git.maquefel.me Git - linux.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Sun, 15 Jan 2023 17:22:56 +0000 (12:22 -0500)
committer	Chuck Lever <chuck.lever@oracle.com>
	Mon, 20 Feb 2023 14:20:43 +0000 (09:20 -0500)
commit	0d5b5a0f32dfc9be3521803aba53e856759f0250
tree	e18769d21d7b4ab79054e75898b1faaf0490651d	tree \| snapshot
parent	ae2e4d2bae0007b040e8327f123911c0a6b24d68	commit \| diff

SUNRPC: Add RFC 8009 encryption and decryption functions

RFC 8009 enctypes use different crypt formulae than previous
Kerberos 5 encryption types. Section 1 of RFC 8009 explains the
reason for this change:

> The new types conform to the framework specified in [RFC3961],
> but do not use the simplified profile, as the simplified profile
> is not compliant with modern cryptographic best practices such as
> calculating Message Authentication Codes (MACs) over ciphertext
> rather than plaintext.

Add new .encrypt and .decrypt functions to handle this variation.

The new approach described above is referred to as Encrypt-then-MAC
(or EtM). Hence the names of the new functions added here are
prefixed with "krb5_etm_".

A critical second difference with previous crypt formulae is that
the cipher state is included in the computed HMAC. Note however that
for RPCSEC, the initial cipher state is easy to compute on both
initiator and acceptor because it is always all zeroes.

Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

net/sunrpc/auth_gss/gss_krb5_crypto.c		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_internal.h		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_mech.c		diff \| blob \| history