SUNRPC: Support the Camellia enctypes (3394682f) · Commits · EulixOS / Software / Kernel

include/linux/sunrpc/gss_krb5.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -176,6 +176,8 @@ enum seal_alg {
		#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
		#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
		#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
		#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011
		#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012
		#define CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013
		#define CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014
		#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */
		@@ -220,6 +222,8 @@ enum seal_alg {
		#define ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014
		#define ENCTYPE_ARCFOUR_HMAC 0x0017
		#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
		#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019
		#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001A
		#define ENCTYPE_UNKNOWN 0x01ff

		/*

net/sunrpc/Kconfig

+13 −0

Original line number	Diff line number	Diff line
		@@ -80,6 +80,19 @@ config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
		SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
		aes256-cts-hmac-sha1-96.

		config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
		bool "Enable Kerberos encryption types based on Camellia and CMAC"
		depends on RPCSEC_GSS_KRB5
		depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
		depends on CRYPTO_CMAC
		default n
		select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
		help
		Choose Y to enable the use of Kerberos 5 encryption types
		that utilize Camellia ciphers (RFC 3713) and CMAC digests
		(NIST Special Publication 800-38B). These include
		camellia128-cts-cmac and camellia256-cts-cmac.

		config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
		bool "Enable Kerberos enctypes based on AES and SHA-2"
		depends on RPCSEC_GSS_KRB5

net/sunrpc/auth_gss/gss_krb5_mech.c

+55 −0

Original line number	Diff line number	Diff line
		@@ -147,6 +147,61 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
		},
		#endif

		#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA)
		/*
		* Camellia-128 with CMAC (RFC 6803)
		*/
		{
		.etype = ENCTYPE_CAMELLIA128_CTS_CMAC,
		.ctype = CKSUMTYPE_CMAC_CAMELLIA128,
		.name = "camellia128-cts-cmac",
		.encrypt_name = "cts(cbc(camellia))",
		.aux_cipher = "cbc(camellia)",
		.cksum_name = "cmac(camellia)",
		.cksumlength = BITS2OCTETS(128),
		.keyed_cksum = 1,
		.keylength = BITS2OCTETS(128),
		.Kc_length = BITS2OCTETS(128),
		.Ke_length = BITS2OCTETS(128),
		.Ki_length = BITS2OCTETS(128),

		.import_ctx = gss_krb5_import_ctx_v2,
		.encrypt = gss_krb5_aes_encrypt,
		.decrypt = gss_krb5_aes_decrypt,

		.get_mic = gss_krb5_get_mic_v2,
		.verify_mic = gss_krb5_verify_mic_v2,
		.wrap = gss_krb5_wrap_v2,
		.unwrap = gss_krb5_unwrap_v2,
		},
		/*
		* Camellia-256 with CMAC (RFC 6803)
		*/
		{
		.etype = ENCTYPE_CAMELLIA256_CTS_CMAC,
		.ctype = CKSUMTYPE_CMAC_CAMELLIA256,
		.name = "camellia256-cts-cmac",
		.encrypt_name = "cts(cbc(camellia))",
		.aux_cipher = "cbc(camellia)",
		.cksum_name = "cmac(camellia)",
		.cksumlength = BITS2OCTETS(128),
		.keyed_cksum = 1,
		.keylength = BITS2OCTETS(256),
		.Kc_length = BITS2OCTETS(256),
		.Ke_length = BITS2OCTETS(256),
		.Ki_length = BITS2OCTETS(256),

		.import_ctx = gss_krb5_import_ctx_v2,
		.encrypt = gss_krb5_aes_encrypt,
		.decrypt = gss_krb5_aes_decrypt,

		.get_mic = gss_krb5_get_mic_v2,
		.verify_mic = gss_krb5_verify_mic_v2,
		.wrap = gss_krb5_wrap_v2,
		.unwrap = gss_krb5_unwrap_v2,
		},
		#endif

		#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2)
		/*
		* AES-128 with SHA-256 (RFC 8009)