> On Jan 18, 2023, at 11:02 AM, Simo Sorce <simo@xxxxxxxxxx> wrote: > > On Sun, 2023-01-15 at 12:20 -0500, Chuck Lever wrote: >> The purpose of this series is to improve/harden the security >> provided by the Linux kernel's RPCSEC GSS Kerberos 5 mechanism. >> There are lots of clean-ups in this series, but the pertinent >> feature is the addition of a clean deprecation path for the DES- >> and SHA1-based encryption types in accordance with Internet BCPs. >> >> This series disables DES-based enctypes by default, provides a >> mechanism for disabling SHA1-based enctypes, and introduces two >> modern enctypes that do not use deprecated crypto algorithms. >> >> Not only does that improve security for Kerberos 5 users, but it >> also prepares SunRPC for eventually switching to a shared common >> kernel Kerberos 5 implementation, which surely will not implement >> any deprecated encryption types (in particular, DES-based ones). >> >> Today, MIT supports both of the newly-introduced enctypes, but >> Heimdal does not appear to. Thus distributions can enable and >> disable kernel enctype support to match the set of enctypes >> supported in their user space Kerberos libraries. >> >> Scott has been kicking the tires -- we've found no regressions with >> the current SHA1-based enctypes, while the new ones are disabled by >> default until we have an opportunity for interop testing. The KUnit >> tests for the new enctypes pass and this implementation successfully >> interoperates with itself using these enctypes. Therefore I believe >> it to be safe to merge. >> >> When this series gets merged, the Linux NFS community should select >> and announce a date-certain for removal of SunRPC's DES-based >> enctype code. >> >> --- >> >> Changes since v1: >> - Addressed Simo's NAK on "SUNRPC: Improve Kerberos confounder generation" >> - Added Cc: linux-kselftest@ for review of the KUnit-related patches >> >> >> Chuck Lever (41): >> SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h >> SUNRPC: Remove .blocksize field from struct gss_krb5_enctype >> SUNRPC: Remove .conflen field from struct gss_krb5_enctype >> SUNRPC: Improve Kerberos confounder generation >> SUNRPC: Obscure Kerberos session key >> SUNRPC: Refactor set-up for aux_cipher >> SUNRPC: Obscure Kerberos encryption keys >> SUNRPC: Obscure Kerberos signing keys >> SUNRPC: Obscure Kerberos integrity keys >> SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism >> SUNRPC: Remove another switch on ctx->enctype >> SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file >> NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink >> SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro >> SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES >> SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype >> SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods >> SUNRPC: Hoist KDF into struct gss_krb5_enctype >> SUNRPC: Clean up cipher set up for v1 encryption types >> SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() >> SUNRPC: Add new subkey length fields >> SUNRPC: Refactor CBC with CTS into helpers >> SUNRPC: Add gk5e definitions for RFC 8009 encryption types >> SUNRPC: Add KDF-HMAC-SHA2 >> SUNRPC: Add RFC 8009 encryption and decryption functions >> SUNRPC: Advertise support for RFC 8009 encryption types >> SUNRPC: Support the Camellia enctypes >> SUNRPC: Add KDF_FEEDBACK_CMAC >> SUNRPC: Advertise support for the Camellia encryption types >> SUNRPC: Move remaining internal definitions to gss_krb5_internal.h >> SUNRPC: Add KUnit tests for rpcsec_krb5.ko >> SUNRPC: Export get_gss_krb5_enctype() >> SUNRPC: Add KUnit tests RFC 3961 Key Derivation >> SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption >> SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types >> SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types >> SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types >> SUNRPC: Add KDF-HMAC-SHA2 Kunit tests >> SUNRPC: Add RFC 8009 checksum KUnit tests >> SUNRPC: Add RFC 8009 encryption KUnit tests >> SUNRPC: Add encryption self-tests >> >> >> fs/nfsd/nfsctl.c | 74 +- >> include/linux/sunrpc/gss_krb5.h | 196 +-- >> include/linux/sunrpc/gss_krb5_enctypes.h | 41 - >> net/sunrpc/.kunitconfig | 30 + >> net/sunrpc/Kconfig | 96 +- >> net/sunrpc/auth_gss/Makefile | 2 + >> net/sunrpc/auth_gss/auth_gss.c | 17 + >> net/sunrpc/auth_gss/gss_krb5_crypto.c | 656 +++++-- >> net/sunrpc/auth_gss/gss_krb5_internal.h | 232 +++ >> net/sunrpc/auth_gss/gss_krb5_keys.c | 416 ++++- >> net/sunrpc/auth_gss/gss_krb5_mech.c | 730 +++++--- >> net/sunrpc/auth_gss/gss_krb5_seal.c | 122 +- >> net/sunrpc/auth_gss/gss_krb5_seqnum.c | 2 + >> net/sunrpc/auth_gss/gss_krb5_test.c | 2040 ++++++++++++++++++++++ >> net/sunrpc/auth_gss/gss_krb5_unseal.c | 63 +- >> net/sunrpc/auth_gss/gss_krb5_wrap.c | 124 +- >> net/sunrpc/auth_gss/svcauth_gss.c | 65 + >> 17 files changed, 4001 insertions(+), 905 deletions(-) >> delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h >> create mode 100644 net/sunrpc/.kunitconfig >> create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h >> create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c >> >> -- >> Chuck Lever > > I reviewed the whole patchset (except the Camellia related commits): > Reviewed-by: Simo Sorce <simo@xxxxxxxxxx> Thank you! I've applied this series to nfsd-next. Comments and testing are still welcome. -- Chuck Lever
