crypto/krb5: Implement Kerberos crypto core

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Provide core structures, an encoding-type registry and basic module and
config bits for a generic Kerberos crypto library.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: "David S. Miller" <davem@davemloft.net>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: linux-nfs@vger.kernel.org
cc: linux-crypto@vger.kernel.org
cc: netdev@vger.kernel.org

David Howells 1 year ago 3936f02b 1b80b6f4

+234

7 changed files

expand all

crypto

Kconfig

Makefile

krb5

Kconfig

Makefile

internal.h

krb5_api.c

include

crypto

krb5.h

crypto/Kconfig

··· 1472 1472 source "drivers/crypto/Kconfig" 1473 1473 source "crypto/asymmetric_keys/Kconfig" 1474 1474 source "certs/Kconfig" 1475 + source "crypto/krb5/Kconfig" 1475 1476 1476 1477 endif # if CRYPTO

crypto/Makefile

··· 213 213 # Key derivation function 214 214 # 215 215 obj-$(CONFIG_CRYPTO_KDF800108_CTR) += kdf_sp800108.o 216 + 217 + obj-$(CONFIG_CRYPTO_KRB5) += krb5/

+14

crypto/krb5/Kconfig

··· 1 + config CRYPTO_KRB5 2 + tristate "Kerberos 5 crypto" 3 + select CRYPTO_MANAGER 4 + select CRYPTO_KRB5ENC 5 + select CRYPTO_AUTHENC 6 + select CRYPTO_SKCIPHER 7 + select CRYPTO_HASH_INFO 8 + select CRYPTO_SHA1 9 + select CRYPTO_CBC 10 + select CRYPTO_CTS 11 + select CRYPTO_AES 12 + help 13 + Provide a library for provision of Kerberos-5-based crypto. This is 14 + intended for network filesystems to use.

crypto/krb5/Makefile

··· 1 + # SPDX-License-Identifier: GPL-2.0 2 + # 3 + # Makefile for asymmetric cryptographic keys 4 + # 5 + 6 + krb5-y += \ 7 + krb5_api.o 8 + 9 + obj-$(CONFIG_CRYPTO_KRB5) += krb5.o

+112

crypto/krb5/internal.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 + /* Kerberos5 crypto internals 3 + * 4 + * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. 5 + * Written by David Howells (dhowells@redhat.com) 6 + */ 7 + 8 + #include <crypto/krb5.h> 9 + 10 + /* 11 + * Profile used for key derivation and encryption. 12 + */ 13 + struct krb5_crypto_profile { 14 + /* Pseudo-random function */ 15 + int (*calc_PRF)(const struct krb5_enctype *krb5, 16 + const struct krb5_buffer *protocol_key, 17 + const struct krb5_buffer *octet_string, 18 + struct krb5_buffer *result, 19 + gfp_t gfp); 20 + 21 + /* Checksum key derivation */ 22 + int (*calc_Kc)(const struct krb5_enctype *krb5, 23 + const struct krb5_buffer *TK, 24 + const struct krb5_buffer *usage_constant, 25 + struct krb5_buffer *Kc, 26 + gfp_t gfp); 27 + 28 + /* Encryption key derivation */ 29 + int (*calc_Ke)(const struct krb5_enctype *krb5, 30 + const struct krb5_buffer *TK, 31 + const struct krb5_buffer *usage_constant, 32 + struct krb5_buffer *Ke, 33 + gfp_t gfp); 34 + 35 + /* Integrity key derivation */ 36 + int (*calc_Ki)(const struct krb5_enctype *krb5, 37 + const struct krb5_buffer *TK, 38 + const struct krb5_buffer *usage_constant, 39 + struct krb5_buffer *Ki, 40 + gfp_t gfp); 41 + 42 + /* Derive the keys needed for an encryption AEAD object. */ 43 + int (*derive_encrypt_keys)(const struct krb5_enctype *krb5, 44 + const struct krb5_buffer *TK, 45 + unsigned int usage, 46 + struct krb5_buffer *setkey, 47 + gfp_t gfp); 48 + 49 + /* Directly load the keys needed for an encryption AEAD object. */ 50 + int (*load_encrypt_keys)(const struct krb5_enctype *krb5, 51 + const struct krb5_buffer *Ke, 52 + const struct krb5_buffer *Ki, 53 + struct krb5_buffer *setkey, 54 + gfp_t gfp); 55 + 56 + /* Derive the key needed for a checksum hash object. */ 57 + int (*derive_checksum_key)(const struct krb5_enctype *krb5, 58 + const struct krb5_buffer *TK, 59 + unsigned int usage, 60 + struct krb5_buffer *setkey, 61 + gfp_t gfp); 62 + 63 + /* Directly load the keys needed for a checksum hash object. */ 64 + int (*load_checksum_key)(const struct krb5_enctype *krb5, 65 + const struct krb5_buffer *Kc, 66 + struct krb5_buffer *setkey, 67 + gfp_t gfp); 68 + 69 + /* Encrypt data in-place, inserting confounder and checksum. */ 70 + ssize_t (*encrypt)(const struct krb5_enctype *krb5, 71 + struct crypto_aead *aead, 72 + struct scatterlist *sg, unsigned int nr_sg, 73 + size_t sg_len, 74 + size_t data_offset, size_t data_len, 75 + bool preconfounded); 76 + 77 + /* Decrypt data in-place, removing confounder and checksum */ 78 + int (*decrypt)(const struct krb5_enctype *krb5, 79 + struct crypto_aead *aead, 80 + struct scatterlist *sg, unsigned int nr_sg, 81 + size_t *_offset, size_t *_len); 82 + 83 + /* Generate a MIC on part of a packet, inserting the checksum */ 84 + ssize_t (*get_mic)(const struct krb5_enctype *krb5, 85 + struct crypto_shash *shash, 86 + const struct krb5_buffer *metadata, 87 + struct scatterlist *sg, unsigned int nr_sg, 88 + size_t sg_len, 89 + size_t data_offset, size_t data_len); 90 + 91 + /* Verify the MIC on a piece of data, removing the checksum */ 92 + int (*verify_mic)(const struct krb5_enctype *krb5, 93 + struct crypto_shash *shash, 94 + const struct krb5_buffer *metadata, 95 + struct scatterlist *sg, unsigned int nr_sg, 96 + size_t *_offset, size_t *_len); 97 + }; 98 + 99 + /* 100 + * Crypto size/alignment rounding convenience macros. 101 + */ 102 + #define crypto_roundup(X) ((unsigned int)round_up((X), CRYPTO_MINALIGN)) 103 + 104 + #define krb5_aead_size(TFM) \ 105 + crypto_roundup(sizeof(struct aead_request) + crypto_aead_reqsize(TFM)) 106 + #define krb5_aead_ivsize(TFM) \ 107 + crypto_roundup(crypto_aead_ivsize(TFM)) 108 + #define krb5_shash_size(TFM) \ 109 + crypto_roundup(sizeof(struct shash_desc) + crypto_shash_descsize(TFM)) 110 + #define krb5_digest_size(TFM) \ 111 + crypto_roundup(crypto_shash_digestsize(TFM)) 112 + #define round16(x) (((x) + 15) & ~15)

+42

crypto/krb5/krb5_api.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* Kerberos 5 crypto library. 3 + * 4 + * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. 5 + * Written by David Howells (dhowells@redhat.com) 6 + */ 7 + 8 + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 + 10 + #include <linux/module.h> 11 + #include <linux/export.h> 12 + #include <linux/kernel.h> 13 + #include "internal.h" 14 + 15 + MODULE_DESCRIPTION("Kerberos 5 crypto"); 16 + MODULE_AUTHOR("Red Hat, Inc."); 17 + MODULE_LICENSE("GPL"); 18 + 19 + static const struct krb5_enctype *const krb5_supported_enctypes[] = { 20 + }; 21 + 22 + /** 23 + * crypto_krb5_find_enctype - Find the handler for a Kerberos5 encryption type 24 + * @enctype: The standard Kerberos encryption type number 25 + * 26 + * Look up a Kerberos encryption type by number. If successful, returns a 27 + * pointer to the type tables; returns NULL otherwise. 28 + */ 29 + const struct krb5_enctype *crypto_krb5_find_enctype(u32 enctype) 30 + { 31 + const struct krb5_enctype *krb5; 32 + size_t i; 33 + 34 + for (i = 0; i < ARRAY_SIZE(krb5_supported_enctypes); i++) { 35 + krb5 = krb5_supported_enctypes[i]; 36 + if (krb5->etype == enctype) 37 + return krb5; 38 + } 39 + 40 + return NULL; 41 + } 42 + EXPORT_SYMBOL(crypto_krb5_find_enctype);

+54

include/crypto/krb5.h

··· 8 8 #ifndef _CRYPTO_KRB5_H 9 9 #define _CRYPTO_KRB5_H 10 10 11 + #include <linux/crypto.h> 12 + #include <crypto/aead.h> 13 + 14 + struct crypto_shash; 15 + struct scatterlist; 16 + 11 17 /* 12 18 * Per Kerberos v5 protocol spec crypto types from the wire. These get mapped 13 19 * to linux kernel crypto routines. ··· 53 47 #define KEY_USAGE_SEED_CHECKSUM (0x99) 54 48 #define KEY_USAGE_SEED_ENCRYPTION (0xAA) 55 49 #define KEY_USAGE_SEED_INTEGRITY (0x55) 50 + 51 + /* 52 + * Mode of operation. 53 + */ 54 + enum krb5_crypto_mode { 55 + KRB5_CHECKSUM_MODE, /* Checksum only */ 56 + KRB5_ENCRYPT_MODE, /* Fully encrypted, possibly with integrity checksum */ 57 + }; 58 + 59 + struct krb5_buffer { 60 + unsigned int len; 61 + void *data; 62 + }; 63 + 64 + /* 65 + * Kerberos encoding type definition. 66 + */ 67 + struct krb5_enctype { 68 + int etype; /* Encryption (key) type */ 69 + int ctype; /* Checksum type */ 70 + const char *name; /* "Friendly" name */ 71 + const char *encrypt_name; /* Crypto encrypt+checksum name */ 72 + const char *cksum_name; /* Crypto checksum name */ 73 + const char *hash_name; /* Crypto hash name */ 74 + const char *derivation_enc; /* Cipher used in key derivation */ 75 + u16 block_len; /* Length of encryption block */ 76 + u16 conf_len; /* Length of confounder (normally == block_len) */ 77 + u16 cksum_len; /* Length of checksum */ 78 + u16 key_bytes; /* Length of raw key, in bytes */ 79 + u16 key_len; /* Length of final key, in bytes */ 80 + u16 hash_len; /* Length of hash in bytes */ 81 + u16 prf_len; /* Length of PRF() result in bytes */ 82 + u16 Kc_len; /* Length of Kc in bytes */ 83 + u16 Ke_len; /* Length of Ke in bytes */ 84 + u16 Ki_len; /* Length of Ki in bytes */ 85 + bool keyed_cksum; /* T if a keyed cksum */ 86 + 87 + const struct krb5_crypto_profile *profile; 88 + 89 + int (*random_to_key)(const struct krb5_enctype *krb5, 90 + const struct krb5_buffer *in, 91 + struct krb5_buffer *out); /* complete key generation */ 92 + }; 93 + 94 + /* 95 + * krb5_api.c 96 + */ 97 + const struct krb5_enctype *crypto_krb5_find_enctype(u32 enctype); 56 98 57 99 #endif /* _CRYPTO_KRB5_H */