Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm

[RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 01/24] crypto/krb5: Add API Documentation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 02/24] crypto/krb5: Add some constants out of sunrpc headers · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Simon Horman <horms@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · Eric Biggers <ebiggers@kernel.org> · 2025-01-20
Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm · David Howells <dhowells@redhat.com> · 2025-01-20
[RFC PATCH 04/24] crypto/krb5: Test manager data · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 05/24] crypto/krb5: Implement Kerberos crypto core · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 06/24] crypto/krb5: Add an API to query the layout of the crypto section · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 08/24] crypto/krb5: Add an API to perform requests · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 09/24] crypto/krb5: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 16/24] crypto/krb5: Implement the AES encrypt/decrypt from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 17/24] crypto/krb5: Implement crypto self-testing · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 18/24] crypto/krb5: Add the AES self-testing data from rfc8009 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 19/24] crypto/krb5: Implement the Camellia enctypes from rfc6803 · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 22/24] rxrpc: rxgk: Provide infrastructure and key derivation · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 20/24] rxrpc: Add the security index for yfs-rxgk · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) · David Howells <dhowells@redhat.com> · 2025-01-17
[RFC PATCH 24/24] rxrpc: rxgk: Implement connection rekeying · David Howells <dhowells@redhat.com> · 2025-01-17
Re: [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt · Chuck Lever <hidden> · 2025-01-17

From: David Howells <dhowells@redhat.com>
Date: 2025-01-20 23:12:15
Also in: linux-crypto, linux-fsdevel, linux-nfs, lkml
Subsystem: crypto api, the rest · Maintainers: Herbert Xu, "David S. Miller", Linus Torvalds

David Howells [off-list ref] wrote:

quoted

Sparse complains that the second argument to krb5enc_verify_hash should be
a pointer rather than an integer. So perhaps this would be slightly better
expressed as (completely untested!):

	err = krb5enc_verify_hash(req, NULL);

Actually, no.  It should be "ahreq->result + authsize" and
krb5enc_verify_hash() shouldn't calculate ihash, but use its hash parameter.

Ah.  That's wrong also.  I'm going to drop the second parameter and just
calculate the hash pointers directly.

David
---

diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c
index 931387a8ee6f..e5cec47e7e42 100644
--- a/crypto/krb5enc.c
+++ b/crypto/krb5enc.c

@@ -230,7 +230,7 @@ static int krb5enc_encrypt(struct aead_request *req)
 	return krb5enc_dispatch_encrypt(req, aead_request_flags(req));
 }
 
-static int krb5enc_verify_hash(struct aead_request *req, void *hash)
+static int krb5enc_verify_hash(struct aead_request *req)
 {
 	struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
 	struct aead_instance *inst = aead_alg_instance(krb5enc);

@@ -238,11 +238,12 @@ static int krb5enc_verify_hash(struct aead_request *req, void *hash)
 	struct krb5enc_request_ctx *areq_ctx = aead_request_ctx(req);
 	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
 	unsigned int authsize = crypto_aead_authsize(krb5enc);
-	u8 *ihash = ahreq->result + authsize;
+	u8 *calc_hash = areq_ctx->tail;
+	u8 *msg_hash  = areq_ctx->tail + authsize;
 
-	scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
+	scatterwalk_map_and_copy(msg_hash, req->src, ahreq->nbytes, authsize, 0);
 
-	if (crypto_memneq(ihash, ahreq->result, authsize))
+	if (crypto_memneq(msg_hash, calc_hash, authsize))
 		return -EBADMSG;
 	return 0;
 }

@@ -254,7 +255,7 @@ static void krb5enc_decrypt_hash_done(void *data, int err)
 	if (err)
 		return krb5enc_request_complete(req, err);
 
-	err = krb5enc_verify_hash(req, 0);
+	err = krb5enc_verify_hash(req);
 	krb5enc_request_complete(req, err);
 }

@@ -284,7 +285,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
 	if (err < 0)
 		return err;
 
-	return krb5enc_verify_hash(req, hash);
+	return krb5enc_verify_hash(req);
 }
 
 /*

@@ -352,7 +353,7 @@ static int krb5enc_init_tfm(struct crypto_aead *tfm)
 	crypto_aead_set_reqsize(
 		tfm,
 		sizeof(struct krb5enc_request_ctx) +
-		ictx->reqoff +
+		ictx->reqoff + /* Space for two checksums */
 		umax(sizeof(struct ahash_request) + crypto_ahash_reqsize(auth),
 		     sizeof(struct skcipher_request) + crypto_skcipher_reqsize(enc)));

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help