SUNRPC: remove RC4-HMAC-MD5 support from KerberosV

-11

include/linux/sunrpc/gss_krb5.h

··· 141 141 SGN_ALG_MD2_5 = 0x0001, 142 142 SGN_ALG_DES_MAC = 0x0002, 143 143 SGN_ALG_3 = 0x0003, /* not published */ 144 - SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; no support */ 145 144 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 146 145 }; 147 146 enum seal_alg { 148 147 SEAL_ALG_NONE = 0xffff, 149 148 SEAL_ALG_DES = 0x0000, 150 149 SEAL_ALG_1 = 0x0001, /* not published */ 151 - SEAL_ALG_MICROSOFT_RC4 = 0x0010,/* microsoft w2k; no support */ 152 150 SEAL_ALG_DES3KD = 0x0002 153 151 }; 154 152 ··· 314 316 struct xdr_buf *buf, u32 *plainoffset, 315 317 u32 *plainlen); 316 318 317 - int 318 - krb5_rc4_setup_seq_key(struct krb5_ctx *kctx, 319 - struct crypto_sync_skcipher *cipher, 320 - unsigned char *cksum); 321 - 322 - int 323 - krb5_rc4_setup_enc_key(struct krb5_ctx *kctx, 324 - struct crypto_sync_skcipher *cipher, 325 - s32 seqnum); 326 319 void 327 320 gss_krb5_make_confounder(char *p, u32 conflen);

+3 -6

include/linux/sunrpc/gss_krb5_enctypes.h

··· 13 13 #ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES 14 14 15 15 /* 16 - * NB: This list includes encryption types that were deprecated 17 - * by RFC 8429 (DES3_CBC_SHA1 and ARCFOUR_HMAC). 16 + * NB: This list includes DES3_CBC_SHA1, which was deprecated by RFC 8429. 18 17 * 19 18 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 20 19 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 21 20 * ENCTYPE_DES3_CBC_SHA1 22 - * ENCTYPE_ARCFOUR_HMAC 23 21 */ 24 - #define KRB5_SUPPORTED_ENCTYPES "18,17,16,23" 22 + #define KRB5_SUPPORTED_ENCTYPES "18,17,16" 25 23 26 24 #else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 27 25 ··· 30 32 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 31 33 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 32 34 * ENCTYPE_DES3_CBC_SHA1 33 - * ENCTYPE_ARCFOUR_HMAC 34 35 * ENCTYPE_DES_CBC_MD5 35 36 * ENCTYPE_DES_CBC_CRC 36 37 * ENCTYPE_DES_CBC_MD4 37 38 */ 38 - #define KRB5_SUPPORTED_ENCTYPES "18,17,16,23,3,1,2" 39 + #define KRB5_SUPPORTED_ENCTYPES "18,17,16,3,1,2" 39 40 40 41 #endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 41 42

-1

net/sunrpc/Kconfig

··· 21 21 depends on SUNRPC && CRYPTO 22 22 depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS 23 23 depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && CRYPTO_AES 24 - depends on CRYPTO_ARC4 25 24 default y 26 25 select SUNRPC_GSS 27 26 help

-276

net/sunrpc/auth_gss/gss_krb5_crypto.c

··· 138 138 return crypto_ahash_update(req); 139 139 } 140 140 141 - static int 142 - arcfour_hmac_md5_usage_to_salt(unsigned int usage, u8 salt[4]) 143 - { 144 - unsigned int ms_usage; 145 - 146 - switch (usage) { 147 - case KG_USAGE_SIGN: 148 - ms_usage = 15; 149 - break; 150 - case KG_USAGE_SEAL: 151 - ms_usage = 13; 152 - break; 153 - default: 154 - return -EINVAL; 155 - } 156 - salt[0] = (ms_usage >> 0) & 0xff; 157 - salt[1] = (ms_usage >> 8) & 0xff; 158 - salt[2] = (ms_usage >> 16) & 0xff; 159 - salt[3] = (ms_usage >> 24) & 0xff; 160 - 161 - return 0; 162 - } 163 - 164 - static u32 165 - make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen, 166 - struct xdr_buf *body, int body_offset, u8 *cksumkey, 167 - unsigned int usage, struct xdr_netobj *cksumout) 168 - { 169 - struct scatterlist sg[1]; 170 - int err = -1; 171 - u8 *checksumdata; 172 - u8 *rc4salt; 173 - struct crypto_ahash *md5; 174 - struct crypto_ahash *hmac_md5; 175 - struct ahash_request *req; 176 - 177 - if (cksumkey == NULL) 178 - return GSS_S_FAILURE; 179 - 180 - if (cksumout->len < kctx->gk5e->cksumlength) { 181 - dprintk("%s: checksum buffer length, %u, too small for %s\n", 182 - __func__, cksumout->len, kctx->gk5e->name); 183 - return GSS_S_FAILURE; 184 - } 185 - 186 - rc4salt = kmalloc_array(4, sizeof(*rc4salt), GFP_NOFS); 187 - if (!rc4salt) 188 - return GSS_S_FAILURE; 189 - 190 - if (arcfour_hmac_md5_usage_to_salt(usage, rc4salt)) { 191 - dprintk("%s: invalid usage value %u\n", __func__, usage); 192 - goto out_free_rc4salt; 193 - } 194 - 195 - checksumdata = kmalloc(GSS_KRB5_MAX_CKSUM_LEN, GFP_NOFS); 196 - if (!checksumdata) 197 - goto out_free_rc4salt; 198 - 199 - md5 = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); 200 - if (IS_ERR(md5)) 201 - goto out_free_cksum; 202 - 203 - hmac_md5 = crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, 204 - CRYPTO_ALG_ASYNC); 205 - if (IS_ERR(hmac_md5)) 206 - goto out_free_md5; 207 - 208 - req = ahash_request_alloc(md5, GFP_NOFS); 209 - if (!req) 210 - goto out_free_hmac_md5; 211 - 212 - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 213 - 214 - err = crypto_ahash_init(req); 215 - if (err) 216 - goto out; 217 - sg_init_one(sg, rc4salt, 4); 218 - ahash_request_set_crypt(req, sg, NULL, 4); 219 - err = crypto_ahash_update(req); 220 - if (err) 221 - goto out; 222 - 223 - sg_init_one(sg, header, hdrlen); 224 - ahash_request_set_crypt(req, sg, NULL, hdrlen); 225 - err = crypto_ahash_update(req); 226 - if (err) 227 - goto out; 228 - err = xdr_process_buf(body, body_offset, body->len - body_offset, 229 - checksummer, req); 230 - if (err) 231 - goto out; 232 - ahash_request_set_crypt(req, NULL, checksumdata, 0); 233 - err = crypto_ahash_final(req); 234 - if (err) 235 - goto out; 236 - 237 - ahash_request_free(req); 238 - req = ahash_request_alloc(hmac_md5, GFP_NOFS); 239 - if (!req) 240 - goto out_free_hmac_md5; 241 - 242 - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 243 - 244 - err = crypto_ahash_setkey(hmac_md5, cksumkey, kctx->gk5e->keylength); 245 - if (err) 246 - goto out; 247 - 248 - sg_init_one(sg, checksumdata, crypto_ahash_digestsize(md5)); 249 - ahash_request_set_crypt(req, sg, checksumdata, 250 - crypto_ahash_digestsize(md5)); 251 - err = crypto_ahash_digest(req); 252 - if (err) 253 - goto out; 254 - 255 - memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength); 256 - cksumout->len = kctx->gk5e->cksumlength; 257 - out: 258 - ahash_request_free(req); 259 - out_free_hmac_md5: 260 - crypto_free_ahash(hmac_md5); 261 - out_free_md5: 262 - crypto_free_ahash(md5); 263 - out_free_cksum: 264 - kfree(checksumdata); 265 - out_free_rc4salt: 266 - kfree(rc4salt); 267 - return err ? GSS_S_FAILURE : 0; 268 - } 269 - 270 141 /* 271 142 * checksum the plaintext data and hdrlen bytes of the token header 272 143 * The checksum is performed over the first 8 bytes of the ··· 154 283 int err = -1; 155 284 u8 *checksumdata; 156 285 unsigned int checksumlen; 157 - 158 - if (kctx->gk5e->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) 159 - return make_checksum_hmac_md5(kctx, header, hdrlen, 160 - body, body_offset, 161 - cksumkey, usage, cksumout); 162 286 163 287 if (cksumout->len < kctx->gk5e->cksumlength) { 164 288 dprintk("%s: checksum buffer length, %u, too small for %s\n", ··· 807 941 if (ret && ret != GSS_S_BAD_SIG) 808 942 ret = GSS_S_FAILURE; 809 943 return ret; 810 - } 811 - 812 - /* 813 - * Compute Kseq given the initial session key and the checksum. 814 - * Set the key of the given cipher. 815 - */ 816 - int 817 - krb5_rc4_setup_seq_key(struct krb5_ctx *kctx, 818 - struct crypto_sync_skcipher *cipher, 819 - unsigned char *cksum) 820 - { 821 - struct crypto_shash *hmac; 822 - struct shash_desc *desc; 823 - u8 Kseq[GSS_KRB5_MAX_KEYLEN]; 824 - u32 zeroconstant = 0; 825 - int err; 826 - 827 - dprintk("%s: entered\n", __func__); 828 - 829 - hmac = crypto_alloc_shash(kctx->gk5e->cksum_name, 0, 0); 830 - if (IS_ERR(hmac)) { 831 - dprintk("%s: error %ld, allocating hash '%s'\n", 832 - __func__, PTR_ERR(hmac), kctx->gk5e->cksum_name); 833 - return PTR_ERR(hmac); 834 - } 835 - 836 - desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), 837 - GFP_NOFS); 838 - if (!desc) { 839 - dprintk("%s: failed to allocate shash descriptor for '%s'\n", 840 - __func__, kctx->gk5e->cksum_name); 841 - crypto_free_shash(hmac); 842 - return -ENOMEM; 843 - } 844 - 845 - desc->tfm = hmac; 846 - 847 - /* Compute intermediate Kseq from session key */ 848 - err = crypto_shash_setkey(hmac, kctx->Ksess, kctx->gk5e->keylength); 849 - if (err) 850 - goto out_err; 851 - 852 - err = crypto_shash_digest(desc, (u8 *)&zeroconstant, 4, Kseq); 853 - if (err) 854 - goto out_err; 855 - 856 - /* Compute final Kseq from the checksum and intermediate Kseq */ 857 - err = crypto_shash_setkey(hmac, Kseq, kctx->gk5e->keylength); 858 - if (err) 859 - goto out_err; 860 - 861 - err = crypto_shash_digest(desc, cksum, 8, Kseq); 862 - if (err) 863 - goto out_err; 864 - 865 - err = crypto_sync_skcipher_setkey(cipher, Kseq, kctx->gk5e->keylength); 866 - if (err) 867 - goto out_err; 868 - 869 - err = 0; 870 - 871 - out_err: 872 - kfree_sensitive(desc); 873 - crypto_free_shash(hmac); 874 - dprintk("%s: returning %d\n", __func__, err); 875 - return err; 876 - } 877 - 878 - /* 879 - * Compute Kcrypt given the initial session key and the plaintext seqnum. 880 - * Set the key of cipher kctx->enc. 881 - */ 882 - int 883 - krb5_rc4_setup_enc_key(struct krb5_ctx *kctx, 884 - struct crypto_sync_skcipher *cipher, 885 - s32 seqnum) 886 - { 887 - struct crypto_shash *hmac; 888 - struct shash_desc *desc; 889 - u8 Kcrypt[GSS_KRB5_MAX_KEYLEN]; 890 - u8 zeroconstant[4] = {0}; 891 - u8 seqnumarray[4]; 892 - int err, i; 893 - 894 - dprintk("%s: entered, seqnum %u\n", __func__, seqnum); 895 - 896 - hmac = crypto_alloc_shash(kctx->gk5e->cksum_name, 0, 0); 897 - if (IS_ERR(hmac)) { 898 - dprintk("%s: error %ld, allocating hash '%s'\n", 899 - __func__, PTR_ERR(hmac), kctx->gk5e->cksum_name); 900 - return PTR_ERR(hmac); 901 - } 902 - 903 - desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), 904 - GFP_NOFS); 905 - if (!desc) { 906 - dprintk("%s: failed to allocate shash descriptor for '%s'\n", 907 - __func__, kctx->gk5e->cksum_name); 908 - crypto_free_shash(hmac); 909 - return -ENOMEM; 910 - } 911 - 912 - desc->tfm = hmac; 913 - 914 - /* Compute intermediate Kcrypt from session key */ 915 - for (i = 0; i < kctx->gk5e->keylength; i++) 916 - Kcrypt[i] = kctx->Ksess[i] ^ 0xf0; 917 - 918 - err = crypto_shash_setkey(hmac, Kcrypt, kctx->gk5e->keylength); 919 - if (err) 920 - goto out_err; 921 - 922 - err = crypto_shash_digest(desc, zeroconstant, 4, Kcrypt); 923 - if (err) 924 - goto out_err; 925 - 926 - /* Compute final Kcrypt from the seqnum and intermediate Kcrypt */ 927 - err = crypto_shash_setkey(hmac, Kcrypt, kctx->gk5e->keylength); 928 - if (err) 929 - goto out_err; 930 - 931 - seqnumarray[0] = (unsigned char) ((seqnum >> 24) & 0xff); 932 - seqnumarray[1] = (unsigned char) ((seqnum >> 16) & 0xff); 933 - seqnumarray[2] = (unsigned char) ((seqnum >> 8) & 0xff); 934 - seqnumarray[3] = (unsigned char) ((seqnum >> 0) & 0xff); 935 - 936 - err = crypto_shash_digest(desc, seqnumarray, 4, Kcrypt); 937 - if (err) 938 - goto out_err; 939 - 940 - err = crypto_sync_skcipher_setkey(cipher, Kcrypt, 941 - kctx->gk5e->keylength); 942 - if (err) 943 - goto out_err; 944 - 945 - err = 0; 946 - 947 - out_err: 948 - kfree_sensitive(desc); 949 - crypto_free_shash(hmac); 950 - dprintk("%s: returning %d\n", __func__, err); 951 - return err; 952 944 }

-95

net/sunrpc/auth_gss/gss_krb5_mech.c

··· 52 52 }, 53 53 #endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 54 54 /* 55 - * RC4-HMAC 56 - */ 57 - { 58 - .etype = ENCTYPE_ARCFOUR_HMAC, 59 - .ctype = CKSUMTYPE_HMAC_MD5_ARCFOUR, 60 - .name = "rc4-hmac", 61 - .encrypt_name = "ecb(arc4)", 62 - .cksum_name = "hmac(md5)", 63 - .encrypt = krb5_encrypt, 64 - .decrypt = krb5_decrypt, 65 - .mk_key = NULL, 66 - .signalg = SGN_ALG_HMAC_MD5, 67 - .sealalg = SEAL_ALG_MICROSOFT_RC4, 68 - .keybytes = 16, 69 - .keylength = 16, 70 - .blocksize = 1, 71 - .conflen = 8, 72 - .cksumlength = 8, 73 - .keyed_cksum = 1, 74 - }, 75 - /* 76 55 * 3DES 77 56 */ 78 57 { ··· 380 401 return -EINVAL; 381 402 } 382 403 383 - /* 384 - * Note that RC4 depends on deriving keys using the sequence 385 - * number or the checksum of a token. Therefore, the final keys 386 - * cannot be calculated until the token is being constructed! 387 - */ 388 - static int 389 - context_derive_keys_rc4(struct krb5_ctx *ctx) 390 - { 391 - struct crypto_shash *hmac; 392 - char sigkeyconstant[] = "signaturekey"; 393 - int slen = strlen(sigkeyconstant) + 1; /* include null terminator */ 394 - struct shash_desc *desc; 395 - int err; 396 - 397 - dprintk("RPC: %s: entered\n", __func__); 398 - /* 399 - * derive cksum (aka Ksign) key 400 - */ 401 - hmac = crypto_alloc_shash(ctx->gk5e->cksum_name, 0, 0); 402 - if (IS_ERR(hmac)) { 403 - dprintk("%s: error %ld allocating hash '%s'\n", 404 - __func__, PTR_ERR(hmac), ctx->gk5e->cksum_name); 405 - err = PTR_ERR(hmac); 406 - goto out_err; 407 - } 408 - 409 - err = crypto_shash_setkey(hmac, ctx->Ksess, ctx->gk5e->keylength); 410 - if (err) 411 - goto out_err_free_hmac; 412 - 413 - 414 - desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac), GFP_NOFS); 415 - if (!desc) { 416 - dprintk("%s: failed to allocate hash descriptor for '%s'\n", 417 - __func__, ctx->gk5e->cksum_name); 418 - err = -ENOMEM; 419 - goto out_err_free_hmac; 420 - } 421 - 422 - desc->tfm = hmac; 423 - 424 - err = crypto_shash_digest(desc, sigkeyconstant, slen, ctx->cksum); 425 - kfree_sensitive(desc); 426 - if (err) 427 - goto out_err_free_hmac; 428 - /* 429 - * allocate hash, and skciphers for data and seqnum encryption 430 - */ 431 - ctx->enc = crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, 0, 0); 432 - if (IS_ERR(ctx->enc)) { 433 - err = PTR_ERR(ctx->enc); 434 - goto out_err_free_hmac; 435 - } 436 - 437 - ctx->seq = crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, 0, 0); 438 - if (IS_ERR(ctx->seq)) { 439 - crypto_free_sync_skcipher(ctx->enc); 440 - err = PTR_ERR(ctx->seq); 441 - goto out_err_free_hmac; 442 - } 443 - 444 - dprintk("RPC: %s: returning success\n", __func__); 445 - 446 - err = 0; 447 - 448 - out_err_free_hmac: 449 - crypto_free_shash(hmac); 450 - out_err: 451 - dprintk("RPC: %s: returning %d\n", __func__, err); 452 - return err; 453 - } 454 - 455 404 static int 456 405 context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask) 457 406 { ··· 556 649 switch (ctx->enctype) { 557 650 case ENCTYPE_DES3_CBC_RAW: 558 651 return context_derive_keys_des3(ctx, gfp_mask); 559 - case ENCTYPE_ARCFOUR_HMAC: 560 - return context_derive_keys_rc4(ctx); 561 652 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: 562 653 case ENCTYPE_AES256_CTS_HMAC_SHA1_96: 563 654 return context_derive_keys_new(ctx, gfp_mask);

-1

net/sunrpc/auth_gss/gss_krb5_seal.c

··· 214 214 BUG(); 215 215 case ENCTYPE_DES_CBC_RAW: 216 216 case ENCTYPE_DES3_CBC_RAW: 217 - case ENCTYPE_ARCFOUR_HMAC: 218 217 return gss_get_mic_v1(ctx, text, token); 219 218 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: 220 219 case ENCTYPE_AES256_CTS_HMAC_SHA1_96:

-87

net/sunrpc/auth_gss/gss_krb5_seqnum.c

··· 39 39 # define RPCDBG_FACILITY RPCDBG_AUTH 40 40 #endif 41 41 42 - static s32 43 - krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum, 44 - unsigned char *cksum, unsigned char *buf) 45 - { 46 - struct crypto_sync_skcipher *cipher; 47 - unsigned char *plain; 48 - s32 code; 49 - 50 - dprintk("RPC: %s:\n", __func__); 51 - cipher = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, 0, 0); 52 - if (IS_ERR(cipher)) 53 - return PTR_ERR(cipher); 54 - 55 - plain = kmalloc(8, GFP_NOFS); 56 - if (!plain) 57 - return -ENOMEM; 58 - 59 - plain[0] = (unsigned char) ((seqnum >> 24) & 0xff); 60 - plain[1] = (unsigned char) ((seqnum >> 16) & 0xff); 61 - plain[2] = (unsigned char) ((seqnum >> 8) & 0xff); 62 - plain[3] = (unsigned char) ((seqnum >> 0) & 0xff); 63 - plain[4] = direction; 64 - plain[5] = direction; 65 - plain[6] = direction; 66 - plain[7] = direction; 67 - 68 - code = krb5_rc4_setup_seq_key(kctx, cipher, cksum); 69 - if (code) 70 - goto out; 71 - 72 - code = krb5_encrypt(cipher, cksum, plain, buf, 8); 73 - out: 74 - kfree(plain); 75 - crypto_free_sync_skcipher(cipher); 76 - return code; 77 - } 78 42 s32 79 43 krb5_make_seq_num(struct krb5_ctx *kctx, 80 44 struct crypto_sync_skcipher *key, ··· 48 84 { 49 85 unsigned char *plain; 50 86 s32 code; 51 - 52 - if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) 53 - return krb5_make_rc4_seq_num(kctx, direction, seqnum, 54 - cksum, buf); 55 87 56 88 plain = kmalloc(8, GFP_NOFS); 57 89 if (!plain) ··· 68 108 return code; 69 109 } 70 110 71 - static s32 72 - krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum, 73 - unsigned char *buf, int *direction, s32 *seqnum) 74 - { 75 - struct crypto_sync_skcipher *cipher; 76 - unsigned char *plain; 77 - s32 code; 78 - 79 - dprintk("RPC: %s:\n", __func__); 80 - cipher = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, 0, 0); 81 - if (IS_ERR(cipher)) 82 - return PTR_ERR(cipher); 83 - 84 - code = krb5_rc4_setup_seq_key(kctx, cipher, cksum); 85 - if (code) 86 - goto out; 87 - 88 - plain = kmalloc(8, GFP_NOFS); 89 - if (!plain) { 90 - code = -ENOMEM; 91 - goto out; 92 - } 93 - 94 - code = krb5_decrypt(cipher, cksum, buf, plain, 8); 95 - if (code) 96 - goto out_plain; 97 - 98 - if ((plain[4] != plain[5]) || (plain[4] != plain[6]) 99 - || (plain[4] != plain[7])) { 100 - code = (s32)KG_BAD_SEQ; 101 - goto out_plain; 102 - } 103 - 104 - *direction = plain[4]; 105 - 106 - *seqnum = ((plain[0] << 24) | (plain[1] << 16) | 107 - (plain[2] << 8) | (plain[3])); 108 - out_plain: 109 - kfree(plain); 110 - out: 111 - crypto_free_sync_skcipher(cipher); 112 - return code; 113 - } 114 - 115 111 s32 116 112 krb5_get_seq_num(struct krb5_ctx *kctx, 117 113 unsigned char *cksum, ··· 80 164 81 165 dprintk("RPC: krb5_get_seq_num:\n"); 82 166 83 - if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) 84 - return krb5_get_rc4_seq_num(kctx, cksum, buf, 85 - direction, seqnum); 86 167 plain = kmalloc(8, GFP_NOFS); 87 168 if (!plain) 88 169 return -ENOMEM;

-1

net/sunrpc/auth_gss/gss_krb5_unseal.c

··· 218 218 BUG(); 219 219 case ENCTYPE_DES_CBC_RAW: 220 220 case ENCTYPE_DES3_CBC_RAW: 221 - case ENCTYPE_ARCFOUR_HMAC: 222 221 return gss_verify_mic_v1(ctx, message_buffer, read_token); 223 222 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: 224 223 case ENCTYPE_AES256_CTS_HMAC_SHA1_96:

+13 -52

net/sunrpc/auth_gss/gss_krb5_wrap.c

··· 236 236 seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))) 237 237 return GSS_S_FAILURE; 238 238 239 - if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) { 240 - struct crypto_sync_skcipher *cipher; 241 - int err; 242 - cipher = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, 243 - 0, 0); 244 - if (IS_ERR(cipher)) 245 - return GSS_S_FAILURE; 246 - 247 - krb5_rc4_setup_enc_key(kctx, cipher, seq_send); 248 - 249 - err = gss_encrypt_xdr_buf(cipher, buf, 250 - offset + headlen - conflen, pages); 251 - crypto_free_sync_skcipher(cipher); 252 - if (err) 253 - return GSS_S_FAILURE; 254 - } else { 255 - if (gss_encrypt_xdr_buf(kctx->enc, buf, 256 - offset + headlen - conflen, pages)) 257 - return GSS_S_FAILURE; 258 - } 239 + if (gss_encrypt_xdr_buf(kctx->enc, buf, 240 + offset + headlen - conflen, pages)) 241 + return GSS_S_FAILURE; 259 242 260 243 return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; 261 244 } ··· 299 316 crypt_offset = ptr + (GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength) - 300 317 (unsigned char *)buf->head[0].iov_base; 301 318 302 - /* 303 - * Need plaintext seqnum to derive encryption key for arcfour-hmac 304 - */ 305 - if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN, 306 - ptr + 8, &direction, &seqnum)) 307 - return GSS_S_BAD_SIG; 308 - 309 - if ((kctx->initiate && direction != 0xff) || 310 - (!kctx->initiate && direction != 0)) 311 - return GSS_S_BAD_SIG; 312 - 313 319 buf->len = len; 314 - if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) { 315 - struct crypto_sync_skcipher *cipher; 316 - int err; 317 - 318 - cipher = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, 319 - 0, 0); 320 - if (IS_ERR(cipher)) 321 - return GSS_S_FAILURE; 322 - 323 - krb5_rc4_setup_enc_key(kctx, cipher, seqnum); 324 - 325 - err = gss_decrypt_xdr_buf(cipher, buf, crypt_offset); 326 - crypto_free_sync_skcipher(cipher); 327 - if (err) 328 - return GSS_S_DEFECTIVE_TOKEN; 329 - } else { 330 - if (gss_decrypt_xdr_buf(kctx->enc, buf, crypt_offset)) 331 - return GSS_S_DEFECTIVE_TOKEN; 332 - } 320 + if (gss_decrypt_xdr_buf(kctx->enc, buf, crypt_offset)) 321 + return GSS_S_DEFECTIVE_TOKEN; 333 322 334 323 if (kctx->gk5e->keyed_cksum) 335 324 cksumkey = kctx->cksum; ··· 324 369 return GSS_S_CONTEXT_EXPIRED; 325 370 326 371 /* do sequencing checks */ 372 + 373 + if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN, 374 + ptr + 8, &direction, &seqnum)) 375 + return GSS_S_BAD_SIG; 376 + 377 + if ((kctx->initiate && direction != 0xff) || 378 + (!kctx->initiate && direction != 0)) 379 + return GSS_S_BAD_SIG; 327 380 328 381 /* Copy the data back to the right position. XXX: Would probably be 329 382 * better to copy and encrypt at the same time. */ ··· 568 605 BUG(); 569 606 case ENCTYPE_DES_CBC_RAW: 570 607 case ENCTYPE_DES3_CBC_RAW: 571 - case ENCTYPE_ARCFOUR_HMAC: 572 608 return gss_wrap_kerberos_v1(kctx, offset, buf, pages); 573 609 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: 574 610 case ENCTYPE_AES256_CTS_HMAC_SHA1_96: ··· 586 624 BUG(); 587 625 case ENCTYPE_DES_CBC_RAW: 588 626 case ENCTYPE_DES3_CBC_RAW: 589 - case ENCTYPE_ARCFOUR_HMAC: 590 627 return gss_unwrap_kerberos_v1(kctx, offset, len, buf, 591 628 &gctx->slack, &gctx->align); 592 629 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: