Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm

[RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 01/24] crypto/krb5: Add API Documentation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 02/24] crypto/krb5: Add some constants out of sunrpc headers · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Simon Horman <horms@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
[RFC PATCH 04/24] crypto/krb5: Test manager data · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 05/24] crypto/krb5: Implement Kerberos crypto core · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 06/24] crypto/krb5: Add an API to query the layout of the crypto section · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 08/24] crypto/krb5: Add an API to perform requests · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 09/24] crypto/krb5: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 16/24] crypto/krb5: Implement the AES encrypt/decrypt from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 17/24] crypto/krb5: Implement crypto self-testing · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 18/24] crypto/krb5: Add the AES self-testing data from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 19/24] crypto/krb5: Implement the Camellia enctypes from rfc6803 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 22/24] rxrpc: rxgk: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 20/24] rxrpc: Add the security index for yfs-rxgk · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 24/24] rxrpc: rxgk: Implement connection rekeying · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · Chuck Lever <hidden> · 2025-01-17

From: Simon Horman <horms@kernel.org>
Date: 2025-01-20 13:57:59
Also in: linux-crypto, linux-fsdevel, linux-nfs, lkml

On Fri, Jan 17, 2025 at 06:35:12PM +0000, David Howells wrote:

Add an AEAD template that does hash-then-cipher (unlike authenc that does
cipher-then-hash).  This is required for a number of Kerberos 5 encoding
types.

[!] Note that the net/sunrpc/auth_gss/ implementation gets a pair of
ciphers, one non-CTS and one CTS, using the former to do all the aligned
blocks and the latter to do the last two blocks if they aren't also
aligned.  It may be necessary to do this here too for performance reasons -
but there are considerations both ways:

 (1) firstly, there is an optimised assembly version of cts(cbc(aes)) on
     x86_64 that should be used instead of having two ciphers;

 (2) secondly, none of the hardware offload drivers seem to offer CTS
     support (Intel QAT does not, for instance).

However, I don't know if it's possible to query the crypto API to find out
whether there's an optimised CTS algorithm available.

Signed-off-by: David Howells <dhowells@redhat.com>

...

quoted hunk ↗ jump to hunk

diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c

...

+static int krb5enc_verify_hash(struct aead_request *req, void *hash)
+{
+	struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
+	struct aead_instance *inst = aead_alg_instance(krb5enc);
+	struct krb5enc_instance_ctx *ictx = aead_instance_ctx(inst);
+	struct krb5enc_request_ctx *areq_ctx = aead_request_ctx(req);
+	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
+	unsigned int authsize = crypto_aead_authsize(krb5enc);
+	u8 *ihash = ahreq->result + authsize;
+
+	scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
+
+	if (crypto_memneq(ihash, ahreq->result, authsize))
+		return -EBADMSG;
+	return 0;
+}
+
+static void krb5enc_decrypt_hash_done(void *data, int err)
+{
+	struct aead_request *req = data;
+
+	if (err)
+		return krb5enc_request_complete(req, err);
+
+	err = krb5enc_verify_hash(req, 0);

Hi David,

Sparse complains that the second argument to krb5enc_verify_hash should be
a pointer rather than an integer. So perhaps this would be slightly better
expressed as (completely untested!):

	err = krb5enc_verify_hash(req, NULL);

+	krb5enc_request_complete(req, err);

...

+}

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help