fs: cifs: switch to RC4 library interface (97a5fee2) · Commits · 戴 / test

fs/cifs/Kconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -9,7 +9,7 @@ config CIFS
		select CRYPTO_SHA512
		select CRYPTO_CMAC
		select CRYPTO_HMAC
		select CRYPTO_ARC4
		select CRYPTO_LIB_ARC4
		select CRYPTO_AEAD2
		select CRYPTO_CCM
		select CRYPTO_ECB

fs/cifs/cifsencrypt.c

+16 −46

Original line number	Diff line number	Diff line
		@@ -33,7 +33,8 @@
		#include <linux/ctype.h>
		#include <linux/random.h>
		#include <linux/highmem.h>
		#include <crypto/skcipher.h>
		#include <linux/fips.h>
		#include <crypto/arc4.h>
		#include <crypto/aead.h>

		int __cifs_calc_signature(struct smb_rqst *rqst,
		@@ -772,63 +773,32 @@ setup_ntlmv2_rsp_ret:
		int
		calc_seckey(struct cifs_ses *ses)
		{
		int rc;
		struct crypto_skcipher *tfm_arc4;
		struct scatterlist sgin, sgout;
		struct skcipher_request *req;
		unsigned char *sec_key;
		unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
		struct arc4_ctx *ctx_arc4;

		sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
		if (sec_key == NULL)
		return -ENOMEM;
		if (fips_enabled)
		return -ENODEV;

		get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);

		tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
		if (IS_ERR(tfm_arc4)) {
		rc = PTR_ERR(tfm_arc4);
		cifs_dbg(VFS, "could not allocate crypto API arc4\n");
		goto out;
		}

		rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
		CIFS_SESS_KEY_SIZE);
		if (rc) {
		cifs_dbg(VFS, "%s: Could not set response as a key\n",
		__func__);
		goto out_free_cipher;
		}

		req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
		if (!req) {
		rc = -ENOMEM;
		cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
		goto out_free_cipher;
		ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
		if (!ctx_arc4) {
		cifs_dbg(VFS, "could not allocate arc4 context\n");
		return -ENOMEM;
		}

		sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
		sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);

		skcipher_request_set_callback(req, 0, NULL, NULL);
		skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL);

		rc = crypto_skcipher_encrypt(req);
		skcipher_request_free(req);
		if (rc) {
		cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
		goto out_free_cipher;
		}
		arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
		arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
		CIFS_CPHTXT_SIZE);

		/* make secondary_key/nonce as session key */
		memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
		/* and make len as that of session key only */
		ses->auth_key.len = CIFS_SESS_KEY_SIZE;

		out_free_cipher:
		crypto_free_skcipher(tfm_arc4);
		out:
		kfree(sec_key);
		return rc;
		memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
		kzfree(ctx_arc4);
		return 0;
		}

		void

fs/cifs/cifsfs.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -1590,7 +1590,6 @@ MODULE_DESCRIPTION
		("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
		"also older servers complying with the SNIA CIFS Specification)");
		MODULE_VERSION(CIFS_VERSION);
		MODULE_SOFTDEP("pre: arc4");
		MODULE_SOFTDEP("pre: des");
		MODULE_SOFTDEP("pre: ecb");
		MODULE_SOFTDEP("pre: hmac");

Admin message