| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201204154626.GA26255@fieldses.org>
Date: Fri, 4 Dec 2020 10:46:26 -0500
From: Bruce Fields <bfields@...ldses.org>
To: David Howells <dhowells@...hat.com>
Cc: Chuck Lever <chuck.lever@...cle.com>,
CIFS <linux-cifs@...r.kernel.org>,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Trond Myklebust <trond.myklebust@...merspace.com>,
linux-crypto@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-afs@...ts.infradead.org
Subject: Re: Why the auxiliary cipher in gss_krb5_crypto.c?
On Fri, Dec 04, 2020 at 02:59:35PM +0000, David Howells wrote:
> Hi Chuck, Bruce,
>
> Why is gss_krb5_crypto.c using an auxiliary cipher? For reference, the
> gss_krb5_aes_encrypt() code looks like the attached.
>
> >From what I can tell, in AES mode, the difference between the main cipher and
> the auxiliary cipher is that the latter is "cbc(aes)" whereas the former is
> "cts(cbc(aes))" - but they have the same key.
>
> Reading up on CTS, I'm guessing the reason it's like this is that CTS is the
> same as the non-CTS, except for the last two blocks, but the non-CTS one is
> more efficient.
CTS is cipher-text stealing, isn't it? I think it was Kevin Coffman
that did that, and I don't remember the history. I thought it was
required by some spec or peer implementation (maybe Windows?) but I
really don't remember. It may predate git. I'll dig around and see
what I can find.
--b.
>
> David
> ---
> nbytes = buf->len - offset - GSS_KRB5_TOK_HDR_LEN;
> nblocks = (nbytes + blocksize - 1) / blocksize;
> cbcbytes = 0;
> if (nblocks > 2)
> cbcbytes = (nblocks - 2) * blocksize;
>
> memset(desc.iv, 0, sizeof(desc.iv));
>
> if (cbcbytes) {
> SYNC_SKCIPHER_REQUEST_ON_STACK(req, aux_cipher);
>
> desc.pos = offset + GSS_KRB5_TOK_HDR_LEN;
> desc.fragno = 0;
> desc.fraglen = 0;
> desc.pages = pages;
> desc.outbuf = buf;
> desc.req = req;
>
> skcipher_request_set_sync_tfm(req, aux_cipher);
> skcipher_request_set_callback(req, 0, NULL, NULL);
>
> sg_init_table(desc.infrags, 4);
> sg_init_table(desc.outfrags, 4);
>
> err = xdr_process_buf(buf, offset + GSS_KRB5_TOK_HDR_LEN,
> cbcbytes, encryptor, &desc);
> skcipher_request_zero(req);
> if (err)
> goto out_err;
> }
>
> /* Make sure IV carries forward from any CBC results. */
> err = gss_krb5_cts_crypt(cipher, buf,
> offset + GSS_KRB5_TOK_HDR_LEN + cbcbytes,
> desc.iv, pages, 1);
> if (err) {
> err = GSS_S_FAILURE;
> goto out_err;
> }
Powered by blists - more mailing lists