From: David Howells <dhowells@redhat.com>
Cc: dhowells@redhat.com, Simon Horman <horms@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Chuck Lever <chuck.lever@oracle.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
"David S. Miller" <davem@davemloft.net>,
Marc Dionne <marc.dionne@auristor.com>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Biggers <ebiggers@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
linux-crypto@vger.kernel.org, linux-afs@lists.infradead.org,
linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm
Date: Mon, 20 Jan 2025 23:12:02 +0000 [thread overview]
Message-ID: <1434958.1737414722@warthog.procyon.org.uk> (raw)
In-Reply-To: <1201143.1737383111@warthog.procyon.org.uk>
David Howells <dhowells@redhat.com> wrote:
> > Sparse complains that the second argument to krb5enc_verify_hash should be
> > a pointer rather than an integer. So perhaps this would be slightly better
> > expressed as (completely untested!):
> >
> > err = krb5enc_verify_hash(req, NULL);
>
> Actually, no. It should be "ahreq->result + authsize" and
> krb5enc_verify_hash() shouldn't calculate ihash, but use its hash parameter.
Ah. That's wrong also. I'm going to drop the second parameter and just
calculate the hash pointers directly.
David
---
diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c
index 931387a8ee6f..e5cec47e7e42 100644
--- a/crypto/krb5enc.c
+++ b/crypto/krb5enc.c
@@ -230,7 +230,7 @@ static int krb5enc_encrypt(struct aead_request *req)
return krb5enc_dispatch_encrypt(req, aead_request_flags(req));
}
-static int krb5enc_verify_hash(struct aead_request *req, void *hash)
+static int krb5enc_verify_hash(struct aead_request *req)
{
struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
struct aead_instance *inst = aead_alg_instance(krb5enc);
@@ -238,11 +238,12 @@ static int krb5enc_verify_hash(struct aead_request *req, void *hash)
struct krb5enc_request_ctx *areq_ctx = aead_request_ctx(req);
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
unsigned int authsize = crypto_aead_authsize(krb5enc);
- u8 *ihash = ahreq->result + authsize;
+ u8 *calc_hash = areq_ctx->tail;
+ u8 *msg_hash = areq_ctx->tail + authsize;
- scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
+ scatterwalk_map_and_copy(msg_hash, req->src, ahreq->nbytes, authsize, 0);
- if (crypto_memneq(ihash, ahreq->result, authsize))
+ if (crypto_memneq(msg_hash, calc_hash, authsize))
return -EBADMSG;
return 0;
}
@@ -254,7 +255,7 @@ static void krb5enc_decrypt_hash_done(void *data, int err)
if (err)
return krb5enc_request_complete(req, err);
- err = krb5enc_verify_hash(req, 0);
+ err = krb5enc_verify_hash(req);
krb5enc_request_complete(req, err);
}
@@ -284,7 +285,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
if (err < 0)
return err;
- return krb5enc_verify_hash(req, hash);
+ return krb5enc_verify_hash(req);
}
/*
@@ -352,7 +353,7 @@ static int krb5enc_init_tfm(struct crypto_aead *tfm)
crypto_aead_set_reqsize(
tfm,
sizeof(struct krb5enc_request_ctx) +
- ictx->reqoff +
+ ictx->reqoff + /* Space for two checksums */
umax(sizeof(struct ahash_request) + crypto_ahash_reqsize(auth),
sizeof(struct skcipher_request) + crypto_skcipher_reqsize(enc)));
next prev parent reply other threads:[~2025-01-20 23:12 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-17 18:35 [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt David Howells
2025-01-17 18:35 ` [RFC PATCH 01/24] crypto/krb5: Add API Documentation David Howells
2025-01-17 18:35 ` [RFC PATCH 02/24] crypto/krb5: Add some constants out of sunrpc headers David Howells
2025-01-17 18:35 ` [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm David Howells
2025-01-20 13:57 ` Simon Horman
2025-01-20 14:25 ` David Howells
2025-01-20 17:39 ` Eric Biggers
2025-01-20 18:59 ` David Howells
2025-01-20 19:12 ` Eric Biggers
2025-01-20 20:18 ` David Howells
2025-01-20 20:47 ` Eric Biggers
2025-01-20 23:12 ` David Howells [this message]
2025-01-17 18:35 ` [RFC PATCH 04/24] crypto/krb5: Test manager data David Howells
2025-01-17 18:35 ` [RFC PATCH 05/24] crypto/krb5: Implement Kerberos crypto core David Howells
2025-01-17 18:35 ` [RFC PATCH 06/24] crypto/krb5: Add an API to query the layout of the crypto section David Howells
2025-01-17 18:35 ` [RFC PATCH 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object David Howells
2025-01-17 18:35 ` [RFC PATCH 08/24] crypto/krb5: Add an API to perform requests David Howells
2025-01-17 18:35 ` [RFC PATCH 09/24] crypto/krb5: Provide infrastructure and key derivation David Howells
2025-01-17 18:35 ` [RFC PATCH 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 " David Howells
2025-01-17 18:35 ` [RFC PATCH 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions David Howells
2025-01-17 18:35 ` [RFC PATCH 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions David Howells
2025-01-17 18:35 ` [RFC PATCH 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic David Howells
2025-01-17 18:35 ` [RFC PATCH 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 David Howells
2025-01-17 18:35 ` [RFC PATCH 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 David Howells
2025-01-17 18:35 ` [RFC PATCH 16/24] crypto/krb5: Implement the AES encrypt/decrypt " David Howells
2025-01-17 18:35 ` [RFC PATCH 17/24] crypto/krb5: Implement crypto self-testing David Howells
2025-01-17 18:35 ` [RFC PATCH 18/24] crypto/krb5: Add the AES self-testing data from rfc8009 David Howells
2025-01-17 18:35 ` [RFC PATCH 19/24] crypto/krb5: Implement the Camellia enctypes from rfc6803 David Howells
2025-01-17 18:35 ` [RFC PATCH 20/24] rxrpc: Add the security index for yfs-rxgk David Howells
2025-01-17 18:35 ` [RFC PATCH 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class David Howells
2025-01-17 18:35 ` [RFC PATCH 22/24] rxrpc: rxgk: Provide infrastructure and key derivation David Howells
2025-01-17 18:35 ` [RFC PATCH 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) David Howells
2025-01-17 18:35 ` [RFC PATCH 24/24] rxrpc: rxgk: Implement connection rekeying David Howells
2025-01-17 18:57 ` [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1434958.1737414722@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=ardb@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox