[PATCH v1 26/41] SUNRPC: Advertise support for RFC 8009 encryption types

[PATCH v1 00/41] RPCSEC GSS krb5 enhancements · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 01/41] SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 03/41] SUNRPC: Remove .conflen field from struct gss_krb5_enctype · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 02/41] SUNRPC: Remove .blocksize field from struct gss_krb5_enctype · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 04/41] SUNRPC: Improve Kerberos confounder generation · Chuck Lever <cel@kernel.org> · 2023-01-13
Re: [PATCH v1 04/41] SUNRPC: Improve Kerberos confounder generation · Simo Sorce <hidden> · 2023-01-13
Re: [PATCH v1 04/41] SUNRPC: Improve Kerberos confounder generation · Chuck Lever III <hidden> · 2023-01-13
[PATCH v1 05/41] SUNRPC: Obscure Kerberos session key · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 06/41] SUNRPC: Refactor set-up for aux_cipher · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 07/41] SUNRPC: Obscure Kerberos encryption keys · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 08/41] SUNRPC: Obscure Kerberos signing keys · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 09/41] SUNRPC: Obscure Kerberos integrity keys · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 10/41] SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 11/41] SUNRPC: Remove another switch on ctx->enctype · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 12/41] SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 13/41] NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 14/41] SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 15/41] SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 16/41] SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 17/41] SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 18/41] SUNRPC: Hoist KDF into struct gss_krb5_enctype · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 19/41] SUNRPC: Clean up cipher set up for v1 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 20/41] SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 21/41] SUNRPC: Add new subkey length fields · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 22/41] SUNRPC: Refactor CBC with CTS into helpers · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 23/41] SUNRPC: Add gk5e definitions for RFC 8009 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 24/41] SUNRPC: Add KDF-HMAC-SHA2 · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 25/41] SUNRPC: Add RFC 8009 encryption and decryption functions · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 26/41] SUNRPC: Advertise support for RFC 8009 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 27/41] SUNRPC: Support the Camellia enctypes · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 28/41] SUNRPC: Add KDF_FEEDBACK_CMAC · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 29/41] SUNRPC: Advertise support for the Camellia encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 30/41] SUNRPC: Move remaining internal definitions to gss_krb5_internal.h · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 31/41] SUNRPC: Add KUnit tests for rpcsec_krb5.ko · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 32/41] SUNRPC: Export get_gss_krb5_enctype() · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 33/41] SUNRPC: Add KUnit tests RFC 3961 Key Derivation · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 34/41] SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 37/41] SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 36/41] SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 35/41] SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 38/41] SUNRPC: Add KDF-HMAC-SHA2 Kunit tests · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 39/41] SUNRPC: Add RFC 8009 checksum KUnit tests · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 40/41] SUNRPC: Add RFC 8009 encryption KUnit tests · Chuck Lever <cel@kernel.org> · 2023-01-13
[PATCH v1 41/41] SUNRPC: Add encryption self-tests · Chuck Lever <cel@kernel.org> · 2023-01-13

STALE1258d REVIEWED: 1 (0M)

From: Chuck Lever <cel@kernel.org>
Date: 2023-01-13 15:31:29
Subsystem: kernel nfsd, sunrpc, and lockd servers, networking [general], nfs, sunrpc, and lockd clients, the rest · Maintainers: Chuck Lever, Jeff Layton, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Trond Myklebust, Anna Schumaker, Linus Torvalds

From: Chuck Lever <redacted>

Add the RFC 8009 encryption types to the string of integers that is
reported to gssd during upcalls. This enables gssd to utilize keys
with these encryption types when support for them is built into the
kernel.

Link: https://bugzilla.linux-nfs.org/show_bug.cgi?id=400
Tested-by: Scott Mayhew <redacted>
Signed-off-by: Chuck Lever <redacted>
---
 net/sunrpc/auth_gss/gss_krb5_mech.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index fa0b5197fe32..6ef0c7247692 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c

@@ -214,6 +214,10 @@ static char gss_krb5_enctype_priority_list[64];
 static void gss_krb5_prepare_enctype_priority_list(void)
 {
 	static const u32 gss_krb5_enctypes[] = {
+#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2)
+		ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+		ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+#endif
 #if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1)
 		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
 		ENCTYPE_AES128_CTS_HMAC_SHA1_96,

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help