crypto: arc4 - mark ecb(arc4) skcipher as obsolete

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.

RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.

Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.

[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6b

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 5 years ago 9ace6771 274290ed

+21

2 changed files

expand all

crypto

Kconfig

arc4.c

+10

crypto/Kconfig

··· 1199 1199 1200 1200 config CRYPTO_ARC4 1201 1201 tristate "ARC4 cipher algorithm" 1202 + depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1202 1203 select CRYPTO_SKCIPHER 1203 1204 select CRYPTO_LIB_ARC4 1204 1205 help ··· 1881 1880 help 1882 1881 This option enables the user-spaces interface for AEAD 1883 1882 cipher algorithms. 1883 + 1884 + config CRYPTO_USER_API_ENABLE_OBSOLETE 1885 + bool "Enable obsolete cryptographic algorithms for userspace" 1886 + depends on CRYPTO_USER_API 1887 + default y 1888 + help 1889 + Allow obsolete cryptographic algorithms to be selected that have 1890 + already been phased out from internal use by the kernel, and are 1891 + only useful for userspace clients that still rely on them. 1884 1892 1885 1893 config CRYPTO_STATS 1886 1894 bool "Crypto usage statistics for User-space"

+11

crypto/arc4.c

··· 11 11 #include <crypto/arc4.h> 12 12 #include <crypto/internal/skcipher.h> 13 13 #include <linux/init.h> 14 + #include <linux/kernel.h> 14 15 #include <linux/module.h> 16 + #include <linux/sched.h> 15 17 16 18 static int crypto_arc4_setkey(struct crypto_skcipher *tfm, const u8 *in_key, 17 19 unsigned int key_len) ··· 41 39 return err; 42 40 } 43 41 42 + static int crypto_arc4_init(struct crypto_skcipher *tfm) 43 + { 44 + pr_warn_ratelimited("\"%s\" (%ld) uses obsolete ecb(arc4) skcipher\n", 45 + current->comm, (unsigned long)current->pid); 46 + 47 + return 0; 48 + } 49 + 44 50 static struct skcipher_alg arc4_alg = { 45 51 /* 46 52 * For legacy reasons, this is named "ecb(arc4)", not "arc4". ··· 65 55 .setkey = crypto_arc4_setkey, 66 56 .encrypt = crypto_arc4_crypt, 67 57 .decrypt = crypto_arc4_crypt, 58 + .init = crypto_arc4_init, 68 59 }; 69 60 70 61 static int __init arc4_init(void)