| Message ID | 3193936.1740736547@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [GIT,PULL] crypto: Add Kerberos crypto lib | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Pull request for net |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/build_tools | success | Errors and warnings before: 26 (+1) this patch: 26 (+1) |
| netdev/build_clang | success | Errors and warnings before: 1 this patch: 1 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/verify_fixes | success | No Fixes tag |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 9 this patch: 9 |
| netdev/build_clang_rust | success | No Rust files in patch. Skipping build |
| netdev/kdoc | success | Errors and warnings before: 20 this patch: 20 |
| netdev/contest | fail | net-next-2025-02-28--12-00 (tests: 895) |
On Fri, Feb 28, 2025 at 09:55:47AM +0000, David Howells wrote: > Hi Herbert, > > Could you pull this into the crypto tree please? It does a couple of > things: > > (1) Provide an AEAD crypto driver, krb5enc, that mirrors the authenc > driver, but that hashes the plaintext, not the ciphertext. This was > made a separate module rather than just being a part of the authenc > driver because it has to do all of the constituent operations in the > opposite order - which impacts the async op handling. > > Testmgr data is provided for AES+SHA2 and Camellia combinations of > authenc and krb5enc used by the krb5 library. AES+SHA1 is not > provided as the RFCs don't contain usable test vectors. > > (2) Provide a Kerberos 5 crypto library. This is an extract from the > sunrpc driver as that code can be shared between sunrpc/nfs and > rxrpc/afs. This provides encryption, decryption, get MIC and verify > MIC routines that use and wrap the crypto functions, along with some > functions to provide layout management. > > This supports AES+SHA1, AES+SHA2 and Camellia encryption types. > > Self-testing is provided that goes further than is possible with > testmgr, doing subkey derivation as well. > > The patches were previously posted here: > > https://lore.kernel.org/r/20250203142343.248839-1-dhowells@redhat.com/ > > as part of a larger series, but the networking guys would prefer these to > go through the crypto tree. If you want them reposting independently, I > can do that. I tried pulling it but it's not based on the cryptodev tree so it will create a mess when I push this upstream. If you want me to pull it through cryptodev please rebase it on my tree. Thanks,
Hi Herbert, Could you pull this into the crypto tree please? It does a couple of things: (1) Provide an AEAD crypto driver, krb5enc, that mirrors the authenc driver, but that hashes the plaintext, not the ciphertext. This was made a separate module rather than just being a part of the authenc driver because it has to do all of the constituent operations in the opposite order - which impacts the async op handling. Testmgr data is provided for AES+SHA2 and Camellia combinations of authenc and krb5enc used by the krb5 library. AES+SHA1 is not provided as the RFCs don't contain usable test vectors. (2) Provide a Kerberos 5 crypto library. This is an extract from the sunrpc driver as that code can be shared between sunrpc/nfs and rxrpc/afs. This provides encryption, decryption, get MIC and verify MIC routines that use and wrap the crypto functions, along with some functions to provide layout management. This supports AES+SHA1, AES+SHA2 and Camellia encryption types. Self-testing is provided that goes further than is possible with testmgr, doing subkey derivation as well. The patches were previously posted here: https://lore.kernel.org/r/20250203142343.248839-1-dhowells@redhat.com/ as part of a larger series, but the networking guys would prefer these to go through the crypto tree. If you want them reposting independently, I can do that. David --- The following changes since commit 1e15510b71c99c6e49134d756df91069f7d18141: Merge tag 'net-6.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2025-02-27 09:32:42 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/crypto-krb5-20250228 for you to fetch changes up to 0dd8f8533a833eeb8e51034072a59930bcbec725: crypto/krb5: Implement crypto self-testing (2025-02-28 09:42:42 +0000) ---------------------------------------------------------------- crypto: Add Kerberos crypto lib ---------------------------------------------------------------- David Howells (17): crypto/krb5: Add API Documentation crypto/krb5: Add some constants out of sunrpc headers crypto: Add 'krb5enc' hash and cipher AEAD algorithm crypto/krb5: Test manager data crypto/krb5: Implement Kerberos crypto core crypto/krb5: Add an API to query the layout of the crypto section crypto/krb5: Add an API to alloc and prepare a crypto object crypto/krb5: Add an API to perform requests crypto/krb5: Provide infrastructure and key derivation crypto/krb5: Implement the Kerberos5 rfc3961 key derivation crypto/krb5: Provide RFC3961 setkey packaging functions crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic crypto/krb5: Implement the AES enctypes from rfc3962 crypto/krb5: Implement the AES enctypes from rfc8009 crypto/krb5: Implement the Camellia enctypes from rfc6803 crypto/krb5: Implement crypto self-testing Documentation/crypto/index.rst | 1 + Documentation/crypto/krb5.rst | 262 +++++++++++++ crypto/Kconfig | 13 + crypto/Makefile | 3 + crypto/krb5/Kconfig | 26 ++ crypto/krb5/Makefile | 18 + crypto/krb5/internal.h | 247 ++++++++++++ crypto/krb5/krb5_api.c | 452 ++++++++++++++++++++++ crypto/krb5/krb5_kdf.c | 145 +++++++ crypto/krb5/rfc3961_simplified.c | 797 +++++++++++++++++++++++++++++++++++++++ crypto/krb5/rfc3962_aes.c | 115 ++++++ crypto/krb5/rfc6803_camellia.c | 237 ++++++++++++ crypto/krb5/rfc8009_aes2.c | 362 ++++++++++++++++++ crypto/krb5/selftest.c | 544 ++++++++++++++++++++++++++ crypto/krb5/selftest_data.c | 291 ++++++++++++++ crypto/krb5enc.c | 504 +++++++++++++++++++++++++ crypto/testmgr.c | 16 + crypto/testmgr.h | 351 +++++++++++++++++ include/crypto/authenc.h | 2 + include/crypto/krb5.h | 160 ++++++++ 20 files changed, 4546 insertions(+) create mode 100644 Documentation/crypto/krb5.rst create mode 100644 crypto/krb5/Kconfig create mode 100644 crypto/krb5/Makefile create mode 100644 crypto/krb5/internal.h create mode 100644 crypto/krb5/krb5_api.c create mode 100644 crypto/krb5/krb5_kdf.c create mode 100644 crypto/krb5/rfc3961_simplified.c create mode 100644 crypto/krb5/rfc3962_aes.c create mode 100644 crypto/krb5/rfc6803_camellia.c create mode 100644 crypto/krb5/rfc8009_aes2.c create mode 100644 crypto/krb5/selftest.c create mode 100644 crypto/krb5/selftest_data.c create mode 100644 crypto/krb5enc.c create mode 100644 include/crypto/krb5.h