[PATCH 00/19] RFC add kernel support for newer encrytpion types
Consider this an RFC. These patches add kernel support for triple-DES and AES encryption to the Kerberos gss code. These are currently built on 2.6.25-rc1, but I think they should apply to the latest code as well. The first patch adds a crypto cts wrapper to do the cts mode req'd by AES. This has been submitted to Herbert Xu. A couple of things remain: - Allocate the blkcipher(s) for cbc(aes) during context initialization rather than on-demand. I'll include this in the next version. - Add support for rc4-hmac. - Implement the code necessary to handle possibly rotated data in the version two tokens. I don't expect we'll see rotated data in normal operation, but this should be done for completeness. There are nfs-utils patches required for the new context format from user-land to kernel. I need to finish changes for non-lucid contexts and test those further. K.C. - To unsubscribe from this list: send the line unsubscribe linux-nfs in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 02/19] rpc: gss: Add oid values to the gss_api mechanism structures
From: Usha Ketineni [EMAIL PROTECTED]
On NFSV4 server side, these are required as part of the security
triple(oid,qop,service) information being sent in the response of the
SECINFO operation.
Signed-off-by: Usha Ketineni [EMAIL PROTECTED]
Signed-off-by: J. Bruce Fields [EMAIL PROTECTED]
---
fs/nfsd/nfs4xdr.c|6 +++---
include/linux/sunrpc/gss_api.h |2 +-
include/linux/sunrpc/gss_krb5.h |2 ++
net/sunrpc/auth_gss/gss_krb5_mech.c |4 +++-
net/sunrpc/auth_gss/gss_spkm3_mech.c |4 +++-
5 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index b0592e7..d6b43eb 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2519,9 +2519,9 @@ nfsd4_encode_secinfo(struct nfsd4_compoundres *resp,
__be32 nfserr,
RESERVE_SPACE(4);
WRITE32(RPC_AUTH_GSS);
ADJUST_ARGS();
- RESERVE_SPACE(4 + gm-gm_oid.len);
- WRITE32(gm-gm_oid.len);
- WRITEMEM(gm-gm_oid.data, gm-gm_oid.len);
+ RESERVE_SPACE(4 + gm-gm_oid-len);
+ WRITE32(gm-gm_oid-len);
+ WRITEMEM(gm-gm_oid-data, gm-gm_oid-len);
ADJUST_ARGS();
RESERVE_SPACE(4);
WRITE32(0); /* qop */
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index 459c5fc..ed0b80c 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -76,7 +76,7 @@ struct pf_desc {
struct gss_api_mech {
struct list_headgm_list;
struct module *gm_owner;
- struct xdr_netobj gm_oid;
+ struct xdr_netobj *gm_oid;
char*gm_name;
const struct gss_api_ops *gm_ops;
/* pseudoflavors supported by this mechanism: */
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 5a4b1e0..8c38aba 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -70,6 +70,8 @@ enum seal_alg {
SEAL_ALG_DES3KD = 0x0002
};
+extern struct xdr_netobj krb5_oid;
+
#define KRB5_CKSUM_LENGTH 8
#define CKSUMTYPE_CRC320x0001
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c
b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 60c3dba..3c070d0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -232,10 +232,12 @@ static struct pf_desc gss_kerberos_pfs[] = {
},
};
+struct xdr_netobj krb5_oid = {9, \x2a\x86\x48\x86\xf7\x12\x01\x02\x02};
+
static struct gss_api_mech gss_kerberos_mech = {
.gm_name= krb5,
.gm_owner = THIS_MODULE,
- .gm_oid = {9, (void *)\x2a\x86\x48\x86\xf7\x12\x01\x02\x02},
+ .gm_oid = krb5_oid,
.gm_ops = gss_kerberos_ops,
.gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs),
.gm_pfs = gss_kerberos_pfs,
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c
b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 5deb4b6..210b23b 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -214,10 +214,12 @@ static struct pf_desc gss_spkm3_pfs[] = {
{RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, spkm3i},
};
+struct xdr_netobj spkm3_oid = {7, \053\006\001\005\005\001\003};
+
static struct gss_api_mech gss_spkm3_mech = {
.gm_name= spkm3,
.gm_owner = THIS_MODULE,
- .gm_oid = {7, \053\006\001\005\005\001\003},
+ .gm_oid = spkm3_oid,
.gm_ops = gss_spkm3_ops,
.gm_pf_num = ARRAY_SIZE(gss_spkm3_pfs),
.gm_pfs = gss_spkm3_pfs,
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 03/19] sunrpc: make token header values less confusing
g_make_token_header() and g_token_size() add two too many, and
therefore their callers pass in (logical_value - 2) rather
than logical_value as hard-coded values which causes confusion.
This dates back to the original g_make_token_header which took an
optional token type (token_id) value and added it to the token.
This was removed, but the routine always adds room for the token_id
rather than not.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
net/sunrpc/auth_gss/gss_generic_token.c |4 ++--
net/sunrpc/auth_gss/gss_krb5_seal.c |4 ++--
net/sunrpc/auth_gss/gss_krb5_wrap.c |4 ++--
net/sunrpc/auth_gss/gss_spkm3_seal.c|2 +-
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/net/sunrpc/auth_gss/gss_generic_token.c
b/net/sunrpc/auth_gss/gss_generic_token.c
index ea8c92e..d83b881 100644
--- a/net/sunrpc/auth_gss/gss_generic_token.c
+++ b/net/sunrpc/auth_gss/gss_generic_token.c
@@ -148,7 +148,7 @@ int
g_token_size(struct xdr_netobj *mech, unsigned int body_size)
{
/* set body_size to sequence contents size */
- body_size += 4 + (int) mech-len; /* NEED overflow check */
+ body_size += 2 + (int) mech-len; /* NEED overflow check */
return(1 + der_length_size(body_size) + body_size);
}
@@ -161,7 +161,7 @@ void
g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char
**buf)
{
*(*buf)++ = 0x60;
- der_write_length(buf, 4 + mech-len + body_size);
+ der_write_length(buf, 2 + mech-len + body_size);
*(*buf)++ = 0x06;
*(*buf)++ = (unsigned char) mech-len;
TWRITE_STR(*buf, mech-data, ((int) mech-len));
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c
b/net/sunrpc/auth_gss/gss_krb5_seal.c
index dedcbd6..b2fa785 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -87,10 +87,10 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct
xdr_buf *text,
now = get_seconds();
- token-len = g_token_size(ctx-mech_used, 22);
+ token-len = g_token_size(ctx-mech_used, 24);
ptr = token-data;
- g_make_token_header(ctx-mech_used, 22, ptr);
+ g_make_token_header(ctx-mech_used, 24, ptr);
*ptr++ = (unsigned char) ((KG_TOK_MIC_MSG8)0xff);
*ptr++ = (unsigned char) (KG_TOK_MIC_MSG0xff);
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c
b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 3bdc527..a2c92f1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -137,7 +137,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
BUG_ON((buf-len - offset) % blocksize);
plainlen = blocksize + buf-len - offset;
- headlen = g_token_size(kctx-mech_used, 22 + plainlen) -
+ headlen = g_token_size(kctx-mech_used, 24 + plainlen) -
(buf-len - offset);
ptr = buf-head[0].iov_base + offset;
@@ -149,7 +149,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
buf-len += headlen;
BUG_ON((buf-len - offset - headlen) % blocksize);
- g_make_token_header(kctx-mech_used, 22 + plainlen, ptr);
+ g_make_token_header(kctx-mech_used, 24 + plainlen, ptr);
*ptr++ = (unsigned char) ((KG_TOK_WRAP_MSG8)0xff);
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c
b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index abf17ce..88505d5 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -104,7 +104,7 @@ spkm3_make_token(struct spkm3_ctx *ctx,
goto out_err;
asn1_bitstring_len(md5cksum, md5elen, md5zbit);
- tokenlen = 10 + ctxelen + 1 + md5elen + 1;
+ tokenlen = 12 + ctxelen + 1 + md5elen + 1;
/* Create token header using generic routines */
token-len = g_token_size(ctx-mech_used, tokenlen);
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 06/19] Use get_random_bytes() to create confounder
Instead of using an incementing value for the confounder, use
get_random_bytes() which gives us the desired unpredictable value.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
net/sunrpc/auth_gss/gss_krb5_wrap.c | 15 +--
1 files changed, 1 insertions(+), 14 deletions(-)
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c
b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index a2c92f1..7a0002f 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -90,20 +90,7 @@ out:
static inline void
make_confounder(char *p, int blocksize)
{
- static u64 i = 0;
- u64 *q = (u64 *)p;
-
- /* rfc1964 claims this should be random. But all that's really
-* necessary is that it be unique. And not even that is necessary in
-* our case since our gssapi implementation exists only to support
-* rpcsec_gss, so we know that the only buffers we will ever encrypt
-* already begin with a unique sequence number. Just to hedge my bets
-* I'll make a half-hearted attempt at something unique, but ensuring
-* uniqueness would mean worrying about atomicity and rollover, and I
-* don't care enough. */
-
- BUG_ON(blocksize != 8);
- *q = i++;
+ get_random_bytes(p, blocksize);
}
/* Assumptions: the head and tail of inbuf are ours to play with.
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 07/19] Don't expect blocksize to always be 8 when calculating padding
Allow blocksizes other than 8 when calculating padding
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
net/sunrpc/auth_gss/gss_krb5_wrap.c |5 +
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c
b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 7a0002f..384f470 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -13,10 +13,7 @@
static inline int
gss_krb5_padding(int blocksize, int length)
{
- /* Most of the code is block-size independent but currently we
-* use only 8: */
- BUG_ON(blocksize != 8);
- return 8 - (length 7);
+ return blocksize - (length (blocksize - 1));
}
static inline void
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 08/19] Remove define for KRB5_CKSUM_LENGTH, which will become enctype-dependent
cleanup: When adding new encryption types, the checksum length
can be different for each enctype. Face the fact that the
current code only supports DES which has a checksum length of 8.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h |2 --
net/sunrpc/auth_gss/gss_krb5_seal.c |3 +--
net/sunrpc/auth_gss/gss_krb5_wrap.c |4 +---
3 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 8c38aba..47d2110 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -72,8 +72,6 @@ enum seal_alg {
extern struct xdr_netobj krb5_oid;
-#define KRB5_CKSUM_LENGTH 8
-
#define CKSUMTYPE_CRC320x0001
#define CKSUMTYPE_RSA_MD4 0x0002
#define CKSUMTYPE_RSA_MD4_DES 0x0003
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c
b/net/sunrpc/auth_gss/gss_krb5_seal.c
index b2fa785..e7b2a52 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -109,8 +109,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct
xdr_buf *text,
md5cksum.data, md5cksum.len))
return GSS_S_FAILURE;
- memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
- KRB5_CKSUM_LENGTH);
+ memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8);
spin_lock(krb5_seq_lock);
seq_send = ctx-seq_send++;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c
b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 384f470..9763bf1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -160,9 +160,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
if (krb5_encrypt(kctx-seq, NULL, md5cksum.data,
md5cksum.data, md5cksum.len))
return GSS_S_FAILURE;
- memcpy(krb5_hdr + 16,
- md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
- KRB5_CKSUM_LENGTH);
+ memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8);
spin_lock(krb5_seq_lock);
seq_send = kctx-seq_send++;
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 09/19] gss_krb5: split up functions in preparation of adding new enctypes
Add encryption type to the krb5 context structure and use it to switch
to the correct functions depending on the encryption type.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h |1 +
net/sunrpc/auth_gss/gss_krb5_mech.c |1 +
net/sunrpc/auth_gss/gss_krb5_seal.c | 21 ++--
net/sunrpc/auth_gss/gss_krb5_unseal.c | 22 ++---
net/sunrpc/auth_gss/gss_krb5_wrap.c | 44 +
5 files changed, 77 insertions(+), 12 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 47d2110..dfe382a 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -42,6 +42,7 @@
struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */
+ u32 enctype;
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
s32 endtime;
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c
b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 3c070d0..477cf07 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -137,6 +137,7 @@ gss_import_sec_context_kerberos(const void *p,
p = simple_get_bytes(p, end, ctx-initiate, sizeof(ctx-initiate));
if (IS_ERR(p))
goto out_err_free_ctx;
+ ctx-enctype = ENCTYPE_DES_CBC_RAW;
/* The downcall format was designed before we completely understood
* the uses of the context fields; so it includes some stuff we
* just give some minimal sanity-checking, and some we ignore
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c
b/net/sunrpc/auth_gss/gss_krb5_seal.c
index e7b2a52..3b9cc47 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -71,11 +71,10 @@
DEFINE_SPINLOCK(krb5_seq_lock);
-u32
-gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+static u32
+gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
struct xdr_netobj *token)
{
- struct krb5_ctx *ctx = gss_ctx-internal_ctx_id;
charcksumdata[16];
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
unsigned char *ptr, *krb5_hdr, *msg_start;
@@ -121,3 +120,19 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct
xdr_buf *text,
return (ctx-endtime now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
}
+
+u32
+gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+struct xdr_netobj *token)
+{
+ struct krb5_ctx *ctx = gss_ctx-internal_ctx_id;
+
+ switch (ctx-enctype) {
+ case ENCTYPE_DES_CBC_RAW:
+ return gss_get_mic_v1(ctx, text, token);
+ default:
+ BUG();
+ }
+ return 0;
+}
+
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c
b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index e30a993..211eca4 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -71,11 +71,10 @@
/* read_token is a mic token, and message_buffer is the data that the mic was
* supposedly taken over. */
-u32
-gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+static u32
+gss_verify_mic_v1(struct krb5_ctx *ctx,
struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
{
- struct krb5_ctx *ctx = gss_ctx-internal_ctx_id;
int signalg;
int sealalg;
charcksumdata[16];
@@ -136,3 +135,20 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
return GSS_S_COMPLETE;
}
+
+u32
+gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+ struct xdr_buf *message_buffer,
+ struct xdr_netobj *read_token)
+{
+ struct krb5_ctx *ctx = gss_ctx-internal_ctx_id;
+
+ switch (ctx-enctype) {
+ case ENCTYPE_DES_CBC_RAW:
+ return gss_verify_mic_v1(ctx, message_buffer, read_token);
+ default:
+ BUG();
+ }
+ return 0;
+}
+
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c
b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 9763bf1..9f13411 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -98,11 +98,10 @@ make_confounder(char *p, int blocksize)
/* XXX factor out common code with seal/unseal. */
-u32
-gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
+static u32
+gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
struct xdr_buf *buf, struct page **pages)
{
- struct krb5_ctx *kctx = ctx-internal_ctx_id;
charcksumdata[16];
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
int blocksize = 0, plainlen;
@@ -179,10 +178,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int
[PATCH 11/19] gss_krb5: introduce encryption type framework
Add enctype framework and change functions to use the generic
values from it rather than the values hard-coded for des.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 29 +++
net/sunrpc/auth_gss/gss_krb5_crypto.c | 16 +++---
net/sunrpc/auth_gss/gss_krb5_mech.c | 88 +++--
net/sunrpc/auth_gss/gss_krb5_seal.c | 48 +++---
net/sunrpc/auth_gss/gss_krb5_unseal.c | 12 +++--
net/sunrpc/auth_gss/gss_krb5_wrap.c | 49 +++---
6 files changed, 175 insertions(+), 67 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index dfe382a..d10d8ce 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -36,13 +36,42 @@
*
*/
+#include linux/crypto.h
#include linux/sunrpc/auth_gss.h
#include linux/sunrpc/gss_err.h
#include linux/sunrpc/gss_asn1.h
+/* Maximum checksum function output for the supported crypto algorithms */
+#define GSS_KRB5_MAX_CKSUM_LEN 20
+
+/* Maximum blocksize for the supported crypto algorithms */
+#define GSS_KRB5_MAX_BLOCKSIZE 16
+
+struct gss_krb5_enctype {
+ const u32 etype; /* encryption (key) type */
+ const u32 ctype; /* checksum type */
+ const char *name; /* friendly name */
+ const char *encrypt_name; /* crypto encrypt name */
+ const char *cksum_name;/* crypto checksum name */
+ const u16 signalg;/* signing algorithm */
+ const u16 sealalg;/* sealing algorithm */
+ const u32 blocksize; /* encryption blocksize */
+ const u32 cksumlength;/* checksum length */
+ const u32 keyed_cksum;/* is it a keyed cksum? */
+ const u32 keybytes; /* raw key len, in bytes */
+ const u32 keylength; /* final key len, in bytes */
+ u32 (*encrypt) (struct crypto_blkcipher *tfm,
+ void *iv, void *in, void *out,
+ int length);/* encryption function */
+ u32 (*decrypt) (struct crypto_blkcipher *tfm,
+ void *iv, void *in, void *out,
+ int length);/* decryption function */
+};
+
struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */
u32 enctype;
+ struct gss_krb5_enctype *gk5e; /* enctype-specific info */
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
s32 endtime;
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 1d52308..39643a7 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -59,13 +59,13 @@ krb5_encrypt(
{
u32 ret = -EINVAL;
struct scatterlist sg[1];
- u8 local_iv[16] = {0};
+ u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0};
struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv };
if (length % crypto_blkcipher_blocksize(tfm) != 0)
goto out;
- if (crypto_blkcipher_ivsize(tfm) 16) {
+ if (crypto_blkcipher_ivsize(tfm) GSS_KRB5_MAX_BLOCKSIZE) {
dprintk(RPC: gss_k5encrypt: tfm iv size too large %d\n,
crypto_blkcipher_ivsize(tfm));
goto out;
@@ -95,13 +95,13 @@ krb5_decrypt(
{
u32 ret = -EINVAL;
struct scatterlist sg[1];
- u8 local_iv[16] = {0};
+ u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0};
struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv };
if (length % crypto_blkcipher_blocksize(tfm) != 0)
goto out;
- if (crypto_blkcipher_ivsize(tfm) 16) {
+ if (crypto_blkcipher_ivsize(tfm) GSS_KRB5_MAX_BLOCKSIZE) {
dprintk(RPC: gss_k5decrypt: tfm iv size too large %d\n,
crypto_blkcipher_ivsize(tfm));
goto out;
@@ -164,7 +164,7 @@ out:
EXPORT_SYMBOL(make_checksum);
struct encryptor_desc {
- u8 iv[8]; /* XXX hard-coded blocksize */
+ u8 iv[GSS_KRB5_MAX_BLOCKSIZE];
struct blkcipher_desc desc;
int pos;
struct xdr_buf *outbuf;
@@ -205,7 +205,7 @@ encryptor(struct scatterlist *sg, void *data)
desc-fraglen += sg-length;
desc-pos += sg-length;
- fraglen = thislen 7; /* XXX hardcoded blocksize */
+ fraglen = thislen (crypto_blkcipher_blocksize(desc-desc.tfm) - 1);
thislen -= fraglen;
if (thislen == 0)
@@ -265,7 +265,7 @@ gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct
xdr_buf *buf,
EXPORT_SYMBOL(gss_encrypt_xdr_buf);
struct decryptor_desc {
- u8 iv[8]; /* XXX hard-coded blocksize
[PATCH 12/19] gss_krb5: add ability to have a keyed checksum (hmac)
Encryption types besides DES may use a keyed checksum (hmac).
Modify the make_checksum() function to allow for a key
and take care of enctype-specific processing such as truncating
the resulting hash.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 11 +--
net/sunrpc/auth_gss/gss_krb5_crypto.c | 54 -
net/sunrpc/auth_gss/gss_krb5_mech.c |1 +
net/sunrpc/auth_gss/gss_krb5_seal.c | 13
net/sunrpc/auth_gss/gss_krb5_unseal.c | 13 +---
net/sunrpc/auth_gss/gss_krb5_wrap.c | 29 ++
6 files changed, 87 insertions(+), 34 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index d10d8ce..c33a657 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -41,6 +41,9 @@
#include linux/sunrpc/gss_err.h
#include linux/sunrpc/gss_asn1.h
+/* Maximum key length (in bytes) for the supported crypto algorithms*/
+#define GSS_KRB5_MAX_KEYLEN 32
+
/* Maximum checksum function output for the supported crypto algorithms */
#define GSS_KRB5_MAX_CKSUM_LEN 20
@@ -74,6 +77,7 @@ struct krb5_ctx {
struct gss_krb5_enctype *gk5e; /* enctype-specific info */
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
+ u8 cksum[GSS_KRB5_MAX_KEYLEN];
s32 endtime;
u32 seq_send;
struct xdr_netobj mech_used;
@@ -142,9 +146,10 @@ extern struct xdr_netobj krb5_oid;
#define ENCTYPE_DES3_CBC_SHA1 0x0010
#define ENCTYPE_UNKNOWN 0x01ff
-s32
-make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body,
- int body_offset, struct xdr_netobj *cksum);
+u32
+make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
+ struct xdr_buf *body, int body_offset, u8 *cksumkey,
+ struct xdr_netobj *cksumout);
u32 gss_get_mic_kerberos(struct gss_ctx *, struct xdr_buf *,
struct xdr_netobj *);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 39643a7..8b12f34 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -128,21 +128,42 @@ checksummer(struct scatterlist *sg, void *data)
return crypto_hash_update(desc, sg, sg-length);
}
-/* checksum the plaintext data and hdrlen bytes of the token header */
-s32
-make_checksum(char *cksumname, char *header, int hdrlen, struct xdr_buf *body,
- int body_offset, struct xdr_netobj *cksum)
+/*
+ * checksum the plaintext data and hdrlen bytes of the token header
+ * The checksum is performed over the first 8 bytes of the
+ * gss token header and then over the data body
+ */
+u32
+make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
+ struct xdr_buf *body, int body_offset, u8 *cksumkey,
+ struct xdr_netobj *cksumout)
{
- struct hash_descdesc; /* XXX add to ctx? */
+ struct hash_descdesc;
struct scatterlist sg[1];
int err;
+ u8 checksumdata[GSS_KRB5_MAX_CKSUM_LEN];
+ unsigned int checksumlen;
+
+ if (cksumout-len kctx-gk5e-cksumlength) {
+ dprintk(%s: checksum buffer length, %u, too small for %s\n,
+ __func__, cksumout-len, kctx-gk5e-name);
+ return GSS_S_FAILURE;
+ }
- desc.tfm = crypto_alloc_hash(cksumname, 0, CRYPTO_ALG_ASYNC);
+ desc.tfm = crypto_alloc_hash(kctx-gk5e-cksum_name, 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(desc.tfm))
return GSS_S_FAILURE;
- cksum-len = crypto_hash_digestsize(desc.tfm);
desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ checksumlen = crypto_hash_digestsize(desc.tfm);
+
+ if (cksumkey != NULL) {
+ err = crypto_hash_setkey(desc.tfm, cksumkey,
+kctx-gk5e-keylength);
+ if (err)
+ goto out;
+ }
+
err = crypto_hash_init(desc);
if (err)
goto out;
@@ -154,8 +175,25 @@ make_checksum(char *cksumname, char *header, int hdrlen,
struct xdr_buf *body,
checksummer, desc);
if (err)
goto out;
- err = crypto_hash_final(desc, cksum-data);
+ err = crypto_hash_final(desc, checksumdata);
+ if (err)
+ goto out;
+ switch (kctx-gk5e-ctype) {
+ case CKSUMTYPE_RSA_MD5:
+ err = kctx-gk5e-encrypt(kctx-seq, NULL, checksumdata,
+ checksumdata, checksumlen);
+ if (err)
+ goto out;
+ memcpy(cksumout-data,
+ checksumdata + checksumlen - kctx-gk5e-cksumlength,
+ kctx-gk5e-cksumlength
[PATCH 13/19] gss_krb5: import functionality to derive keys into the kernel
Import the code to derive Kerberos keys from a base key into the
kernel. This will allow us to change the format of the context
information sent down from gssd to include only a single key.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 30
net/sunrpc/auth_gss/Makefile|4 -
net/sunrpc/auth_gss/gss_krb5_keys.c | 255 +++
net/sunrpc/auth_gss/gss_krb5_mech.c |1
4 files changed, 288 insertions(+), 2 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index c33a657..d326911 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -41,6 +41,9 @@
#include linux/sunrpc/gss_err.h
#include linux/sunrpc/gss_asn1.h
+/* Length of constant used in key derivation */
+#define GSS_KRB5_K5CLENGTH 5
+
/* Maximum key length (in bytes) for the supported crypto algorithms*/
#define GSS_KRB5_MAX_KEYLEN 32
@@ -69,6 +72,9 @@ struct gss_krb5_enctype {
u32 (*decrypt) (struct crypto_blkcipher *tfm,
void *iv, void *in, void *out,
int length);/* decryption function */
+ u32 (*mk_key) (struct gss_krb5_enctype *gk5e,
+ struct xdr_netobj *in,
+ struct xdr_netobj *out); /* complete key generation */
};
struct krb5_ctx {
@@ -146,6 +152,25 @@ extern struct xdr_netobj krb5_oid;
#define ENCTYPE_DES3_CBC_SHA1 0x0010
#define ENCTYPE_UNKNOWN 0x01ff
+/*
+ * Constants used for key derivation
+ */
+/* for 3DES */
+#define KG_USAGE_SEAL 22
+#define KG_USAGE_SIGN 23
+#define KG_USAGE_SEQ 24
+
+/* from rfc3961 */
+#define KEY_USAGE_SEED_CHECKSUM 0x99
+#define KEY_USAGE_SEED_ENCRYPTION 0xAA
+#define KEY_USAGE_SEED_INTEGRITY0x55
+
+/* from rfc4121 */
+#define KG_USAGE_ACCEPTOR_SEAL 22
+#define KG_USAGE_ACCEPTOR_SIGN 23
+#define KG_USAGE_INITIATOR_SEAL 24
+#define KG_USAGE_INITIATOR_SIGN 25
+
u32
make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
struct xdr_buf *body, int body_offset, u8 *cksumkey,
@@ -191,3 +216,8 @@ s32
krb5_get_seq_num(struct crypto_blkcipher *key,
unsigned char *cksum,
unsigned char *buf, int *direction, s32 * seqnum);
+
+u32 krb5_derive_key(struct gss_krb5_enctype *gk5e,
+ const struct xdr_netobj *inkey,
+ struct xdr_netobj *outkey,
+ const struct xdr_netobj *in_constant);
diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile
index f3431a7..e8981e9 100644
--- a/net/sunrpc/auth_gss/Makefile
+++ b/net/sunrpc/auth_gss/Makefile
@@ -5,12 +5,12 @@
obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o
auth_rpcgss-objs := auth_gss.o gss_generic_token.o \
- gss_mech_switch.o svcauth_gss.o gss_krb5_crypto.o
+ gss_mech_switch.o svcauth_gss.o gss_debug.o
obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o
rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
- gss_krb5_seqnum.o gss_krb5_wrap.o
+ gss_krb5_seqnum.o gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o
obj-$(CONFIG_RPCSEC_GSS_SPKM3) += rpcsec_gss_spkm3.o
diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c
b/net/sunrpc/auth_gss/gss_krb5_keys.c
new file mode 100644
index 000..97ec67d
--- /dev/null
+++ b/net/sunrpc/auth_gss/gss_krb5_keys.c
@@ -0,0 +1,255 @@
+/*
+ * linux/net/sunrpc/gss_krb5_keys.c
+ *
+ * COPYRIGHT (c) 2008
+ * The Regents of the University of Michigan
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization. If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States
[PATCH 15/19] gss_krb5: handle new context format from gssd
For encryption types other than DES, gssd sends down context information
in a new format. This new format includes the information needed to
support the new Kerberos GSS-API tokens defined in rfc4121.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 19 +++
net/sunrpc/auth_gss/gss_krb5_mech.c | 236 +++
2 files changed, 254 insertions(+), 1 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index d326911..e828e98 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -77,16 +77,31 @@ struct gss_krb5_enctype {
struct xdr_netobj *out); /* complete key generation */
};
+/* krb5_ctx flags definitions */
+#define KRB5_CTX_FLAG_INITIATOR 0x0001
+#define KRB5_CTX_FLAG_CFX 0x0002
+#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x0004
+
struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */
u32 enctype;
+ u32 flags;
struct gss_krb5_enctype *gk5e; /* enctype-specific info */
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
+ struct crypto_blkcipher *acceptor_enc;
+ struct crypto_blkcipher *initiator_enc;
u8 cksum[GSS_KRB5_MAX_KEYLEN];
s32 endtime;
u32 seq_send;
+ u64 seq_send64;
struct xdr_netobj mech_used;
+ u8 initiator_sign[GSS_KRB5_MAX_KEYLEN];
+ u8 acceptor_sign[GSS_KRB5_MAX_KEYLEN];
+ u8 initiator_seal[GSS_KRB5_MAX_KEYLEN];
+ u8 acceptor_seal[GSS_KRB5_MAX_KEYLEN];
+ u8 initiator_integ[GSS_KRB5_MAX_KEYLEN];
+ u8 acceptor_integ[GSS_KRB5_MAX_KEYLEN];
};
extern spinlock_t krb5_seq_lock;
@@ -150,6 +165,10 @@ extern struct xdr_netobj krb5_oid;
#define ENCTYPE_DES3_CBC_RAW0x0006 /* DES-3 cbc mode raw */
#define ENCTYPE_DES_HMAC_SHA1 0x0008
#define ENCTYPE_DES3_CBC_SHA1 0x0010
+#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
+#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
+#define ENCTYPE_ARCFOUR_HMAC0x0017
+#define ENCTYPE_ARCFOUR_HMAC_EXP0x0018
#define ENCTYPE_UNKNOWN 0x01ff
/*
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c
b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 83973c8..fc30538 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -247,6 +247,238 @@ out_err:
return PTR_ERR(p);
}
+struct crypto_blkcipher *
+context_v2_alloc_cipher(struct krb5_ctx *ctx, u8 *key)
+{
+ struct crypto_blkcipher *cp;
+
+ cp = crypto_alloc_blkcipher(ctx-gk5e-encrypt_name,
+ 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(cp)) {
+ printk(gss_kerberos_mech: unable to initialize
+ crypto algorithm %s\n, ctx-gk5e-encrypt_name);
+ return NULL;
+ }
+ if (crypto_blkcipher_setkey(cp, key, ctx-gk5e-keylength)) {
+ printk(gss_kerberos_mech: error setting key for
+ crypto algorithm %s\n, ctx-gk5e-encrypt_name);
+ crypto_free_blkcipher(cp);
+ return NULL;
+ }
+ return cp;
+}
+
+static inline void
+set_cdata(u8 cdata[GSS_KRB5_K5CLENGTH], u32 usage, u8 seed)
+{
+ cdata[0] = (usage24)0xff;
+ cdata[1] = (usage16)0xff;
+ cdata[2] = (usage8)0xff;
+ cdata[3] = usage0xff;
+ cdata[4] = seed;
+}
+
+static int
+context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen)
+{
+ struct xdr_netobj c, keyin, keyout;
+ u8 cdata[GSS_KRB5_K5CLENGTH];
+#if 0
+ u8 derivedkey[GSS_KRB5_MAX_KEYLEN];
+#endif
+ u32 err;
+
+ c.len = GSS_KRB5_K5CLENGTH;
+ c.data = cdata;
+
+ keyin.data = rawkey;
+ keyin.len = keylen;
+ keyout.len = keylen;
+
+ /* seq uses the raw key */
+ ctx-seq = context_v2_alloc_cipher(ctx, rawkey);
+ if (ctx-seq == NULL)
+ goto out_err;
+
+#if 0
+ /* derive enc */
+ set_cdata(cdata, KG_USAGE_SEQ, KEY_USAGE_SEED_ENCRYPTION);
+ keyout.data = derivedkey;
+ err = krb5_derive_key(ctx-gk5e, keyin, keyout, c);
+ if (err) {
+ dprintk(%s: Error %d deriving enc key\n,
+ __func__, err);
+ goto out_free_seq;
+ }
+ ctx-enc = context_v2_alloc_cipher(ctx, derivedkey);
+#else
+ ctx-enc = context_v2_alloc_cipher(ctx, rawkey);
+#endif
+ if (ctx-enc == NULL)
+ goto out_free_seq;
+
+ /* derive cksum */
+ set_cdata(cdata, KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM);
+ keyout.data = ctx-cksum;
+ err
[PATCH 16/19] gss_krb5: add support for triple-des encryption
Add the final pieces to support the triple-des encryption type.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h |4 ++
net/sunrpc/auth_gss/gss_krb5_crypto.c |3 ++
net/sunrpc/auth_gss/gss_krb5_keys.c | 53 +
net/sunrpc/auth_gss/gss_krb5_mech.c | 23 ++
net/sunrpc/auth_gss/gss_krb5_seal.c |1 +
net/sunrpc/auth_gss/gss_krb5_unseal.c |1 +
net/sunrpc/auth_gss/gss_krb5_wrap.c |2 +
net/sunrpc/rpc_pipe.c |2 +
8 files changed, 88 insertions(+), 1 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index e828e98..bf58284 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -240,3 +240,7 @@ u32 krb5_derive_key(struct gss_krb5_enctype *gk5e,
const struct xdr_netobj *inkey,
struct xdr_netobj *outkey,
const struct xdr_netobj *in_constant);
+
+u32 gss_krb5_des3_make_key(struct gss_krb5_enctype *gk5e,
+ struct xdr_netobj *randombits,
+ struct xdr_netobj *key);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 8b12f34..4f963c2 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -189,6 +189,9 @@ make_checksum(struct krb5_ctx *kctx, char *header, int
hdrlen,
checksumdata + checksumlen - kctx-gk5e-cksumlength,
kctx-gk5e-cksumlength);
break;
+ case CKSUMTYPE_HMAC_SHA1_DES3:
+ memcpy(cksumout-data, checksumdata, kctx-gk5e-cksumlength);
+ break;
default:
BUG();
break;
diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c
b/net/sunrpc/auth_gss/gss_krb5_keys.c
index 97ec67d..a722fba 100644
--- a/net/sunrpc/auth_gss/gss_krb5_keys.c
+++ b/net/sunrpc/auth_gss/gss_krb5_keys.c
@@ -253,3 +253,56 @@ err_return:
return ret;
}
EXPORT_SYMBOL(krb5_derive_key);
+
+#define smask(step) ((1step)-1)
+#define pstep(x, step) (((x)smask(step))^(((x)step)smask(step)))
+#define parity_char(x) pstep(pstep(pstep((x), 4), 2), 1)
+
+static void mit_des_fixup_key_parity(u8 key[8])
+{
+ int i;
+ for (i = 0; i 8; i++) {
+ key[i] = 0xfe;
+ key[i] |= 1^parity_char(key[i]);
+ }
+}
+
+/*
+ * This is the des3 key derivation postprocess function
+ */
+u32 gss_krb5_des3_make_key(struct gss_krb5_enctype *gk5e,
+ struct xdr_netobj *randombits,
+ struct xdr_netobj *key)
+{
+ int i;
+ u32 ret = EINVAL;
+
+ if (key-len != 24) {
+ dprintk(%s: key-len is %d\n, __func__, key-len);
+ goto err_out;
+ }
+ if (randombits-len != 21) {
+ dprintk(%s: randombits-len is %d\n,
+ __func__, randombits-len);
+ goto err_out;
+ }
+
+ /* take the seven bytes, move them around into the top 7 bits of the
+ 8 key bytes, then compute the parity bits. Do this three times. */
+
+ for (i = 0; i 3; i++) {
+ memcpy(key-data + i*8, randombits-data + i*7, 7);
+ key-data[i*8+7] = (((key-data[i*8]1)1) |
+ ((key-data[i*8+1]1)2) |
+ ((key-data[i*8+2]1)3) |
+ ((key-data[i*8+3]1)4) |
+ ((key-data[i*8+4]1)5) |
+ ((key-data[i*8+5]1)6) |
+ ((key-data[i*8+6]1)7));
+
+ mit_des_fixup_key_parity(key-data + i*8);
+ }
+ ret = 0;
+err_out:
+ return(ret);
+}
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c
b/net/sunrpc/auth_gss/gss_krb5_mech.c
index fc30538..2edf28e 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -69,6 +69,26 @@ static struct gss_krb5_enctype supported_gss_krb5_enctypes[]
= {
.cksumlength = 8,
.keyed_cksum = 0,
},
+ /*
+* 3DES
+*/
+ {
+ .etype = ENCTYPE_DES3_CBC_RAW,
+ .ctype = CKSUMTYPE_HMAC_SHA1_DES3,
+ .name = des3-hmac-sha1,
+ .encrypt_name = cbc(des3_ede),
+ .cksum_name = hmac(sha1),
+ .encrypt = krb5_encrypt,
+ .decrypt = krb5_decrypt,
+ .mk_key = gss_krb5_des3_make_key,
+ .signalg = SGN_ALG_HMAC_SHA1_DES3_KD,
+ .sealalg = SEAL_ALG_DES3KD,
+ .keybytes = 21,
+ .keylength = 24,
+ .blocksize = 8,
+ .cksumlength = 20,
+ .keyed_cksum = 1,
+ },
};
static int num_supported_enctypes =
@@ -447,6 +467,9 @@ gss_import_v2_context(const void *p, const void *end,
struct krb5_ctx *ctx)
p = simple_get_bytes(p, end, ctx-enctype
[PATCH 17/19] xdr: add a new utility function to shift the head data of an xdr buffer
Add a new xdr helper function that shifts the data in an xdr
buffer's head to make room for new data.
Also add an export for the helper function write_bytes_to_xdr_buf().
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/xdr.h |2 ++
net/sunrpc/xdr.c | 29 +
2 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index e4057d7..518d47c 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -164,6 +164,8 @@ extern int xdr_buf_subsegment(struct xdr_buf *, struct
xdr_buf *, unsigned int,
extern int xdr_buf_read_netobj(struct xdr_buf *, struct xdr_netobj *, unsigned
int);
extern int read_bytes_from_xdr_buf(struct xdr_buf *, unsigned int, void *,
unsigned int);
extern int write_bytes_to_xdr_buf(struct xdr_buf *, unsigned int, void *,
unsigned int);
+extern int xdr_shift_head_data(struct xdr_buf *, int, unsigned int);
+
/*
* Helper structure for copying from an sk_buff.
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 995c3fd..de2c986 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -428,6 +428,34 @@ xdr_shift_buf(struct xdr_buf *buf, size_t len)
EXPORT_SYMBOL(xdr_shift_buf);
/**
+ * xdr_xdr_shift_head_data - Make room for new data within buf-head
+ * @buf: pointer to XDR buffer
+ * @offset: offset within the head to start moving data
+ * @shiftlen: number of bytes to shift the data
+ */
+int
+xdr_shift_head_data(struct xdr_buf *buf, int offset, unsigned int shiftlen)
+{
+ u8 *p;
+
+ if (shiftlen == 0)
+ return 0;
+ /* make sure there is room (assuming head has a page) */
+ if (buf-head[0].iov_len + shiftlen + offset PAGE_CACHE_SIZE)
+ return 1;
+
+ p = buf-head[0].iov_base + offset;
+
+ memmove(p + shiftlen, p, buf-head[0].iov_len - offset);
+
+ buf-head[0].iov_len += shiftlen;
+ buf-len += shiftlen;
+
+ return 0;
+}
+EXPORT_SYMBOL(xdr_shift_head_data);
+
+/**
* xdr_init_encode - Initialize a struct xdr_stream for sending data.
* @xdr: pointer to xdr_stream struct
* @buf: pointer to XDR buffer in which to encode data
@@ -758,6 +786,7 @@ int write_bytes_to_xdr_buf(struct xdr_buf *buf, unsigned
int base, void *obj, un
__write_bytes_to_xdr_buf(subbuf, obj, len);
return 0;
}
+EXPORT_SYMBOL(write_bytes_to_xdr_buf);
int
xdr_decode_word(struct xdr_buf *buf, unsigned int base, u32 *obj)
-
To unsubscribe from this list: send the line unsubscribe linux-nfs in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 18/19] gss_krb5: add support for new token formats in rfc4121
This is a step toward support for AES encryption types which are required
to use the new token formats defined in rfc4121.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 28
net/sunrpc/auth_gss/gss_krb5_crypto.c | 71 +
net/sunrpc/auth_gss/gss_krb5_seal.c | 69 +
net/sunrpc/auth_gss/gss_krb5_unseal.c | 60
net/sunrpc/auth_gss/gss_krb5_wrap.c | 248 +
5 files changed, 476 insertions(+), 0 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index bf58284..95b375b 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -53,6 +53,8 @@
/* Maximum blocksize for the supported crypto algorithms */
#define GSS_KRB5_MAX_BLOCKSIZE 16
+struct krb5_ctx;
+
struct gss_krb5_enctype {
const u32 etype; /* encryption (key) type */
const u32 ctype; /* checksum type */
@@ -75,6 +77,12 @@ struct gss_krb5_enctype {
u32 (*mk_key) (struct gss_krb5_enctype *gk5e,
struct xdr_netobj *in,
struct xdr_netobj *out); /* complete key generation */
+ u32 (*encrypt_v2) (struct krb5_ctx *kctx, u32 offset,
+ struct xdr_buf *buf, int ec,
+ struct page **pages); /* v2 encryption function */
+ u32 (*decrypt_v2) (struct krb5_ctx *kctx, u32 offset,
+ struct xdr_buf *buf, u32 *headskip,
+ u32 *tailskip); /* v2 decryption function */
};
/* krb5_ctx flags definitions */
@@ -109,6 +117,18 @@ extern spinlock_t krb5_seq_lock;
#define KG_TOK_MIC_MSG0x0101
#define KG_TOK_WRAP_MSG 0x0201
+#define KG2_TOK_INITIAL 0x0101
+#define KG2_TOK_RESPONSE0x0202
+#define KG2_TOK_MIC 0x0404
+#define KG2_TOK_WRAP0x0504
+
+#define KG2_TOKEN_FLAG_SENTBYACCEPTOR 0x01
+#define KG2_TOKEN_FLAG_SEALED 0x02
+#define KG2_TOKEN_FLAG_ACCEPTORSUBKEY 0x04
+
+#define KG2_RESP_FLAG_ERROR 0x0001
+#define KG2_RESP_FLAG_DELEG_OK 0x0002
+
enum sgn_alg {
SGN_ALG_DES_MAC_MD5 = 0x,
SGN_ALG_MD2_5 = 0x0001,
@@ -135,6 +155,9 @@ extern struct xdr_netobj krb5_oid;
#define CKSUMTYPE_RSA_MD5_DES 0x0008
#define CKSUMTYPE_NIST_SHA 0x0009
#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
+#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
+#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */
/* from gssapi_err_krb5.h */
#define KG_CCACHE_NOMATCH(39756032L)
@@ -195,6 +218,11 @@ make_checksum(struct krb5_ctx *kctx, char *header, int
hdrlen,
struct xdr_buf *body, int body_offset, u8 *cksumkey,
struct xdr_netobj *cksumout);
+extern u32
+make_checksum_v2(struct krb5_ctx *, char *header, int hdrlen,
+struct xdr_buf *body, int body_offset, u8 *key,
+struct xdr_netobj *cksum);
+
u32 gss_get_mic_kerberos(struct gss_ctx *, struct xdr_buf *,
struct xdr_netobj *);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 4f963c2..0c52194 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -204,6 +204,77 @@ out:
EXPORT_SYMBOL(make_checksum);
+/*
+ * checksum the plaintext data and hdrlen bytes of the token header
+ * Per rfc4121, sec. 4.2.4, the checksum is performed over the data
+ * body then over the first 16 octets of the MIC token
+ */
+u32
+make_checksum_v2(struct krb5_ctx *kctx, char *header, int hdrlen,
+struct xdr_buf *body, int body_offset, u8 *cksumkey,
+struct xdr_netobj *cksumout)
+{
+ struct hash_desc desc;
+ struct scatterlist sg[1];
+ int err;
+ u8 checksumdata[GSS_KRB5_MAX_CKSUM_LEN];
+ unsigned int checksumlen;
+
+ if (kctx-gk5e-keyed_cksum == 0) {
+ dprintk(%s: expected keyed hash for %s\n,
+ __func__, kctx-gk5e-name);
+ return GSS_S_FAILURE;
+ }
+ if (cksumkey == NULL) {
+ dprintk(%s: no key supplied for %s\n,
+ __func__, kctx-gk5e-name);
+ return GSS_S_FAILURE;
+ }
+
+ desc.tfm = crypto_alloc_hash(kctx-gk5e-cksum_name, 0,
+ CRYPTO_ALG_ASYNC);
+ if (IS_ERR(desc.tfm))
+ return GSS_S_FAILURE;
+ checksumlen = crypto_hash_digestsize(desc.tfm);
+ desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+ err = crypto_hash_setkey(desc.tfm, cksumkey, kctx-gk5e-keylength);
+ if (err)
+ goto out;
+
+ err = crypto_hash_init(desc);
+ if (err)
+ goto out;
+ err = xdr_process_buf(body
[PATCH 19/19] gss_krb5: add remaining pieces to enable AES encryption support
Add the remaining pieces to enable support for Kerberos AES
encryption types.
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
---
include/linux/sunrpc/gss_krb5.h | 12 +
net/sunrpc/auth_gss/gss_krb5_crypto.c | 307 +
net/sunrpc/auth_gss/gss_krb5_keys.c | 30 +++
net/sunrpc/auth_gss/gss_krb5_mech.c | 44 +
net/sunrpc/rpc_pipe.c |2
5 files changed, 394 insertions(+), 1 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 95b375b..2d60018 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -272,3 +272,15 @@ u32 krb5_derive_key(struct gss_krb5_enctype *gk5e,
u32 gss_krb5_des3_make_key(struct gss_krb5_enctype *gk5e,
struct xdr_netobj *randombits,
struct xdr_netobj *key);
+
+u32 gss_krb5_aes_make_key(struct gss_krb5_enctype *gk5e,
+ struct xdr_netobj *randombits,
+ struct xdr_netobj *key);
+
+u32 gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
+struct xdr_buf *buf, int ec,
+struct page **pages);
+
+u32 gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset,
+struct xdr_buf *buf, u32 *plainoffset,
+u32 *plainlen);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 0c52194..92c2eff 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -42,6 +42,7 @@
#include linux/crypto.h
#include linux/highmem.h
#include linux/pagemap.h
+#include linux/random.h
#include linux/sunrpc/gss_krb5.h
#include linux/sunrpc/xdr.h
@@ -448,3 +449,309 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct
xdr_buf *buf,
}
EXPORT_SYMBOL(gss_decrypt_xdr_buf);
+
+static s32
+gss_cksum_xdr_buf(struct krb5_ctx *kctx, struct xdr_buf *body, int body_offset,
+ const u8 *key, unsigned int keylen, struct xdr_netobj *out)
+{
+ struct hash_desc desc;
+ int err;
+
+ desc.tfm = crypto_alloc_hash(kctx-gk5e-cksum_name, 0,
+ CRYPTO_ALG_ASYNC);
+ if (IS_ERR(desc.tfm))
+ return GSS_S_FAILURE;
+ if (out-data == NULL)
+ return GSS_S_FAILURE;
+ if (out-len crypto_hash_digestsize(desc.tfm))
+ return GSS_S_FAILURE;
+ out-len = crypto_hash_digestsize(desc.tfm);
+ desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+ if (key != NULL keylen != 0) {
+ err = crypto_hash_setkey(desc.tfm, key, keylen);
+ if (err)
+ goto out;
+ }
+
+ err = crypto_hash_init(desc);
+ if (err)
+ goto out;
+ err = xdr_process_buf(body, body_offset, body-len - body_offset,
+ checksummer, desc);
+ if (err)
+ goto out;
+ err = crypto_hash_final(desc, out-data);
+
+out:
+ crypto_free_hash(desc.tfm);
+ return err ? GSS_S_FAILURE : 0;
+}
+
+static u32
+gss_krb5_cts_crypt(struct crypto_blkcipher *cipher, struct xdr_buf *buf,
+ u32 offset, u8 *iv, struct page **pages, int encrypt)
+{
+ u32 ret;
+ struct scatterlist sg[1];
+ struct blkcipher_desc desc = { .tfm = cipher, .info = iv };
+ u8 data[crypto_blkcipher_blocksize(cipher) * 2];
+ struct page **save_pages;
+ u32 len = buf-len - offset;
+
+ BUG_ON(len crypto_blkcipher_blocksize(cipher) * 2);
+
+ /*
+* For encryption, we want to read from the cleartext
+* page cache pages, and write the encrypted data to
+* the supplied xdr_buf pages.
+*/
+ save_pages = buf-pages;
+ if (encrypt)
+ buf-pages = pages;
+
+ ret = read_bytes_from_xdr_buf(buf, offset, data, len);
+ buf-pages = save_pages;
+ if (ret)
+ goto out;
+
+ sg_init_one(sg, data, len);
+
+ if (encrypt)
+ ret = crypto_blkcipher_encrypt_iv(desc, sg, sg, len);
+ else
+ ret = crypto_blkcipher_decrypt_iv(desc, sg, sg, len);
+
+ if (ret)
+ goto out;
+
+ ret = write_bytes_to_xdr_buf(buf, offset, data, len);
+
+out:
+ return ret;
+}
+
+u32
+gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
+struct xdr_buf *buf, int ec, struct page **pages)
+{
+ u32 err;
+ struct xdr_netobj hmac;
+ u8 *cksumkey, *enckey;
+ u8 *ecptr;
+ struct crypto_blkcipher *cipher, *cbc = NULL;
+ int blocksize;
+ struct page **save_pages;
+ int nblocks, nbytes;
+ struct encryptor_desc desc;
+ u32 cbcbytes;
+
+ if (kctx-initiate) {
+ cipher = kctx-initiator_enc;
+ enckey = kctx-initiator_seal;
+ cksumkey = kctx
Re: NFS+krb5: Failed to create krb5 context for user with uid 0
On Feb 5, 2008 8:51 PM, Luke Cyca [EMAIL PROTECTED] wrote: Hello NFS List, I've been trying to set up some linux clients to work with a Mac OS X 10.5 (Leopard) server. So far I've made some good progress, but run into a few problems with Kerberized NFS. I have the ssh server on the linux client fully kerberized with ticket forwarding. I also have the users' home directories mounting from the mac server with autofs with sec=krb5. Users can log in, see their files, and everything seems to work great. The problem is that in syslog I get these errors repeatedly... Feb 5 17:31:39 myclient.domain.com rpc.gssd[8137]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server myserver.domain.com Feb 5 17:31:39 myclient.domain.com rpc.gssd[8137]: Failed to write error downcall! It seems that whenever root wants to look at the mounted filesystem (when running df, for example), it doesn't have permission. Now I know that it's supposed to use machine credentials, and that it currently only works with des-cbc-crc:normal. I wasn't sure if that applied to the server's nfs principal as well, but I did it just to be safe. Here's what I've got in the keytabs... Client keytab: 3 nfs/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 8 host/[EMAIL PROTECTED] (Triple DES cbc mode with HMAC/sha1) 8 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 8 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) Server keytab: 3 host/[EMAIL PROTECTED] (Triple DES cbc mode with HMAC/sha1) 3 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 3 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 4 nfs/[EMAIL PROTECTED] (DES cbc mode with CRC-32) I also recreated the principals on the KDC, and specified only the one key type (des-cbc-crc:normal). Again, not sure if that was necessary or not. If the Mac server code can support other encryption types like Triple DES and ArcFour, you shouldn't need to limit it to only the des-cbc-crc key. The Linux nfs-utils code on the client should be limiting the negotiated encryption type to des. I would assume if normal users are able to get a context and talk to the server, that root using the keytab should be able to do so as well. I can run rpc.gssd with the -n flag, and the error output changes to this... # rpc.gssd -f -n ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - Unknown code krb5 195 WARNING: Failed to create krb5 context for user with uid 0 for server myserver.domain.com Failed to write error downcall! This looks like a Redhat distro? krb5 195 is KRB5_FCC_NOFILE With the -n flag, you have to manually get credentials for root and put them in /tmp/krb5cc_0 (or similar). If I crank up the verbosity of the output, I get this: # rpc.gssd -f -vvv handling krb5 upcall Full hostname for 'myserver.domain.com' is 'myserver.domain.com' Full hostname for 'myclient.domain.com' is 'myclient.domain.com' Key table entry not found while getting keytab entry for 'root/ [EMAIL PROTECTED]' Success getting keytab entry for 'nfs/[EMAIL PROTECTED]' Successfully obtained machine credentials for principal 'nfs/ [EMAIL PROTECTED]' stored in ccache 'FILE:/tmp/ krb5cc_machine_DOMAIN.COM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_DOMAIN.COM' are good until 1202297948 using FILE:/tmp/krb5cc_machine_DOMAIN.COM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/ krb5cc_machine_DOMAIN.COM creating context using fsuid 0 (save_uid 0) creating tcp client for server myserver.domain.com creating context with server [EMAIL PROTECTED] WARNING: Failed to create krb5 context for user with uid 0 for server myserver.domain.com WARNING: Failed to create krb5 context for user with uid 0 with credentials cache FILE:/tmp/krb5cc_machine_DOMAIN.COM for server myserver.domain.com WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server myserver.domain.com doing error downcall Failed to write error downcall! Can anybody give me any hints or suggestions? Why this is failing, I do not know. What version of Kerberos do you have? A packet trace would be helpful. K.C. - To unsubscribe from this list: send the line unsubscribe linux-nfs in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
