Linux-CIFS Archive on lore.kernel.org
 help / color / Atom feed
From: David Howells <dhowells@redhat.com>
To: herbert@gondor.apana.org.au, bfields@fieldses.org
Cc: dhowells@redhat.com, trond.myklebust@hammerspace.com,
	linux-crypto@vger.kernel.org, linux-afs@lists.infradead.org,
	linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 03/18] crypto/krb5: Provide infrastructure and key derivation
Date: Thu, 12 Nov 2020 12:58:09 +0000
Message-ID: <160518588968.2277919.3783200728891264713.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <160518586534.2277919.14475638653680231924.stgit@warthog.procyon.org.uk>

Provide key derivation interface functions and a helper to implement the
PRF+ function from rfc4402.

Signed-off-by: David Howells <dhowells@redhat.com>
---

 crypto/krb5/Makefile  |    1 
 crypto/krb5/kdf.c     |  223 +++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/krb5.h |   29 ++++++
 3 files changed, 253 insertions(+)
 create mode 100644 crypto/krb5/kdf.c

diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile
index 071ce2ff82e5..b764c4d09bf2 100644
--- a/crypto/krb5/Makefile
+++ b/crypto/krb5/Makefile
@@ -4,6 +4,7 @@
 #
 
 krb5-y += \
+	kdf.o \
 	main.o
 
 obj-$(CONFIG_CRYPTO_KRB5) += krb5.o
diff --git a/crypto/krb5/kdf.c b/crypto/krb5/kdf.c
new file mode 100644
index 000000000000..8ef7ea31ee8a
--- /dev/null
+++ b/crypto/krb5/kdf.c
@@ -0,0 +1,223 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* Kerberos key derivation.
+ *
+ * Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <crypto/skcipher.h>
+#include <crypto/hash.h>
+#include "internal.h"
+
+/**
+ * crypto_krb5_free_enc_keys - Free an encryption keypair
+ * @e: The key pair to free.
+ */
+void crypto_krb5_free_enc_keys(struct krb5_enc_keys *e)
+{
+	if (e->Ke)
+		crypto_free_sync_skcipher(e->Ke);
+	if (e->Ki)
+		crypto_free_shash(e->Ki);
+	e->Ke = NULL;
+	e->Ki = NULL;
+}
+EXPORT_SYMBOL(crypto_krb5_free_enc_keys);
+
+/**
+ * crypto_krb5_calc_PRFplus - Calculate PRF+ [RFC4402]
+ * @krb5: The encryption type to use
+ * @K: The protocol key for the pseudo-random function
+ * @L: The length of the output
+ * @S: The input octet string
+ * @result: Result buffer, sized to krb5->prf_len
+ * @gfp: Allocation restrictions
+ *
+ * Calculate the kerberos pseudo-random function, PRF+() by the following
+ * method:
+ *
+ *      PRF+(K, L, S) = truncate(L, T1 || T2 || .. || Tn)
+ *      Tn = PRF(K, n || S)
+ *      [rfc4402 sec 2]
+ */
+int crypto_krb5_calc_PRFplus(const struct krb5_enctype *krb5,
+			     const struct krb5_buffer *K,
+			     unsigned int L,
+			     const struct krb5_buffer *S,
+			     struct krb5_buffer *result,
+			     gfp_t gfp)
+{
+	struct krb5_buffer T_series, Tn, n_S;
+	void *buffer;
+	int ret, n = 1;
+
+	Tn.len = krb5->prf_len;
+	T_series.len = 0;
+	n_S.len = 4 + S->len;
+
+	buffer = kzalloc(round16(L + Tn.len) + round16(n_S.len), gfp);
+	if (!buffer)
+		return -ENOMEM;
+
+	T_series.data = buffer;
+	n_S.data = buffer + round16(L + Tn.len);
+	memcpy(n_S.data + 4, S->data, S->len);
+
+	while (T_series.len < L) {
+		*(__be32 *)(n_S.data) = htonl(n);
+		Tn.data = T_series.data + Tn.len * (n - 1);
+		ret = krb5->profile->calc_PRF(krb5, K, &n_S, &Tn, gfp);
+		if (ret < 0)
+			goto err;
+		T_series.len += Tn.len;
+		n++;
+	}
+
+	/* Truncate to L */
+	memcpy(result->data, T_series.data, L);
+	ret = 0;
+
+err:
+	kfree_sensitive(buffer);
+	return ret;
+}
+EXPORT_SYMBOL(crypto_krb5_calc_PRFplus);
+
+/**
+ * crypto_krb5_get_Kc - Derive key Kc and install into a hash
+ * @krb5: The encryption type to use
+ * @TK: The base key
+ * @usage: The key usage number
+ * @key: Prepped buffer to store the key into
+ * @_shash: Where to put the hash (or NULL if not wanted)
+ * @gfp: Allocation restrictions
+ *
+ * Derive the Kerberos Kc checksumming key and, optionally, allocate a hash and
+ * install the key into it, returning the hash.  The key is stored into the
+ * prepared buffer.
+ */
+int crypto_krb5_get_Kc(const struct krb5_enctype *krb5,
+		       const struct krb5_buffer *TK,
+		       u32 usage,
+		       struct krb5_buffer *key,
+		       struct crypto_shash **_shash,
+		       gfp_t gfp)
+{
+	struct crypto_shash *shash;
+	int ret;
+	u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
+	struct krb5_buffer usage_constant = { .len = 5, .data = buf };
+
+	*(__be32 *)buf = cpu_to_be32(usage);
+	buf[4] = KEY_USAGE_SEED_CHECKSUM;
+
+	key->len = krb5->Kc_len;
+	ret = krb5->profile->calc_Kc(krb5, TK, &usage_constant, key, gfp);
+	if (ret < 0)
+		return ret;
+
+	if (_shash) {
+		shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
+		if (IS_ERR(shash))
+			return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
+		*_shash = shash;
+		ret = crypto_shash_setkey(shash, key->data, key->len);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(crypto_krb5_get_Kc);
+
+/**
+ * crypto_krb5_get_Ke - Derive key Ke and install into an skcipher
+ * @krb5: The encryption type to use
+ * @TK: The base key
+ * @usage: The key usage number
+ * @key: Prepped buffer to store the key into
+ * @_ci: Where to put the cipher (or NULL if not wanted)
+ * @gfp: Allocation restrictions
+ *
+ * Derive the Kerberos Ke encryption key and, optionally, allocate an skcipher
+ * and install the key into it, returning the cipher.  The key is stored into
+ * the prepared buffer.
+ */
+int crypto_krb5_get_Ke(const struct krb5_enctype *krb5,
+		       const struct krb5_buffer *TK,
+		       u32 usage,
+		       struct krb5_buffer *key,
+		       struct crypto_sync_skcipher **_ci,
+		       gfp_t gfp)
+{
+	struct crypto_sync_skcipher *ci;
+	int ret;
+	u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
+	struct krb5_buffer usage_constant = { .len = 5, .data = buf };
+
+	*(__be32 *)buf = cpu_to_be32(usage);
+	buf[4] = KEY_USAGE_SEED_ENCRYPTION;
+
+	key->len = krb5->Ke_len;
+	ret = krb5->profile->calc_Ke(krb5, TK, &usage_constant, key, gfp);
+	if (ret < 0)
+		return ret;
+
+	if (_ci) {
+		ci = crypto_alloc_sync_skcipher(krb5->encrypt_name, 0, 0);
+		if (IS_ERR(ci))
+			return (PTR_ERR(ci) == -ENOENT) ? -ENOPKG : PTR_ERR(ci);
+		*_ci = ci;
+		ret = crypto_sync_skcipher_setkey(ci, key->data, key->len);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(crypto_krb5_get_Ke);
+
+/**
+ * crypto_krb5_get_Ki - Derive key Ki and install into a hash
+ * @krb5: The encryption type to use
+ * @TK: The base key
+ * @usage: The key usage number
+ * @key: Prepped buffer to store the key into
+ * @_shash: Where to put the hash (or NULL if not wanted)
+ * @gfp: Allocation restrictions
+ *
+ * Derive the Kerberos Ki integrity checksum key and, optionally, allocate a
+ * hash and install the key into it, returning the hash.  The key is stored
+ * into the prepared buffer.
+ */
+int crypto_krb5_get_Ki(const struct krb5_enctype *krb5,
+		       const struct krb5_buffer *TK,
+		       u32 usage,
+		       struct krb5_buffer *key,
+		       struct crypto_shash **_shash,
+		       gfp_t gfp)
+{
+	struct crypto_shash *shash;
+	int ret;
+	u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
+	struct krb5_buffer usage_constant = { .len = 5, .data = buf };
+
+	*(__be32 *)buf = cpu_to_be32(usage);
+	buf[4] = KEY_USAGE_SEED_INTEGRITY;
+
+	key->len = krb5->Ki_len;
+	ret = krb5->profile->calc_Kc(krb5, TK, &usage_constant, key, gfp);
+	if (ret < 0)
+		return ret;
+
+	if (_shash) {
+		shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
+		if (IS_ERR(shash))
+			return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
+		*_shash = shash;
+		ret = crypto_shash_setkey(shash, key->data, key->len);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(crypto_krb5_get_Ki);
diff --git a/include/crypto/krb5.h b/include/crypto/krb5.h
index a7e4ab4e1348..04286bacaf06 100644
--- a/include/crypto/krb5.h
+++ b/include/crypto/krb5.h
@@ -103,4 +103,33 @@ struct krb5_enctype {
  */
 extern const struct krb5_enctype *crypto_krb5_find_enctype(u32 enctype);
 
+/*
+ * kdf.c
+ */
+extern void crypto_krb5_free_enc_keys(struct krb5_enc_keys *e);
+extern int crypto_krb5_calc_PRFplus(const struct krb5_enctype *krb5,
+				    const struct krb5_buffer *K,
+				    unsigned int L,
+				    const struct krb5_buffer *S,
+				    struct krb5_buffer *result,
+				    gfp_t gfp);
+extern int crypto_krb5_get_Kc(const struct krb5_enctype *krb5,
+			      const struct krb5_buffer *TK,
+			      u32 usage,
+			      struct krb5_buffer *key,
+			      struct crypto_shash **_shash,
+			      gfp_t gfp);
+extern int crypto_krb5_get_Ke(const struct krb5_enctype *krb5,
+			      const struct krb5_buffer *TK,
+			      u32 usage,
+			      struct krb5_buffer *key,
+			      struct crypto_sync_skcipher **_ci,
+			      gfp_t gfp);
+extern int crypto_krb5_get_Ki(const struct krb5_enctype *krb5,
+			      const struct krb5_buffer *TK,
+			      u32 usage,
+			      struct krb5_buffer *key,
+			      struct crypto_shash **_shash,
+			      gfp_t gfp);
+
 #endif /* _CRYPTO_KRB5_H */



  parent reply index

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-12 12:57 [RFC][PATCH 00/18] crypto: Add generic Kerberos library David Howells
2020-11-12 12:57 ` [PATCH 01/18] crypto/krb5: Implement Kerberos crypto core David Howells
2020-11-12 12:58 ` [PATCH 02/18] crypto/krb5: Add some constants out of sunrpc headers David Howells
2020-11-12 12:58 ` David Howells [this message]
2020-11-12 12:58 ` [PATCH 04/18] crypto/krb5: Implement the Kerberos5 rfc3961 key derivation David Howells
2020-11-12 12:58 ` [PATCH 05/18] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions David Howells
2020-11-12 12:58 ` [PATCH 06/18] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic David Howells
2020-11-12 12:58 ` [PATCH 07/18] crypto/krb5: Implement the AES enctypes from rfc3962 David Howells
2020-11-12 12:58 ` [PATCH 08/18] crypto/krb5: Implement crypto self-testing David Howells
2020-11-12 12:58 ` [PATCH 09/18] crypto/krb5: Implement the AES enctypes from rfc8009 David Howells
2020-11-12 12:59 ` [PATCH 10/18] crypto/krb5: Implement the AES encrypt/decrypt " David Howells
2020-11-12 12:59 ` [PATCH 11/18] crypto/krb5: Add the AES self-testing data " David Howells
2020-11-12 12:59 ` [PATCH 12/18] crypto/krb5: Implement the Camellia enctypes from rfc6803 David Howells
2020-11-12 12:59 ` [PATCH 13/18] rxrpc: Add the security index for yfs-rxgk David Howells
2020-11-12 12:59 ` [PATCH 14/18] rxrpc: Add YFS RxGK (GSSAPI) security class David Howells
2020-11-12 12:59 ` [PATCH 15/18] rxrpc: rxgk: Provide infrastructure and key derivation David Howells
2020-11-12 12:59 ` [PATCH 16/18] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) David Howells
2020-11-12 13:00 ` [PATCH 17/18] rxrpc: rxgk: Implement connection rekeying David Howells
2020-11-12 13:00 ` [PATCH 18/18] rxgk: Support OpenAFS's rxgk implementation David Howells
2020-11-12 13:44 ` [RFC][PATCH 00/18] crypto: Add generic Kerberos library David Howells
2020-11-12 14:36 ` Chuck Lever
2020-11-12 15:42 ` David Howells
2020-11-12 15:49   ` Chuck Lever
2020-11-12 16:54   ` David Howells
2020-11-12 21:07     ` Bruce Fields
2020-11-12 21:09       ` Chuck Lever
2020-11-12 18:37 ` J. Bruce Fields
2020-11-12 18:39   ` Chuck Lever
2020-11-26  6:33 ` Herbert Xu
2020-11-26  8:19 ` David Howells
2020-11-27  5:07   ` Herbert Xu
2020-12-01  8:44   ` David Howells
2020-12-01  8:46     ` Herbert Xu
2020-12-01  9:12     ` David Howells
2020-12-01 10:36       ` Herbert Xu
2020-12-04 14:59 ` Why the auxiliary cipher in gss_krb5_crypto.c? David Howells
2020-12-04 15:46   ` Bruce Fields
2020-12-04 16:05     ` Chuck Lever
2020-12-04 16:14     ` Bruce Fields
2020-12-04 16:01   ` David Howells
2020-12-04 16:03     ` Bruce Fields
2020-12-04 16:50     ` David Howells
2020-12-04 17:06       ` Ard Biesheuvel
2020-12-04 17:19       ` David Howells
2020-12-04 17:35         ` Ard Biesheuvel
2020-12-04 21:08           ` Herbert Xu
2020-12-07  8:24           ` David Howells
2020-12-07 12:01         ` David Howells
2020-12-07 13:08           ` Ard Biesheuvel
2020-12-07 14:15           ` David Howells
2020-12-08  8:27             ` Ard Biesheuvel
2020-12-08  9:18             ` David Howells
2020-12-04 18:13   ` Theodore Y. Ts'o
2020-12-08 13:25 ` David Howells
2020-12-08 14:04   ` Ard Biesheuvel
2020-12-08 14:13   ` David Howells
2020-12-08 14:02 ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=160518588968.2277919.3783200728891264713.stgit@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-CIFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-cifs/0 linux-cifs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-cifs linux-cifs/ https://lore.kernel.org/linux-cifs \
		linux-cifs@vger.kernel.org
	public-inbox-index linux-cifs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-cifs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git