Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-wireless@vger.kernel.org,
	Marcel Holtmann <marcel@holtmann.org>,
	Denis Kenzior <denkenz@gmail.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Trond Myklebust <trond.myklebust@hammerspace.com>,
	Anna Schumaker <anna.schumaker@netapp.com>,
	"J. Bruce Fields" <bfields@fieldses.org>,
	Chuck Lever <chuck.lever@oracle.com>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	netdev@vger.kernel.org, devel@driverdev.osuosl.org,
	linux-nfs@vger.kernel.org
Subject: Re: [RFC PATCH 4/7] crypto: remove ARC4 support from the skcipher API
Date: Thu, 2 Jul 2020 20:21:25 +0200
Message-ID: <CAMj1kXFen1nickdZab0s8iY7SgauoH56VginEoPdxaAAL2qENw@mail.gmail.com> (raw)
In-Reply-To: <20200702175022.GA2753@sol.localdomain>

On Thu, 2 Jul 2020 at 19:50, Eric Biggers <ebiggers@kernel.org> wrote:
>
> [+linux-wireless, Marcel Holtmann, and Denis Kenzior]
>
> On Thu, Jul 02, 2020 at 12:19:44PM +0200, Ard Biesheuvel wrote:
> > Remove the generic ecb(arc4) skcipher, which is slightly cumbersome from
> > a maintenance perspective, since it does not quite behave like other
> > skciphers do in terms of key vs IV lifetime. Since we are leaving the
> > library interface in place, which is used by the various WEP and TKIP
> > implementations we have in the tree, we can safely drop this code now
> > it no longer has any users.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
>
> Last year there was a discussion where it was mentioned that iwd uses
> "ecb(arc4)" via AF_ALG.  So can we really remove it yet?
> See https://lkml.kernel.org/r/97BB95F6-4A4C-4984-9EAB-6069E19B4A4F@holtmann.org
> Note that the code isn't in "iwd" itself but rather in "libell" which iwd
> depends on: https://git.kernel.org/pub/scm/libs/ell/ell.git/
>
> Apparently it also uses md4 and ecb(des) too.
>

Ah yes, I remember now :-(

> Marcel and Denis, what's your deprecation plan for these obsolete and insecure
> algorithms?
>

Given Denis's statement:

  It sounds to me like it was broken and should be fixed.  So our vote /
  preference is to have ARC4 fixed to follow the proper semantics.  We
  can deal with the kernel behavioral change on our end easily enough;
  the required workarounds are the worse evil.

I would think that an ABI break is not the end of the world for them,
and given how trivial it is to implement RC4 in C, the workaround
should be to simply implement RC4 in user space, and not even bother
trying to use AF_ALG to get at ecb(arc4)

(same applies to md4 and ecb(des) btw)

There will always be a long tail of use cases, and at some point, we
just have to draw the line and remove obsolete and insecure cruft,
especially when it impedes progress on other fronts.



Full implementation of arc4 aka ecb(arc4) below.

void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, unsigned int len)
{
  u32 *const S = ctx->S;
  u32 x, y, a, b;
  u32 ty, ta, tb;

  if (len == 0)
    return;

  x = ctx->x;
  y = ctx->y;

  a = S[x];
  y = (y + a) & 0xff;
  b = S[y];

  do {
    S[y] = a;
    a = (a + b) & 0xff;
    S[x] = b;
    x = (x + 1) & 0xff;
    ta = S[x];
    ty = (y + ta) & 0xff;
    tb = S[ty];
    *out++ = *in++ ^ S[a];
    if (--len == 0)
      break;
    y = ty;
    a = ta;
    b = tb;
  } while (true);

  ctx->x = x;
  ctx->y = y;
}

  reply index

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-02 10:19 [RFC PATCH 0/7] crypto: get rid of ecb(arc4) Ard Biesheuvel
2020-07-02 10:19 ` [RFC PATCH 1/7] staging/rtl8192e: switch to RC4 library interface Ard Biesheuvel
2020-07-02 10:32   ` Greg Kroah-Hartman
2020-07-02 10:19 ` [RFC PATCH 2/7] staging/rtl8192u: " Ard Biesheuvel
2020-07-02 10:32   ` Greg Kroah-Hartman
2020-07-02 10:19 ` [RFC PATCH 3/7] SUNRPC: remove RC4-HMAC-MD5 support from KerberosV Ard Biesheuvel
2020-07-02 15:49   ` J. Bruce Fields
2020-07-02 10:19 ` [RFC PATCH 4/7] crypto: remove ARC4 support from the skcipher API Ard Biesheuvel
2020-07-02 17:50   ` Eric Biggers
2020-07-02 18:21     ` Ard Biesheuvel [this message]
2020-07-02 23:04       ` Ard Biesheuvel
2020-07-18  8:18         ` Ard Biesheuvel
2020-07-25  7:06           ` Ard Biesheuvel
2020-08-04 13:59             ` Ard Biesheuvel
2020-07-02 10:19 ` [RFC PATCH 5/7] crypto: n2 - remove ecb(arc4) support Ard Biesheuvel
2020-07-02 10:19 ` [RFC PATCH 6/7] crypto: bcm-iproc " Ard Biesheuvel
2020-07-02 10:19 ` [RFC PATCH 7/7] crypto: tcrypt - remove ecb(arc4) testing/benchmarking support Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXFen1nickdZab0s8iY7SgauoH56VginEoPdxaAAL2qENw@mail.gmail.com \
    --to=ardb@kernel.org \
    --cc=anna.schumaker@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=denkenz@gmail.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=ebiggers@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=netdev@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git