Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm

[RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 01/24] crypto/krb5: Add API Documentation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 02/24] crypto/krb5: Add some constants out of sunrpc headers · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Simon Horman <horms@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
[RFC PATCH 04/24] crypto/krb5: Test manager data · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 05/24] crypto/krb5: Implement Kerberos crypto core · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 06/24] crypto/krb5: Add an API to query the layout of the crypto section · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 08/24] crypto/krb5: Add an API to perform requests · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 09/24] crypto/krb5: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 16/24] crypto/krb5: Implement the AES encrypt/decrypt from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 17/24] crypto/krb5: Implement crypto self-testing · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 18/24] crypto/krb5: Add the AES self-testing data from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 19/24] crypto/krb5: Implement the Camellia enctypes from rfc6803 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 22/24] rxrpc: rxgk: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 20/24] rxrpc: Add the security index for yfs-rxgk · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 24/24] rxrpc: rxgk: Implement connection rekeying · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · Chuck Lever <hidden> · 2025-01-17

From: David Howells <dhowells@redhat.com>
Date: 2025-01-20 14:25:25
Also in: linux-crypto, linux-fsdevel, linux-nfs, lkml

Simon Horman [off-list ref] wrote:

quoted

+static void krb5enc_decrypt_hash_done(void *data, int err)
+{
+	struct aead_request *req = data;
+
+	if (err)
+		return krb5enc_request_complete(req, err);
+
+	err = krb5enc_verify_hash(req, 0);

Hi David,

Sparse complains that the second argument to krb5enc_verify_hash should be
a pointer rather than an integer. So perhaps this would be slightly better
expressed as (completely untested!):

	err = krb5enc_verify_hash(req, NULL);

Actually, no.  It should be "ahreq->result + authsize" and
krb5enc_verify_hash() shouldn't calculate ihash, but use its hash parameter.

I wonder if the testmgr driver tests running the algorithms asynchronously...

Thanks,
David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help