Commit a40cf753 authored by Chuck Lever's avatar Chuck Lever
Browse files

SUNRPC: Add gk5e definitions for RFC 8009 encryption types 

Fill in entries in the supported_gss_krb5_enctypes array for the
encryption types defined in RFC 8009. These new enctypes use the
SHA-256 and SHA-384 message digest algorithms (as defined in
FIPS-180) instead of the deprecated SHA-1 algorithm, and are thus
more secure.

Note that NIST has scheduled SHA-1 for deprecation:

https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm



Thus these new encryption types are placed under a separate CONFIG
option to enable distributors to separately introduce support for
the AES-SHA2 enctypes and deprecate support for the current set of
AES-SHA1 encryption types as their user space allows.

As this implementation is still a "beta", the default is to not
build it automatically.

Tested-by: default avatarScott Mayhew <smayhew@redhat.com>
Reviewed-by: default avatarSimo Sorce <simo@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent dfb63243

include/linux/sunrpc/gss_krb5.h

+17 −2
Original line number Diff line number Diff line
@@ -54,8 +54,8 @@ 
/* Maximum key length (in bytes) for the supported crypto algorithms */

#define GSS_KRB5_MAX_KEYLEN (32)



/* Maximum checksum function output for the supported crypto algorithms */

#define GSS_KRB5_MAX_CKSUM_LEN  (20)

/* Maximum checksum function output for the supported enctypes */

#define GSS_KRB5_MAX_CKSUM_LEN  (24)



/* Maximum blocksize for the supported crypto algorithms */

#define GSS_KRB5_MAX_BLOCKSIZE  (16)
@@ -160,6 +160,12 @@ enum seal_alg { 
	SEAL_ALG_DES3KD = 0x0002

};



/*

 * These values are assigned by IANA and published via the

 * subregistry at the link below:

 *

 * https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-2

 */

#define CKSUMTYPE_CRC32			0x0001

#define CKSUMTYPE_RSA_MD4		0x0002

#define CKSUMTYPE_RSA_MD4_DES		0x0003
@@ -170,6 +176,8 @@ enum seal_alg { 
#define CKSUMTYPE_HMAC_SHA1_DES3	0x000c

#define CKSUMTYPE_HMAC_SHA1_96_AES128   0x000f

#define CKSUMTYPE_HMAC_SHA1_96_AES256   0x0010

#define CKSUMTYPE_HMAC_SHA256_128_AES128	0x0013

#define CKSUMTYPE_HMAC_SHA384_192_AES256	0x0014

#define CKSUMTYPE_HMAC_MD5_ARCFOUR      -138 /* Microsoft md5 hmac cksumtype */



/* from gssapi_err_krb5.h */
@@ -190,6 +198,11 @@ enum seal_alg { 


/* per Kerberos v5 protocol spec crypto types from the wire. 

 * these get mapped to linux kernel crypto routines.  

 *

 * These values are assigned by IANA and published via the

 * subregistry at the link below:

 *

 * https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1

 */

#define ENCTYPE_NULL            0x0000

#define ENCTYPE_DES_CBC_CRC     0x0001	/* DES cbc mode with CRC-32 */
@@ -203,6 +216,8 @@ enum seal_alg { 
#define ENCTYPE_DES3_CBC_SHA1   0x0010

#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011

#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012

#define ENCTYPE_AES128_CTS_HMAC_SHA256_128	0x0013

#define ENCTYPE_AES256_CTS_HMAC_SHA384_192	0x0014

#define ENCTYPE_ARCFOUR_HMAC            0x0017

#define ENCTYPE_ARCFOUR_HMAC_EXP        0x0018

#define ENCTYPE_UNKNOWN         0x01ff

net/sunrpc/Kconfig

+14 −0
Original line number Diff line number Diff line
@@ -80,6 +80,20 @@ config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 
	  SHA-1 digests. These include aes128-cts-hmac-sha1-96 and

	  aes256-cts-hmac-sha1-96.



config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2

	bool "Enable Kerberos enctypes based on AES and SHA-2"

	depends on RPCSEC_GSS_KRB5

	depends on CRYPTO_CBC && CRYPTO_CTS

	depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512

	depends on CRYPTO_AES

	default n

	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM

	help

	  Choose Y to enable the use of Kerberos 5 encryption types

	  that utilize Advanced Encryption Standard (AES) ciphers and

	  SHA-2 digests. These include aes128-cts-hmac-sha256-128 and

	  aes256-cts-hmac-sha384-192.



config SUNRPC_DEBUG

	bool "RPC: Enable dprintk debugging"

	depends on SUNRPC && SYSCTL

net/sunrpc/auth_gss/gss_krb5_mech.c

+51 −0
Original line number Diff line number Diff line
@@ -146,6 +146,57 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { 
	  .keyed_cksum = 1,

	},

#endif



#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2)

	/*

	 * AES-128 with SHA-256 (RFC 8009)

	 */

	{

		.etype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,

		.ctype		= CKSUMTYPE_HMAC_SHA256_128_AES128,

		.name		= "aes128-cts-hmac-sha256-128",

		.encrypt_name	= "cts(cbc(aes))",

		.aux_cipher	= "cbc(aes)",

		.cksum_name	= "hmac(sha256)",

		.cksumlength	= BITS2OCTETS(128),

		.keyed_cksum	= 1,

		.keylength	= BITS2OCTETS(128),

		.Kc_length	= BITS2OCTETS(128),

		.Ke_length	= BITS2OCTETS(128),

		.Ki_length	= BITS2OCTETS(128),



		.import_ctx	= gss_krb5_import_ctx_v2,



		.get_mic	= gss_krb5_get_mic_v2,

		.verify_mic	= gss_krb5_verify_mic_v2,

		.wrap		= gss_krb5_wrap_v2,

		.unwrap		= gss_krb5_unwrap_v2,

	},

	/*

	 * AES-256 with SHA-384 (RFC 8009)

	 */

	{

		.etype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,

		.ctype		= CKSUMTYPE_HMAC_SHA384_192_AES256,

		.name		= "aes256-cts-hmac-sha384-192",

		.encrypt_name	= "cts(cbc(aes))",

		.aux_cipher	= "cbc(aes)",

		.cksum_name	= "hmac(sha384)",

		.cksumlength	= BITS2OCTETS(192),

		.keyed_cksum	= 1,

		.keylength	= BITS2OCTETS(256),

		.Kc_length	= BITS2OCTETS(192),

		.Ke_length	= BITS2OCTETS(256),

		.Ki_length	= BITS2OCTETS(192),



		.import_ctx	= gss_krb5_import_ctx_v2,



		.get_mic	= gss_krb5_get_mic_v2,

		.verify_mic	= gss_krb5_verify_mic_v2,

		.wrap		= gss_krb5_wrap_v2,

		.unwrap		= gss_krb5_unwrap_v2,

	},

#endif

};



/*