From: David Howells <dhowells@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
Chuck Lever <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
"David S. Miller" <davem@davemloft.net>,
Marc Dionne <marc.dionne@auristor.com>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
linux-crypto@vger.kernel.org, linux-afs@lists.infradead.org,
linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RFC PATCH 19/24] crypto/krb5: Implement the Camellia enctypes from rfc6803
Date: Fri, 17 Jan 2025 18:35:28 +0000 [thread overview]
Message-ID: <20250117183538.881618-20-dhowells@redhat.com> (raw)
In-Reply-To: <20250117183538.881618-1-dhowells@redhat.com>
Implement the camellia128-cts-cmac and camellia256-cts-cmac enctypes from
rfc6803.
Note that the test vectors in rfc6803 for encryption are incomplete,
lacking the key usage number needed to derive Ke and Ki, and there are
errata for this:
https://www.rfc-editor.org/errata_search.php?rfc=6803
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: "David S. Miller" <davem@davemloft.net>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: linux-nfs@vger.kernel.org
cc: linux-crypto@vger.kernel.org
cc: netdev@vger.kernel.org
---
crypto/krb5/Kconfig | 2 +
crypto/krb5/Makefile | 1 +
crypto/krb5/internal.h | 6 +
crypto/krb5/krb5_api.c | 2 +
crypto/krb5/rfc6803_camellia.c | 237 +++++++++++++++++++++++++++++++++
crypto/krb5/selftest_data.c | 135 +++++++++++++++++++
include/crypto/krb5.h | 4 +
7 files changed, 387 insertions(+)
create mode 100644 crypto/krb5/rfc6803_camellia.c
diff --git a/crypto/krb5/Kconfig b/crypto/krb5/Kconfig
index 82d7e3b55878..4d0476e13f3c 100644
--- a/crypto/krb5/Kconfig
+++ b/crypto/krb5/Kconfig
@@ -6,12 +6,14 @@ config CRYPTO_KRB5
select CRYPTO_SKCIPHER
select CRYPTO_HASH_INFO
select CRYPTO_HMAC
+ select CRYPTO_CMAC
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
select CRYPTO_CBC
select CRYPTO_CTS
select CRYPTO_AES
+ select CRYPTO_CAMELLIA
help
Provide a library for provision of Kerberos-5-based crypto. This is
intended for network filesystems to use.
diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile
index 1ad327227744..d38890c0b247 100644
--- a/crypto/krb5/Makefile
+++ b/crypto/krb5/Makefile
@@ -8,6 +8,7 @@ krb5-y += \
krb5_api.o \
rfc3961_simplified.o \
rfc3962_aes.o \
+ rfc6803_camellia.o \
rfc8009_aes2.o
krb5-$(CONFIG_CRYPTO_KRB5_SELFTESTS) += \
diff --git a/crypto/krb5/internal.h b/crypto/krb5/internal.h
index a40f120b4954..0a7ecd800416 100644
--- a/crypto/krb5/internal.h
+++ b/crypto/krb5/internal.h
@@ -217,6 +217,12 @@ int rfc3961_verify_mic(const struct krb5_enctype *krb5,
extern const struct krb5_enctype krb5_aes128_cts_hmac_sha1_96;
extern const struct krb5_enctype krb5_aes256_cts_hmac_sha1_96;
+/*
+ * rfc6803_camellia.c
+ */
+extern const struct krb5_enctype krb5_camellia128_cts_cmac;
+extern const struct krb5_enctype krb5_camellia256_cts_cmac;
+
/*
* rfc8009_aes2.c
*/
diff --git a/crypto/krb5/krb5_api.c b/crypto/krb5/krb5_api.c
index 8c2949ac9c07..23026d4206c8 100644
--- a/crypto/krb5/krb5_api.c
+++ b/crypto/krb5/krb5_api.c
@@ -21,6 +21,8 @@ static const struct krb5_enctype *const krb5_supported_enctypes[] = {
&krb5_aes256_cts_hmac_sha1_96,
&krb5_aes128_cts_hmac_sha256_128,
&krb5_aes256_cts_hmac_sha384_192,
+ &krb5_camellia128_cts_cmac,
+ &krb5_camellia256_cts_cmac,
};
/**
diff --git a/crypto/krb5/rfc6803_camellia.c b/crypto/krb5/rfc6803_camellia.c
new file mode 100644
index 000000000000..c2895d2d60ed
--- /dev/null
+++ b/crypto/krb5/rfc6803_camellia.c
@@ -0,0 +1,237 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* rfc6803 Camellia Encryption for Kerberos 5
+ *
+ * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/slab.h>
+#include "internal.h"
+
+/*
+ * Calculate the key derivation function KDF-FEEDBACK_CMAC(key, constant)
+ *
+ * n = ceiling(k / 128)
+ * K(0) = zeros
+ * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k)
+ * DR(key, constant) = k-truncate(K(1) | K(2) | ... | K(n))
+ * KDF-FEEDBACK-CMAC(key, constant) = random-to-key(DR(key, constant))
+ *
+ * [rfc6803 sec 3]
+ */
+static int rfc6803_calc_KDF_FEEDBACK_CMAC(const struct krb5_enctype *krb5,
+ const struct krb5_buffer *key,
+ const struct krb5_buffer *constant,
+ struct krb5_buffer *result,
+ gfp_t gfp)
+{
+ struct crypto_shash *shash;
+ struct krb5_buffer K, data;
+ struct shash_desc *desc;
+ __be32 tmp;
+ size_t bsize, offset, seg;
+ void *buffer;
+ u32 i = 0, k = result->len * 8;
+ u8 *p;
+ int ret = -ENOMEM;
+
+ shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
+ if (IS_ERR(shash))
+ return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
+ ret = crypto_shash_setkey(shash, key->data, key->len);
+ if (ret < 0)
+ goto error_shash;
+
+ ret = -ENOMEM;
+ K.len = crypto_shash_digestsize(shash);
+ data.len = K.len + 4 + constant->len + 1 + 4;
+ bsize = krb5_shash_size(shash) +
+ krb5_digest_size(shash) +
+ crypto_roundup(K.len) +
+ crypto_roundup(data.len);
+ buffer = kzalloc(bsize, GFP_NOFS);
+ if (!buffer)
+ goto error_shash;
+
+ desc = buffer;
+ desc->tfm = shash;
+
+ K.data = buffer +
+ krb5_shash_size(shash) +
+ krb5_digest_size(shash);
+ data.data = buffer +
+ krb5_shash_size(shash) +
+ krb5_digest_size(shash) +
+ crypto_roundup(K.len);
+
+ p = data.data + K.len + 4;
+ memcpy(p, constant->data, constant->len);
+ p += constant->len;
+ *p++ = 0x00;
+ tmp = htonl(k);
+ memcpy(p, &tmp, 4);
+ p += 4;
+
+ ret = -EINVAL;
+ if (WARN_ON(p - (u8 *)data.data != data.len))
+ goto error;
+
+ offset = 0;
+ do {
+ i++;
+ p = data.data;
+ memcpy(p, K.data, K.len);
+ p += K.len;
+ *(__be32 *)p = htonl(i);
+
+ ret = crypto_shash_init(desc);
+ if (ret < 0)
+ goto error;
+ ret = crypto_shash_finup(desc, data.data, data.len, K.data);
+ if (ret < 0)
+ goto error;
+
+ seg = min_t(size_t, result->len - offset, K.len);
+ memcpy(result->data + offset, K.data, seg);
+ offset += seg;
+ } while (offset < result->len);
+
+error:
+ kfree_sensitive(buffer);
+error_shash:
+ crypto_free_shash(shash);
+ return ret;
+}
+
+/*
+ * Calculate the pseudo-random function, PRF().
+ *
+ * Kp = KDF-FEEDBACK-CMAC(protocol-key, "prf")
+ * PRF = CMAC(Kp, octet-string)
+ * [rfc6803 sec 6]
+ */
+static int rfc6803_calc_PRF(const struct krb5_enctype *krb5,
+ const struct krb5_buffer *protocol_key,
+ const struct krb5_buffer *octet_string,
+ struct krb5_buffer *result,
+ gfp_t gfp)
+{
+ static const struct krb5_buffer prfconstant = { 3, "prf" };
+ struct crypto_shash *shash;
+ struct krb5_buffer Kp;
+ struct shash_desc *desc;
+ size_t bsize;
+ void *buffer;
+ int ret;
+
+ Kp.len = krb5->prf_len;
+
+ shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
+ if (IS_ERR(shash))
+ return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
+
+ ret = -EINVAL;
+ if (result->len != crypto_shash_digestsize(shash))
+ goto out_shash;
+
+ ret = -ENOMEM;
+ bsize = krb5_shash_size(shash) +
+ krb5_digest_size(shash) +
+ crypto_roundup(Kp.len);
+ buffer = kzalloc(bsize, GFP_NOFS);
+ if (!buffer)
+ goto out_shash;
+
+ Kp.data = buffer +
+ krb5_shash_size(shash) +
+ krb5_digest_size(shash);
+
+ ret = rfc6803_calc_KDF_FEEDBACK_CMAC(krb5, protocol_key, &prfconstant,
+ &Kp, gfp);
+ if (ret < 0)
+ goto out;
+
+ ret = crypto_shash_setkey(shash, Kp.data, Kp.len);
+ if (ret < 0)
+ goto out;
+
+ desc = buffer;
+ desc->tfm = shash;
+ ret = crypto_shash_init(desc);
+ if (ret < 0)
+ goto out;
+
+ ret = crypto_shash_finup(desc, octet_string->data, octet_string->len, result->data);
+ if (ret < 0)
+ goto out;
+
+out:
+ kfree_sensitive(buffer);
+out_shash:
+ crypto_free_shash(shash);
+ return ret;
+}
+
+
+static const struct krb5_crypto_profile rfc6803_crypto_profile = {
+ .calc_PRF = rfc6803_calc_PRF,
+ .calc_Kc = rfc6803_calc_KDF_FEEDBACK_CMAC,
+ .calc_Ke = rfc6803_calc_KDF_FEEDBACK_CMAC,
+ .calc_Ki = rfc6803_calc_KDF_FEEDBACK_CMAC,
+ .derive_encrypt_keys = krb5enc_derive_encrypt_keys,
+ .load_encrypt_keys = krb5enc_load_encrypt_keys,
+ .derive_checksum_key = rfc3961_derive_checksum_key,
+ .load_checksum_key = rfc3961_load_checksum_key,
+ .encrypt = krb5_aead_encrypt,
+ .decrypt = krb5_aead_decrypt,
+ .get_mic = rfc3961_get_mic,
+ .verify_mic = rfc3961_verify_mic,
+};
+
+const struct krb5_enctype krb5_camellia128_cts_cmac = {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .ctype = KRB5_CKSUMTYPE_CMAC_CAMELLIA128,
+ .name = "camellia128-cts-cmac",
+ .encrypt_name = "krb5enc(cmac(camellia),cts(cbc(camellia)))",
+ .cksum_name = "cmac(camellia)",
+ .hash_name = NULL,
+ .derivation_enc = "cts(cbc(camellia))",
+ .key_bytes = 16,
+ .key_len = 16,
+ .Kc_len = 16,
+ .Ke_len = 16,
+ .Ki_len = 16,
+ .block_len = 16,
+ .conf_len = 16,
+ .cksum_len = 16,
+ .hash_len = 16,
+ .prf_len = 16,
+ .keyed_cksum = true,
+ .random_to_key = NULL, /* Identity */
+ .profile = &rfc6803_crypto_profile,
+};
+
+const struct krb5_enctype krb5_camellia256_cts_cmac = {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .ctype = KRB5_CKSUMTYPE_CMAC_CAMELLIA256,
+ .name = "camellia256-cts-cmac",
+ .encrypt_name = "krb5enc(cmac(camellia),cts(cbc(camellia)))",
+ .cksum_name = "cmac(camellia)",
+ .hash_name = NULL,
+ .derivation_enc = "cts(cbc(camellia))",
+ .key_bytes = 32,
+ .key_len = 32,
+ .Kc_len = 32,
+ .Ke_len = 32,
+ .Ki_len = 32,
+ .block_len = 16,
+ .conf_len = 16,
+ .cksum_len = 16,
+ .hash_len = 16,
+ .prf_len = 16,
+ .keyed_cksum = true,
+ .random_to_key = NULL, /* Identity */
+ .profile = &rfc6803_crypto_profile,
+};
diff --git a/crypto/krb5/selftest_data.c b/crypto/krb5/selftest_data.c
index 3a5563d57280..24447ee8bf07 100644
--- a/crypto/krb5/selftest_data.c
+++ b/crypto/krb5/selftest_data.c
@@ -58,6 +58,29 @@ const struct krb5_key_test krb5_key_tests[] = {
.Ki.use = 0x00000002,
.Ki.key = "69B16514E3CD8E56B82010D5C73012B622C4D00FFC23ED1F",
},
+ /* rfc6803 sec 10 */
+ {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "key",
+ .key = "57D0297298FFD9D35DE5A47FB4BDE24B",
+ .Kc.use = 0x00000002,
+ .Kc.key = "D155775A209D05F02B38D42A389E5A56",
+ .Ke.use = 0x00000002,
+ .Ke.key = "64DF83F85A532F17577D8C37035796AB",
+ .Ki.use = 0x00000002,
+ .Ki.key = "3E4FBDF30FB8259C425CB6C96F1F4635",
+ },
+ {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "key",
+ .key = "B9D6828B2056B7BE656D88A123B1FAC68214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ .Kc.use = 0x00000002,
+ .Kc.key = "E467F9A9552BC7D3155A6220AF9C19220EEED4FF78B0D1E6A1544991461A9E50",
+ .Ke.use = 0x00000002,
+ .Ke.key = "412AEFC362A7285FC3966C6A5181E7605AE675235B6D549FBFC9AB6630A4C604",
+ .Ki.use = 0x00000002,
+ .Ki.key = "FA624FA0E523993FA388AEFDC67E67EBCD8C08E8A0246B1D73B0D1DD9FC582B0",
+ },
{/* END */}
};
@@ -131,6 +154,88 @@ const struct krb5_enc_test krb5_enc_tests[] = {
.Ki = "69B16514E3CD8E56B82010D5C73012B622C4D00FFC23ED1F",
.ct = "40013E2DF58E8751957D2878BCD2D6FE101CCFD556CB1EAE79DB3C3EE86429F2B2A602AC86FEF6ECB647D6295FAE077A1FEB517508D2C16B4192E01F62",
},
+ /* rfc6803 sec 10 */
+ {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "enc no plain",
+ .plain = "",
+ .conf = "B69822A19A6B09C0EBC8557D1F1B6C0A",
+ .K0 = "1DC46A8D763F4F93742BCBA3387576C3",
+ .usage = 0,
+ .ct = "C466F1871069921EDB7C6FDE244A52DB0BA10EDC197BDB8006658CA3CCCE6EB8",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "enc 1 plain",
+ .plain = "'1",
+ .conf = "6F2FC3C2A166FD8898967A83DE9596D9",
+ .K0 = "5027BC231D0F3A9D23333F1CA6FDBE7C",
+ .usage = 1,
+ .ct = "842D21FD950311C0DD464A3F4BE8D6DA88A56D559C9B47D3F9A85067AF661559B8",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "enc 9 plain",
+ .plain = "'9 bytesss",
+ .conf = "A5B4A71E077AEEF93C8763C18FDB1F10",
+ .K0 = "A1BB61E805F9BA6DDE8FDBDDC05CDEA0",
+ .usage = 2,
+ .ct = "619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901758CCF9D1ED33D71DB8F23AABF8348A0",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "enc 13 plain",
+ .plain = "'13 bytes byte",
+ .conf = "19FEE40D810C524B5B22F01874C693DA",
+ .K0 = "2CA27A5FAF5532244506434E1CEF6676",
+ .usage = 3,
+ .ct = "B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D640D8615C9ED3FBEB05AB6ACB67689B5EA",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "enc 30 plain",
+ .plain = "'30 bytes bytes bytes bytes byt",
+ .conf = "CA7A7AB4BE192DABD603506DB19C39E2",
+ .K0 = "7824F8C16F83FF354C6BF7515B973F43",
+ .usage = 4,
+ .ct = "A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587CBA4356665591D2240282F5842B105A5",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "enc no plain",
+ .plain = "",
+ .conf = "3CBBD2B45917941067F96599BB98926C",
+ .K0 = "B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B",
+ .usage = 0,
+ .ct = "03886D03310B47A6D8F06D7B94D1DD837ECCE315EF652AFF620859D94A259266",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "enc 1 plain",
+ .plain = "'1",
+ .conf = "DEF487FCEBE6DE6346D4DA4521BBA2D2",
+ .K0 = "1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833",
+ .usage = 1,
+ .ct = "2C9C1570133C99BF6A34BC1B0212002FD194338749DB4135497A347CFCD9D18A12",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "enc 9 plain",
+ .plain = "'9 bytesss",
+ .conf = "AD4FF904D34E555384B14100FC465F88",
+ .K0 = "32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05",
+ .usage = 2,
+ .ct = "9C6DE75F812DE7ED0D28B2963557A115640998275B0AF5152709913FF52A2A9C8E63B872F92E64C839",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "enc 13 plain",
+ .plain = "'13 bytes byte",
+ .conf = "CF9BCA6DF1144E0C0AF9B8F34C90D514",
+ .K0 = "B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715",
+ .usage = 3,
+ .ct = "EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA324CA185C9986B42AABE794B84821BEE",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "enc 30 plain",
+ .plain = "'30 bytes bytes bytes bytes byt",
+ .conf = "644DEF38DA35007275878D216855E228",
+ .K0 = "CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7",
+ .usage = 4,
+ .ct = "0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6C6845731AC7F46376A0504CD06571474",
+ },
{/* END */}
};
@@ -152,5 +257,35 @@ const struct krb5_mic_test krb5_mic_tests[] = {
.Kc = "EF5718BE86CC84963D8BBB5031E9F5C4BA41F28FAF69E73D",
.mic = "45EE791567EEFCA37F4AC1E0222DE80D43C3BFA06699672A",
},
+ /* rfc6803 sec 10 */
+ {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "mic abc",
+ .plain = "'abcdefghijk",
+ .K0 = "1DC46A8D763F4F93742BCBA3387576C3",
+ .usage = 7,
+ .mic = "1178E6C5C47A8C1AE0C4B9C7D4EB7B6B",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+ .name = "mic ABC",
+ .plain = "'ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ .K0 = "5027BC231D0F3A9D23333F1CA6FDBE7C",
+ .usage = 8,
+ .mic = "D1B34F7004A731F23A0C00BF6C3F753A",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "mic 123",
+ .plain = "'123456789",
+ .K0 = "B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B",
+ .usage = 9,
+ .mic = "87A12CFD2B96214810F01C826E7744B1",
+ }, {
+ .etype = KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+ .name = "mic !@#",
+ .plain = "'!@#$%^&*()!@#$%^&*()!@#$%^&*()",
+ .K0 = "32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05",
+ .usage = 10,
+ .mic = "3FA0B42355E52B189187294AA252AB64",
+ },
{/* END */}
};
diff --git a/include/crypto/krb5.h b/include/crypto/krb5.h
index 6921785688bf..b337494ccb31 100644
--- a/include/crypto/krb5.h
+++ b/include/crypto/krb5.h
@@ -35,6 +35,8 @@ struct scatterlist;
#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014
#define KRB5_ENCTYPE_ARCFOUR_HMAC 0x0017
#define KRB5_ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
+#define KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019
+#define KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a
#define KRB5_ENCTYPE_UNKNOWN 0x01ff
#define KRB5_CKSUMTYPE_CRC32 0x0001
@@ -47,6 +49,8 @@ struct scatterlist;
#define KRB5_CKSUMTYPE_HMAC_SHA1_DES3 0x000c
#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define KRB5_CKSUMTYPE_CMAC_CAMELLIA128 0x0011
+#define KRB5_CKSUMTYPE_CMAC_CAMELLIA256 0x0012
#define KRB5_CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013
#define KRB5_CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014
#define KRB5_CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */
next prev parent reply other threads:[~2025-01-17 18:37 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-17 18:35 [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt David Howells
2025-01-17 18:35 ` [RFC PATCH 01/24] crypto/krb5: Add API Documentation David Howells
2025-01-17 18:35 ` [RFC PATCH 02/24] crypto/krb5: Add some constants out of sunrpc headers David Howells
2025-01-17 18:35 ` [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm David Howells
2025-01-20 13:57 ` Simon Horman
2025-01-20 14:25 ` David Howells
2025-01-20 17:39 ` Eric Biggers
2025-01-20 18:59 ` David Howells
2025-01-20 19:12 ` Eric Biggers
2025-01-20 20:18 ` David Howells
2025-01-20 20:47 ` Eric Biggers
2025-01-20 23:12 ` David Howells
2025-01-17 18:35 ` [RFC PATCH 04/24] crypto/krb5: Test manager data David Howells
2025-01-17 18:35 ` [RFC PATCH 05/24] crypto/krb5: Implement Kerberos crypto core David Howells
2025-01-17 18:35 ` [RFC PATCH 06/24] crypto/krb5: Add an API to query the layout of the crypto section David Howells
2025-01-17 18:35 ` [RFC PATCH 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object David Howells
2025-01-17 18:35 ` [RFC PATCH 08/24] crypto/krb5: Add an API to perform requests David Howells
2025-01-17 18:35 ` [RFC PATCH 09/24] crypto/krb5: Provide infrastructure and key derivation David Howells
2025-01-17 18:35 ` [RFC PATCH 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 " David Howells
2025-01-17 18:35 ` [RFC PATCH 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions David Howells
2025-01-17 18:35 ` [RFC PATCH 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions David Howells
2025-01-17 18:35 ` [RFC PATCH 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic David Howells
2025-01-17 18:35 ` [RFC PATCH 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 David Howells
2025-01-17 18:35 ` [RFC PATCH 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 David Howells
2025-01-17 18:35 ` [RFC PATCH 16/24] crypto/krb5: Implement the AES encrypt/decrypt " David Howells
2025-01-17 18:35 ` [RFC PATCH 17/24] crypto/krb5: Implement crypto self-testing David Howells
2025-01-17 18:35 ` [RFC PATCH 18/24] crypto/krb5: Add the AES self-testing data from rfc8009 David Howells
2025-01-17 18:35 ` David Howells [this message]
2025-01-17 18:35 ` [RFC PATCH 20/24] rxrpc: Add the security index for yfs-rxgk David Howells
2025-01-17 18:35 ` [RFC PATCH 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class David Howells
2025-01-17 18:35 ` [RFC PATCH 22/24] rxrpc: rxgk: Provide infrastructure and key derivation David Howells
2025-01-17 18:35 ` [RFC PATCH 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) David Howells
2025-01-17 18:35 ` [RFC PATCH 24/24] rxrpc: rxgk: Implement connection rekeying David Howells
2025-01-17 18:57 ` [RFC PATCH 00/24] crypto: Add generic Kerberos library with AEAD template for hash-then-crypt Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250117183538.881618-20-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=ardb@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox