u32 seq_send; > - u8 *cksumkey; > - u32 conflen =3D kctx->gk5e->conflen; > - > - dprintk("RPC: %s\n", __func__); > - > - now =3D get_seconds(); > - > - blocksize =3D crypto_sync_skcipher_blocksize(kctx->enc); > - gss_krb5_add_padding(buf, offset, blocksize); > - BUG_ON((buf->len - offset) % blocksize); > - plainlen =3D conflen + buf->len - offset; > - > - headlen =3D g_token_size(&kctx->mech_used, > - GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength + = plainlen) - > - (buf->len - offset); > - > - ptr =3D buf->head[0].iov_base + offset; > - /* shift data to make room for header. */ > - xdr_extend_head(buf, offset, headlen); > - > - /* XXX Would be cleverer to encrypt while copying. */ > - BUG_ON((buf->len - offset - headlen) % blocksize); > - > - g_make_token_header(&kctx->mech_used, > - GSS_KRB5_TOK_HDR_LEN + > - kctx->gk5e->cksumlength + plainlen, = &ptr); > - > - > - /* ptr now at header described in rfc 1964, section 1.2.1: */ > - ptr[0] =3D (unsigned char) ((KG_TOK_WRAP_MSG >> 8) & 0xff); > - ptr[1] =3D (unsigned char) (KG_TOK_WRAP_MSG & 0xff); > - > - msg_start =3D ptr + GSS_KRB5_TOK_HDR_LEN + = kctx->gk5e->cksumlength; > - > - /* > - * signalg and sealalg are stored as if they were converted from = LE > - * to host endian, even though they're opaque pairs of bytes = according > - * to the RFC. > - */ > - *(__le16 *)(ptr + 2) =3D cpu_to_le16(kctx->gk5e->signalg); > - *(__le16 *)(ptr + 4) =3D cpu_to_le16(kctx->gk5e->sealalg); > - ptr[6] =3D 0xff; > - ptr[7] =3D 0xff; > - > - gss_krb5_make_confounder(msg_start, conflen); > - > - if (kctx->gk5e->keyed_cksum) > - cksumkey =3D kctx->cksum; > - else > - cksumkey =3D NULL; > - > - /* XXXJBF: UGH!: */ > - tmp_pages =3D buf->pages; > - buf->pages =3D pages; > - if (make_checksum(kctx, ptr, 8, buf, offset + headlen - conflen, > - cksumkey, KG_USAGE_SEAL, = &md5cksum)) > - return GSS_S_FAILURE; > - buf->pages =3D tmp_pages; > - > - memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data, md5cksum.len); > - > - seq_send =3D atomic_fetch_inc(&kctx->seq_send); > - > - /* XXX would probably be more efficient to compute checksum > - * and encrypt at the same time: */ > - if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : = 0xff, > - seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr = + 8))) > - return GSS_S_FAILURE; > - > - if (kctx->enctype =3D=3D ENCTYPE_ARCFOUR_HMAC) { > - struct crypto_sync_skcipher *cipher; > - int err; > - cipher =3D = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, > - 0, 0); > - if (IS_ERR(cipher)) > - return GSS_S_FAILURE; > - > - krb5_rc4_setup_enc_key(kctx, cipher, seq_send); > - > - err =3D gss_encrypt_xdr_buf(cipher, buf, > - offset + headlen - conflen, = pages); > - crypto_free_sync_skcipher(cipher); > - if (err) > - return GSS_S_FAILURE; > - } else { > - if (gss_encrypt_xdr_buf(kctx->enc, buf, > - offset + headlen - conflen, = pages)) > - return GSS_S_FAILURE; > - } > - > - return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : = GSS_S_COMPLETE; > -} > - > -static u32 > -gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct = xdr_buf *buf) > -{ > - int signalg; > - int sealalg; > - char cksumdata[GSS_KRB5_MAX_CKSUM_LEN]; > - struct xdr_netobj md5cksum =3D {.len =3D = sizeof(cksumdata), > - .data =3D cksumdata}; > - s32 now; > - int direction; > - s32 seqnum; > - unsigned char *ptr; > - int bodysize; > - void *data_start, *orig_start; > - int data_len; > - int blocksize; > - u32 conflen =3D kctx->gk5e->conflen; > - int crypt_offset; > - u8 *cksumkey; > - > - dprintk("RPC: gss_unwrap_kerberos\n"); > - > - ptr =3D (u8 *)buf->head[0].iov_base + offset; > - if (g_verify_token_header(&kctx->mech_used, &bodysize, &ptr, > - buf->len - offset)) > - return GSS_S_DEFECTIVE_TOKEN; > - > - if ((ptr[0] !=3D ((KG_TOK_WRAP_MSG >> 8) & 0xff)) || > - (ptr[1] !=3D (KG_TOK_WRAP_MSG & 0xff))) > - return GSS_S_DEFECTIVE_TOKEN; > - > - /* XXX sanity-check bodysize?? */ > - > - /* get the sign and seal algorithms */ > - > - signalg =3D ptr[2] + (ptr[3] << 8); > - if (signalg !=3D kctx->gk5e->signalg) > - return GSS_S_DEFECTIVE_TOKEN; > - > - sealalg =3D ptr[4] + (ptr[5] << 8); > - if (sealalg !=3D kctx->gk5e->sealalg) > - return GSS_S_DEFECTIVE_TOKEN; > - > - if ((ptr[6] !=3D 0xff) || (ptr[7] !=3D 0xff)) > - return GSS_S_DEFECTIVE_TOKEN; > - > - /* > - * Data starts after token header and checksum. ptr points > - * to the beginning of the token header > - */ > - crypt_offset =3D ptr + (GSS_KRB5_TOK_HDR_LEN + = kctx->gk5e->cksumlength) - > - (unsigned char = *)buf->head[0].iov_base; > - > - /* > - * Need plaintext seqnum to derive encryption key for = arcfour-hmac > - */ > - if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN, > - ptr + 8, &direction, &seqnum)) > - return GSS_S_BAD_SIG; > - > - if ((kctx->initiate && direction !=3D 0xff) || > - (!kctx->initiate && direction !=3D 0)) > - return GSS_S_BAD_SIG; > - > - if (kctx->enctype =3D=3D ENCTYPE_ARCFOUR_HMAC) { > - struct crypto_sync_skcipher *cipher; > - int err; > - > - cipher =3D = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, > - 0, 0); > - if (IS_ERR(cipher)) > - return GSS_S_FAILURE; > - > - krb5_rc4_setup_enc_key(kctx, cipher, seqnum); > - > - err =3D gss_decrypt_xdr_buf(cipher, buf, crypt_offset); > - crypto_free_sync_skcipher(cipher); > - if (err) > - return GSS_S_DEFECTIVE_TOKEN; > - } else { > - if (gss_decrypt_xdr_buf(kctx->enc, buf, crypt_offset)) > - return GSS_S_DEFECTIVE_TOKEN; > - } > - > - if (kctx->gk5e->keyed_cksum) > - cksumkey =3D kctx->cksum; > - else > - cksumkey =3D NULL; > - > - if (make_checksum(kctx, ptr, 8, buf, crypt_offset, > - cksumkey, KG_USAGE_SEAL, = &md5cksum)) > - return GSS_S_FAILURE; > - > - if (memcmp(md5cksum.data, ptr + GSS_KRB5_TOK_HDR_LEN, > - = kctx->gk5e->cksumlength)) > - return GSS_S_BAD_SIG; > - > - /* it got through unscathed. Make sure the context is unexpired = */ > - > - now =3D get_seconds(); > - > - if (now > kctx->endtime) > - return GSS_S_CONTEXT_EXPIRED; > - > - /* do sequencing checks */ > - > - /* Copy the data back to the right position. XXX: Would = probably be > - * better to copy and encrypt at the same time. */ > - > - blocksize =3D crypto_sync_skcipher_blocksize(kctx->enc); > - data_start =3D ptr + (GSS_KRB5_TOK_HDR_LEN + = kctx->gk5e->cksumlength) + > - conflen; > - orig_start =3D buf->head[0].iov_base + offset; > - data_len =3D (buf->head[0].iov_base + buf->head[0].iov_len) - = data_start; > - memmove(orig_start, data_start, data_len); > - buf->head[0].iov_len -=3D (data_start - orig_start); > - buf->len -=3D (data_start - orig_start); > - > - if (gss_krb5_remove_padding(buf, blocksize)) > - return GSS_S_DEFECTIVE_TOKEN; > - > - return GSS_S_COMPLETE; > -} > - > /* > * We can shift data by up to LOCAL_BUF_LEN bytes in a pass. If we = need > * to do more than that, we shift repeatedly. Kevin Coffman reports > @@ -588,15 +350,11 @@ static void rotate_left(u32 base, struct xdr_buf = *buf, unsigned int shift) > struct krb5_ctx *kctx =3D gctx->internal_ctx_id; >=20 > switch (kctx->enctype) { > - default: > - BUG(); > - case ENCTYPE_DES_CBC_RAW: > - case ENCTYPE_DES3_CBC_RAW: > - case ENCTYPE_ARCFOUR_HMAC: > - return gss_wrap_kerberos_v1(kctx, offset, buf, pages); > case ENCTYPE_AES128_CTS_HMAC_SHA1_96: > case ENCTYPE_AES256_CTS_HMAC_SHA1_96: > return gss_wrap_kerberos_v2(kctx, offset, buf, pages); > + default: > + return GSS_S_FAILURE; > } > } >=20 > @@ -606,14 +364,10 @@ static void rotate_left(u32 base, struct xdr_buf = *buf, unsigned int shift) > struct krb5_ctx *kctx =3D gctx->internal_ctx_id; >=20 > switch (kctx->enctype) { > - default: > - BUG(); > - case ENCTYPE_DES_CBC_RAW: > - case ENCTYPE_DES3_CBC_RAW: > - case ENCTYPE_ARCFOUR_HMAC: > - return gss_unwrap_kerberos_v1(kctx, offset, buf); > case ENCTYPE_AES128_CTS_HMAC_SHA1_96: > case ENCTYPE_AES256_CTS_HMAC_SHA1_96: > return gss_unwrap_kerberos_v2(kctx, offset, buf); > + default: > + return GSS_S_FAILURE; > } > } >=20 -- Chuck Lever