| Message ID | 3709378.1740991489@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [GIT,PULL,v2] crypto: Add Kerberos crypto lib | expand |
On Mon, Mar 03, 2025 at 08:44:49AM +0000, David Howells wrote: > Hi Herbert, > > Could you pull this into the crypto tree please? v2 is just a rebase onto > your cryptodev/master branch. It does a couple of things: > > (1) Provide an AEAD crypto driver, krb5enc, that mirrors the authenc > driver, but that hashes the plaintext, not the ciphertext. This was > made a separate module rather than just being a part of the authenc > driver because it has to do all of the constituent operations in the > opposite order - which impacts the async op handling. > > Testmgr data is provided for AES+SHA2 and Camellia combinations of > authenc and krb5enc used by the krb5 library. AES+SHA1 is not > provided as the RFCs don't contain usable test vectors. > > (2) Provide a Kerberos 5 crypto library. This is an extract from the > sunrpc driver as that code can be shared between sunrpc/nfs and > rxrpc/afs. This provides encryption, decryption, get MIC and verify > MIC routines that use and wrap the crypto functions, along with some > functions to provide layout management. > > This supports AES+SHA1, AES+SHA2 and Camellia encryption types. > > Self-testing is provided that goes further than is possible with > testmgr, doing subkey derivation as well. > > The patches were previously posted here: > > https://lore.kernel.org/r/20250203142343.248839-1-dhowells@redhat.com/ > > as part of a larger series, but the networking guys would prefer these to > go through the crypto tree. If you want them reposting independently, I > can do that. > > David > --- > The following changes since commit 17ec3e71ba797cdb62164fea9532c81b60f47167: > > crypto: lib/Kconfig - Hide arch options from user (2025-03-02 15:21:47 +0800) > > are available in the Git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/crypto-krb5-20250303 > > for you to fetch changes up to fc0cf10c04f49ddba1925b630467f49ea993569e: > > crypto/krb5: Implement crypto self-testing (2025-03-02 21:56:47 +0000) > > ---------------------------------------------------------------- > crypto: Add Kerberos crypto lib > > ---------------------------------------------------------------- > David Howells (17): > crypto/krb5: Add API Documentation > crypto/krb5: Add some constants out of sunrpc headers > crypto: Add 'krb5enc' hash and cipher AEAD algorithm > crypto/krb5: Test manager data > crypto/krb5: Implement Kerberos crypto core > crypto/krb5: Add an API to query the layout of the crypto section > crypto/krb5: Add an API to alloc and prepare a crypto object > crypto/krb5: Add an API to perform requests > crypto/krb5: Provide infrastructure and key derivation > crypto/krb5: Implement the Kerberos5 rfc3961 key derivation > crypto/krb5: Provide RFC3961 setkey packaging functions > crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions > crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic > crypto/krb5: Implement the AES enctypes from rfc3962 > crypto/krb5: Implement the AES enctypes from rfc8009 > crypto/krb5: Implement the Camellia enctypes from rfc6803 > crypto/krb5: Implement crypto self-testing > > Documentation/crypto/index.rst | 1 + > Documentation/crypto/krb5.rst | 262 +++++++++++++ > crypto/Kconfig | 13 + > crypto/Makefile | 3 + > crypto/krb5/Kconfig | 26 ++ > crypto/krb5/Makefile | 18 + > crypto/krb5/internal.h | 247 ++++++++++++ > crypto/krb5/krb5_api.c | 452 ++++++++++++++++++++++ > crypto/krb5/krb5_kdf.c | 145 +++++++ > crypto/krb5/rfc3961_simplified.c | 797 +++++++++++++++++++++++++++++++++++++++ > crypto/krb5/rfc3962_aes.c | 115 ++++++ > crypto/krb5/rfc6803_camellia.c | 237 ++++++++++++ > crypto/krb5/rfc8009_aes2.c | 362 ++++++++++++++++++ > crypto/krb5/selftest.c | 544 ++++++++++++++++++++++++++ > crypto/krb5/selftest_data.c | 291 ++++++++++++++ > crypto/krb5enc.c | 504 +++++++++++++++++++++++++ > crypto/testmgr.c | 16 + > crypto/testmgr.h | 351 +++++++++++++++++ > include/crypto/authenc.h | 2 + > include/crypto/krb5.h | 160 ++++++++ > 20 files changed, 4546 insertions(+) > create mode 100644 Documentation/crypto/krb5.rst > create mode 100644 crypto/krb5/Kconfig > create mode 100644 crypto/krb5/Makefile > create mode 100644 crypto/krb5/internal.h > create mode 100644 crypto/krb5/krb5_api.c > create mode 100644 crypto/krb5/krb5_kdf.c > create mode 100644 crypto/krb5/rfc3961_simplified.c > create mode 100644 crypto/krb5/rfc3962_aes.c > create mode 100644 crypto/krb5/rfc6803_camellia.c > create mode 100644 crypto/krb5/rfc8009_aes2.c > create mode 100644 crypto/krb5/selftest.c > create mode 100644 crypto/krb5/selftest_data.c > create mode 100644 crypto/krb5enc.c > create mode 100644 include/crypto/krb5.h All applied. Thanks.
Hi Herbert, Could you pull this into the crypto tree please? v2 is just a rebase onto your cryptodev/master branch. It does a couple of things: (1) Provide an AEAD crypto driver, krb5enc, that mirrors the authenc driver, but that hashes the plaintext, not the ciphertext. This was made a separate module rather than just being a part of the authenc driver because it has to do all of the constituent operations in the opposite order - which impacts the async op handling. Testmgr data is provided for AES+SHA2 and Camellia combinations of authenc and krb5enc used by the krb5 library. AES+SHA1 is not provided as the RFCs don't contain usable test vectors. (2) Provide a Kerberos 5 crypto library. This is an extract from the sunrpc driver as that code can be shared between sunrpc/nfs and rxrpc/afs. This provides encryption, decryption, get MIC and verify MIC routines that use and wrap the crypto functions, along with some functions to provide layout management. This supports AES+SHA1, AES+SHA2 and Camellia encryption types. Self-testing is provided that goes further than is possible with testmgr, doing subkey derivation as well. The patches were previously posted here: https://lore.kernel.org/r/20250203142343.248839-1-dhowells@redhat.com/ as part of a larger series, but the networking guys would prefer these to go through the crypto tree. If you want them reposting independently, I can do that. David --- The following changes since commit 17ec3e71ba797cdb62164fea9532c81b60f47167: crypto: lib/Kconfig - Hide arch options from user (2025-03-02 15:21:47 +0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/crypto-krb5-20250303 for you to fetch changes up to fc0cf10c04f49ddba1925b630467f49ea993569e: crypto/krb5: Implement crypto self-testing (2025-03-02 21:56:47 +0000) ---------------------------------------------------------------- crypto: Add Kerberos crypto lib ---------------------------------------------------------------- David Howells (17): crypto/krb5: Add API Documentation crypto/krb5: Add some constants out of sunrpc headers crypto: Add 'krb5enc' hash and cipher AEAD algorithm crypto/krb5: Test manager data crypto/krb5: Implement Kerberos crypto core crypto/krb5: Add an API to query the layout of the crypto section crypto/krb5: Add an API to alloc and prepare a crypto object crypto/krb5: Add an API to perform requests crypto/krb5: Provide infrastructure and key derivation crypto/krb5: Implement the Kerberos5 rfc3961 key derivation crypto/krb5: Provide RFC3961 setkey packaging functions crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic crypto/krb5: Implement the AES enctypes from rfc3962 crypto/krb5: Implement the AES enctypes from rfc8009 crypto/krb5: Implement the Camellia enctypes from rfc6803 crypto/krb5: Implement crypto self-testing Documentation/crypto/index.rst | 1 + Documentation/crypto/krb5.rst | 262 +++++++++++++ crypto/Kconfig | 13 + crypto/Makefile | 3 + crypto/krb5/Kconfig | 26 ++ crypto/krb5/Makefile | 18 + crypto/krb5/internal.h | 247 ++++++++++++ crypto/krb5/krb5_api.c | 452 ++++++++++++++++++++++ crypto/krb5/krb5_kdf.c | 145 +++++++ crypto/krb5/rfc3961_simplified.c | 797 +++++++++++++++++++++++++++++++++++++++ crypto/krb5/rfc3962_aes.c | 115 ++++++ crypto/krb5/rfc6803_camellia.c | 237 ++++++++++++ crypto/krb5/rfc8009_aes2.c | 362 ++++++++++++++++++ crypto/krb5/selftest.c | 544 ++++++++++++++++++++++++++ crypto/krb5/selftest_data.c | 291 ++++++++++++++ crypto/krb5enc.c | 504 +++++++++++++++++++++++++ crypto/testmgr.c | 16 + crypto/testmgr.h | 351 +++++++++++++++++ include/crypto/authenc.h | 2 + include/crypto/krb5.h | 160 ++++++++ 20 files changed, 4546 insertions(+) create mode 100644 Documentation/crypto/krb5.rst create mode 100644 crypto/krb5/Kconfig create mode 100644 crypto/krb5/Makefile create mode 100644 crypto/krb5/internal.h create mode 100644 crypto/krb5/krb5_api.c create mode 100644 crypto/krb5/krb5_kdf.c create mode 100644 crypto/krb5/rfc3961_simplified.c create mode 100644 crypto/krb5/rfc3962_aes.c create mode 100644 crypto/krb5/rfc6803_camellia.c create mode 100644 crypto/krb5/rfc8009_aes2.c create mode 100644 crypto/krb5/selftest.c create mode 100644 crypto/krb5/selftest_data.c create mode 100644 crypto/krb5enc.c create mode 100644 include/crypto/krb5.h