SUNRPC: Remove dead rpcsec_gss_krb5 definitions

The migration to crypto/krb5 eliminated the per-enctype
function dispatch and direct crypto API usage, leaving
behind a number of orphaned definitions.

Remove the following from gss_krb5.h:

 - GSS_KRB5_K5CLENGTH, used only by removed key derivation
 - KG_TOK_MIC_MSG and KG_TOK_WRAP_MSG (Kerberos v1 token
   types; v1 support was dropped earlier)
 - KG2_TOK_INITIAL and KG2_TOK_RESPONSE (context
   establishment token types; no remaining users)
 - KG2_RESP_FLAG_ERROR and KG2_RESP_FLAG_DELEG_OK
 - enum sgn_alg and enum seal_alg (v1 algorithm constants)
 - All CKSUMTYPE_* definitions, now duplicated by
   KRB5_CKSUMTYPE_* in <crypto/krb5.h>
 - The KG_ error constants from gssapi_err_krb5.h, which
   have no remaining users
 - The ENCTYPE_* constant block, replaced by KRB5_ENCTYPE_*
   from <crypto/krb5.h>
 - KG_USAGE_SEAL/SIGN/SEQ (3DES usage constants)
 - KEY_USAGE_SEED_CHECKSUM/ENCRYPTION/INTEGRITY, duplicated
   by <crypto/krb5.h>
 - #include <crypto/skcipher.h>, no longer needed

Remove the cksum[] field from struct krb5_ctx in
gss_krb5_internal.h; no code reads or writes it after the
key derivation removal.

Switch gss_krb5_enctypes[] in gss_krb5_mech.c to the
canonical KRB5_ENCTYPE_* names from <crypto/krb5.h>.

Remove stale #include directives:
 - <crypto/skcipher.h> from gss_krb5_wrap.c
 - <linux/random.h> and <linux/crypto.h> from
   gss_krb5_seal.c

Assisted-by: Claude:claude-opus-4-6
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 43950b5237c852e099f4bcdd2f3699dd0c44e41e..1cd452ed1db5e6858f847737bfa42ee96d669057 100644 (file)
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -37,13 +37,9 @@
 #ifndef _LINUX_SUNRPC_GSS_KRB5_H
 #define _LINUX_SUNRPC_GSS_KRB5_H
 
-#include <crypto/skcipher.h>
 #include <linux/sunrpc/auth_gss.h>
 #include <linux/sunrpc/gss_err.h>
 
-/* Length of constant used in key derivation */
-#define GSS_KRB5_K5CLENGTH (5)
-
 /* Maximum key length (in bytes) for the supported crypto algorithms */
 #define GSS_KRB5_MAX_KEYLEN (32)
 
@@ -56,11 +52,6 @@
 /* The length of the Kerberos GSS token header */
 #define GSS_KRB5_TOK_HDR_LEN   (16)
 
-#define KG_TOK_MIC_MSG    0x0101
-#define KG_TOK_WRAP_MSG   0x0201
-
-#define KG2_TOK_INITIAL     0x0101
-#define KG2_TOK_RESPONSE    0x0202
 #define KG2_TOK_MIC         0x0404
 #define KG2_TOK_WRAP        0x0504
 
@@ -68,102 +59,6 @@
 #define KG2_TOKEN_FLAG_SEALED           0x02
 #define KG2_TOKEN_FLAG_ACCEPTORSUBKEY   0x04
 
-#define KG2_RESP_FLAG_ERROR             0x0001
-#define KG2_RESP_FLAG_DELEG_OK          0x0002
-
-enum sgn_alg {
-       SGN_ALG_DES_MAC_MD5 = 0x0000,
-       SGN_ALG_MD2_5 = 0x0001,
-       SGN_ALG_DES_MAC = 0x0002,
-       SGN_ALG_3 = 0x0003,             /* not published */
-       SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
-};
-enum seal_alg {
-       SEAL_ALG_NONE = 0xffff,
-       SEAL_ALG_DES = 0x0000,
-       SEAL_ALG_1 = 0x0001,            /* not published */
-       SEAL_ALG_DES3KD = 0x0002
-};
-
-/*
- * These values are assigned by IANA and published via the
- * subregistry at the link below:
- *
- * https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-2
- */
-#define CKSUMTYPE_CRC32                        0x0001
-#define CKSUMTYPE_RSA_MD4              0x0002
-#define CKSUMTYPE_RSA_MD4_DES          0x0003
-#define CKSUMTYPE_DESCBC               0x0004
-#define CKSUMTYPE_RSA_MD5              0x0007
-#define CKSUMTYPE_RSA_MD5_DES          0x0008
-#define CKSUMTYPE_NIST_SHA             0x0009
-#define CKSUMTYPE_HMAC_SHA1_DES3       0x000c
-#define CKSUMTYPE_HMAC_SHA1_96_AES128   0x000f
-#define CKSUMTYPE_HMAC_SHA1_96_AES256   0x0010
-#define CKSUMTYPE_CMAC_CAMELLIA128     0x0011
-#define CKSUMTYPE_CMAC_CAMELLIA256     0x0012
-#define CKSUMTYPE_HMAC_SHA256_128_AES128       0x0013
-#define CKSUMTYPE_HMAC_SHA384_192_AES256       0x0014
-#define CKSUMTYPE_HMAC_MD5_ARCFOUR      -138 /* Microsoft md5 hmac cksumtype */
-
-/* from gssapi_err_krb5.h */
-#define KG_CCACHE_NOMATCH                        (39756032L)
-#define KG_KEYTAB_NOMATCH                        (39756033L)
-#define KG_TGT_MISSING                           (39756034L)
-#define KG_NO_SUBKEY                             (39756035L)
-#define KG_CONTEXT_ESTABLISHED                   (39756036L)
-#define KG_BAD_SIGN_TYPE                         (39756037L)
-#define KG_BAD_LENGTH                            (39756038L)
-#define KG_CTX_INCOMPLETE                        (39756039L)
-#define KG_CONTEXT                               (39756040L)
-#define KG_CRED                                  (39756041L)
-#define KG_ENC_DESC                              (39756042L)
-#define KG_BAD_SEQ                               (39756043L)
-#define KG_EMPTY_CCACHE                          (39756044L)
-#define KG_NO_CTYPES                             (39756045L)
-
-/* per Kerberos v5 protocol spec crypto types from the wire. 
- * these get mapped to linux kernel crypto routines.  
- *
- * These values are assigned by IANA and published via the
- * subregistry at the link below:
- *
- * https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1
- */
-#define ENCTYPE_NULL            0x0000
-#define ENCTYPE_DES_CBC_CRC     0x0001 /* DES cbc mode with CRC-32 */
-#define ENCTYPE_DES_CBC_MD4     0x0002 /* DES cbc mode with RSA-MD4 */
-#define ENCTYPE_DES_CBC_MD5     0x0003 /* DES cbc mode with RSA-MD5 */
-#define ENCTYPE_DES_CBC_RAW     0x0004 /* DES cbc mode raw */
-/* XXX deprecated? */
-#define ENCTYPE_DES3_CBC_SHA    0x0005 /* DES-3 cbc mode with NIST-SHA */
-#define ENCTYPE_DES3_CBC_RAW    0x0006 /* DES-3 cbc mode raw */
-#define ENCTYPE_DES_HMAC_SHA1   0x0008
-#define ENCTYPE_DES3_CBC_SHA1   0x0010
-#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
-#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
-#define ENCTYPE_AES128_CTS_HMAC_SHA256_128     0x0013
-#define ENCTYPE_AES256_CTS_HMAC_SHA384_192     0x0014
-#define ENCTYPE_ARCFOUR_HMAC            0x0017
-#define ENCTYPE_ARCFOUR_HMAC_EXP        0x0018
-#define ENCTYPE_CAMELLIA128_CTS_CMAC   0x0019
-#define ENCTYPE_CAMELLIA256_CTS_CMAC   0x001A
-#define ENCTYPE_UNKNOWN         0x01ff
-
-/*
- * Constants used for key derivation
- */
-/* for 3DES */
-#define KG_USAGE_SEAL (22)
-#define KG_USAGE_SIGN (23)
-#define KG_USAGE_SEQ  (24)
-
-/* from rfc3961 */
-#define KEY_USAGE_SEED_CHECKSUM         (0x99)
-#define KEY_USAGE_SEED_ENCRYPTION       (0xAA)
-#define KEY_USAGE_SEED_INTEGRITY        (0x55)
-
 /* from rfc4121 */
 #define KG_USAGE_ACCEPTOR_SEAL  (22)
 #define KG_USAGE_ACCEPTOR_SIGN  (23)

diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h
index 208f9df9ea96dc36a9d9eca3b7e36330341006b5..3b392e96f25d66245fd87e1e5e75a2c10acba29d 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_internal.h
+++ b/net/sunrpc/auth_gss/gss_krb5_internal.h
@@ -26,7 +26,6 @@ struct krb5_ctx {
        struct crypto_shash     *initiator_sign_shash;
        struct crypto_shash     *acceptor_sign_shash;
        u8                      Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
-       u8                      cksum[GSS_KRB5_MAX_KEYLEN];
        atomic64_t              seq_send64;
        time64_t                endtime;
        struct xdr_netobj       mech_used;

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 996e452b9b3ceb97afde1fd1b42eb371de5c1e2d..c41b5f3e17890d5b02d5cabef56810f4be4e98cf 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -33,12 +33,12 @@ static struct gss_api_mech gss_kerberos_mech;
  * enctypes that crypto/krb5 supports are advertised.
  */
 static const u32 gss_krb5_enctypes[] = {
-       ENCTYPE_AES256_CTS_HMAC_SHA384_192,
-       ENCTYPE_AES128_CTS_HMAC_SHA256_128,
-       ENCTYPE_CAMELLIA256_CTS_CMAC,
-       ENCTYPE_CAMELLIA128_CTS_CMAC,
-       ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-       ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+       KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+       KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+       KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC,
+       KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC,
+       KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+       KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
 };
 
 static char gss_krb5_enctype_priority_list[64];

diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 66c1793370294d6c5f96eaaec0eb9911420038a5..cfe066e89f236c809c77c261e698c54e8cceb10a 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -61,8 +61,6 @@
 #include <linux/types.h>
 #include <linux/jiffies.h>
 #include <linux/sunrpc/gss_krb5.h>
-#include <linux/random.h>
-#include <linux/crypto.h>
 #include <linux/atomic.h>
 #include <linux/scatterlist.h>
 #include <linux/slab.h>

diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 93aa7500d0320b2460487994ba2d75fec136c691..ac4b32df42b965ded3bf74f0e35269141411a82e 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -28,7 +28,6 @@
  * SUCH DAMAGES.
  */
 
-#include <crypto/skcipher.h>
 #include <linux/types.h>
 #include <linux/jiffies.h>
 #include <linux/sunrpc/gss_krb5.h>