On Sun, 2023-01-15 at 12:20 -0500, Chuck Lever wrote: > The purpose of this series is to improve/harden the security > provided by the Linux kernel's RPCSEC GSS Kerberos 5 mechanism. > There are lots of clean-ups in this series, but the pertinent > feature is the addition of a clean deprecation path for the DES- > and SHA1-based encryption types in accordance with Internet BCPs. > > This series disables DES-based enctypes by default, provides a > mechanism for disabling SHA1-based enctypes, and introduces two > modern enctypes that do not use deprecated crypto algorithms. > > Not only does that improve security for Kerberos 5 users, but it > also prepares SunRPC for eventually switching to a shared common > kernel Kerberos 5 implementation, which surely will not implement > any deprecated encryption types (in particular, DES-based ones). > > Today, MIT supports both of the newly-introduced enctypes, but > Heimdal does not appear to. Thus distributions can enable and > disable kernel enctype support to match the set of enctypes > supported in their user space Kerberos libraries. > > Scott has been kicking the tires -- we've found no regressions with > the current SHA1-based enctypes, while the new ones are disabled by > default until we have an opportunity for interop testing. The KUnit > tests for the new enctypes pass and this implementation successfully > interoperates with itself using these enctypes. Therefore I believe > it to be safe to merge. > > When this series gets merged, the Linux NFS community should select > and announce a date-certain for removal of SunRPC's DES-based > enctype code. > > --- > > Changes since v1: > - Addressed Simo's NAK on "SUNRPC: Improve Kerberos confounder generation" > - Added Cc: linux-kselftest@ for review of the KUnit-related patches > > > Chuck Lever (41): > SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h > SUNRPC: Remove .blocksize field from struct gss_krb5_enctype > SUNRPC: Remove .conflen field from struct gss_krb5_enctype > SUNRPC: Improve Kerberos confounder generation > SUNRPC: Obscure Kerberos session key > SUNRPC: Refactor set-up for aux_cipher > SUNRPC: Obscure Kerberos encryption keys > SUNRPC: Obscure Kerberos signing keys > SUNRPC: Obscure Kerberos integrity keys > SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism > SUNRPC: Remove another switch on ctx->enctype > SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file > NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink > SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro > SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES > SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype > SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods > SUNRPC: Hoist KDF into struct gss_krb5_enctype > SUNRPC: Clean up cipher set up for v1 encryption types > SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() > SUNRPC: Add new subkey length fields > SUNRPC: Refactor CBC with CTS into helpers > SUNRPC: Add gk5e definitions for RFC 8009 encryption types > SUNRPC: Add KDF-HMAC-SHA2 > SUNRPC: Add RFC 8009 encryption and decryption functions > SUNRPC: Advertise support for RFC 8009 encryption types > SUNRPC: Support the Camellia enctypes > SUNRPC: Add KDF_FEEDBACK_CMAC > SUNRPC: Advertise support for the Camellia encryption types > SUNRPC: Move remaining internal definitions to gss_krb5_internal.h > SUNRPC: Add KUnit tests for rpcsec_krb5.ko > SUNRPC: Export get_gss_krb5_enctype() > SUNRPC: Add KUnit tests RFC 3961 Key Derivation > SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption > SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types > SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types > SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types > SUNRPC: Add KDF-HMAC-SHA2 Kunit tests > SUNRPC: Add RFC 8009 checksum KUnit tests > SUNRPC: Add RFC 8009 encryption KUnit tests > SUNRPC: Add encryption self-tests > > > fs/nfsd/nfsctl.c | 74 +- > include/linux/sunrpc/gss_krb5.h | 196 +-- > include/linux/sunrpc/gss_krb5_enctypes.h | 41 - > net/sunrpc/.kunitconfig | 30 + > net/sunrpc/Kconfig | 96 +- > net/sunrpc/auth_gss/Makefile | 2 + > net/sunrpc/auth_gss/auth_gss.c | 17 + > net/sunrpc/auth_gss/gss_krb5_crypto.c | 656 +++++-- > net/sunrpc/auth_gss/gss_krb5_internal.h | 232 +++ > net/sunrpc/auth_gss/gss_krb5_keys.c | 416 ++++- > net/sunrpc/auth_gss/gss_krb5_mech.c | 730 +++++--- > net/sunrpc/auth_gss/gss_krb5_seal.c | 122 +- > net/sunrpc/auth_gss/gss_krb5_seqnum.c | 2 + > net/sunrpc/auth_gss/gss_krb5_test.c | 2040 ++++++++++++++++++++++ > net/sunrpc/auth_gss/gss_krb5_unseal.c | 63 +- > net/sunrpc/auth_gss/gss_krb5_wrap.c | 124 +- > net/sunrpc/auth_gss/svcauth_gss.c | 65 + > 17 files changed, 4001 insertions(+), 905 deletions(-) > delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h > create mode 100644 net/sunrpc/.kunitconfig > create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h > create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c > > -- > Chuck Lever I reviewed the whole patchset (except the Camellia related commits): Reviewed-by: Simo Sorce <simo@xxxxxxxxxx> Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
