diff options
| author | Jeff Layton <jlayton@redhat.com> | 2011-10-11 06:41:32 -0400 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2011-10-13 00:41:41 -0400 |
| commit | 826a95e4a33f3e9bfa0d31ab769d5b01130f7111 (patch) | |
| tree | ca1345ef9b0887b1b2985e7fbbf19f80eb4a5e61 /fs/cifs/cifsencrypt.c | |
| parent | 376b43f41c8b9315f7efdf085d214b6024337381 (diff) | |
cifs: consolidate signature generating code
We have two versions of signature generating code. A vectorized and
non-vectorized version. Eliminate a large chunk of cut-and-paste
code by turning the non-vectorized version into a wrapper around the
vectorized one.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
| -rw-r--r-- | fs/cifs/cifsencrypt.c | 103 |
1 files changed, 21 insertions, 82 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 12f1c1263013..2cfb695d1f89 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
| @@ -37,83 +37,8 @@ | |||
| 37 | * the sequence number before this function is called. Also, this function | 37 | * the sequence number before this function is called. Also, this function |
| 38 | * should be called with the server->srv_mutex held. | 38 | * should be called with the server->srv_mutex held. |
| 39 | */ | 39 | */ |
| 40 | static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, | 40 | static int cifs_calc_signature(const struct kvec *iov, int n_vec, |
| 41 | struct TCP_Server_Info *server, char *signature) | 41 | struct TCP_Server_Info *server, char *signature) |
| 42 | { | ||
| 43 | int rc; | ||
| 44 | |||
| 45 | if (cifs_pdu == NULL || signature == NULL || server == NULL) | ||
| 46 | return -EINVAL; | ||
| 47 | |||
| 48 | if (!server->secmech.sdescmd5) { | ||
| 49 | cERROR(1, "%s: Can't generate signature\n", __func__); | ||
| 50 | return -1; | ||
| 51 | } | ||
| 52 | |||
| 53 | rc = crypto_shash_init(&server->secmech.sdescmd5->shash); | ||
| 54 | if (rc) { | ||
| 55 | cERROR(1, "%s: Could not init md5\n", __func__); | ||
| 56 | return rc; | ||
| 57 | } | ||
| 58 | |||
| 59 | rc = crypto_shash_update(&server->secmech.sdescmd5->shash, | ||
| 60 | server->session_key.response, server->session_key.len); | ||
| 61 | if (rc) { | ||
| 62 | cERROR(1, "%s: Could not update with response\n", __func__); | ||
| 63 | return rc; | ||
| 64 | } | ||
| 65 | |||
| 66 | rc = crypto_shash_update(&server->secmech.sdescmd5->shash, | ||
| 67 | cifs_pdu->Protocol, be32_to_cpu(cifs_pdu->smb_buf_length)); | ||
| 68 | if (rc) { | ||
| 69 | cERROR(1, "%s: Could not update with payload\n", __func__); | ||
| 70 | return rc; | ||
| 71 | } | ||
| 72 | |||
| 73 | rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); | ||
| 74 | if (rc) | ||
| 75 | cERROR(1, "%s: Could not generate md5 hash\n", __func__); | ||
| 76 | |||
| 77 | return rc; | ||
| 78 | } | ||
| 79 | |||
| 80 | /* must be called with server->srv_mutex held */ | ||
| 81 | int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, | ||
| 82 | __u32 *pexpected_response_sequence_number) | ||
| 83 | { | ||
| 84 | int rc = 0; | ||
| 85 | char smb_signature[20]; | ||
| 86 | |||
| 87 | if ((cifs_pdu == NULL) || (server == NULL)) | ||
| 88 | return -EINVAL; | ||
| 89 | |||
| 90 | if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || | ||
| 91 | server->tcpStatus == CifsNeedNegotiate) | ||
| 92 | return rc; | ||
| 93 | |||
| 94 | if (!server->session_estab) { | ||
| 95 | memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); | ||
| 96 | return rc; | ||
| 97 | } | ||
| 98 | |||
| 99 | cifs_pdu->Signature.Sequence.SequenceNumber = | ||
| 100 | cpu_to_le32(server->sequence_number); | ||
| 101 | cifs_pdu->Signature.Sequence.Reserved = 0; | ||
| 102 | |||
| 103 | *pexpected_response_sequence_number = server->sequence_number++; | ||
| 104 | server->sequence_number++; | ||
| 105 | |||
| 106 | rc = cifs_calculate_signature(cifs_pdu, server, smb_signature); | ||
| 107 | if (rc) | ||
| 108 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); | ||
| 109 | else | ||
| 110 | memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); | ||
| 111 | |||
| 112 | return rc; | ||
| 113 | } | ||
| 114 | |||
| 115 | static int cifs_calc_signature2(const struct kvec *iov, int n_vec, | ||
| 116 | struct TCP_Server_Info *server, char *signature) | ||
| 117 | { | 42 | { |
| 118 | int i; | 43 | int i; |
| 119 | int rc; | 44 | int rc; |
| @@ -179,7 +104,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
| 179 | { | 104 | { |
| 180 | int rc = 0; | 105 | int rc = 0; |
| 181 | char smb_signature[20]; | 106 | char smb_signature[20]; |
| 182 | struct smb_hdr *cifs_pdu = iov[0].iov_base; | 107 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)iov[0].iov_base; |
| 183 | 108 | ||
| 184 | if ((cifs_pdu == NULL) || (server == NULL)) | 109 | if ((cifs_pdu == NULL) || (server == NULL)) |
| 185 | return -EINVAL; | 110 | return -EINVAL; |
| @@ -200,7 +125,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
| 200 | *pexpected_response_sequence_number = server->sequence_number++; | 125 | *pexpected_response_sequence_number = server->sequence_number++; |
| 201 | server->sequence_number++; | 126 | server->sequence_number++; |
| 202 | 127 | ||
| 203 | rc = cifs_calc_signature2(iov, n_vec, server, smb_signature); | 128 | rc = cifs_calc_signature(iov, n_vec, server, smb_signature); |
| 204 | if (rc) | 129 | if (rc) |
| 205 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); | 130 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
| 206 | else | 131 | else |
| @@ -209,13 +134,27 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
| 209 | return rc; | 134 | return rc; |
| 210 | } | 135 | } |
| 211 | 136 | ||
| 212 | int cifs_verify_signature(struct smb_hdr *cifs_pdu, | 137 | /* must be called with server->srv_mutex held */ |
| 138 | int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, | ||
| 139 | __u32 *pexpected_response_sequence_number) | ||
| 140 | { | ||
| 141 | struct kvec iov; | ||
| 142 | |||
| 143 | iov.iov_base = cifs_pdu; | ||
| 144 | iov.iov_len = be32_to_cpu(cifs_pdu->smb_buf_length) + 4; | ||
| 145 | |||
| 146 | return cifs_sign_smb2(&iov, 1, server, | ||
| 147 | pexpected_response_sequence_number); | ||
| 148 | } | ||
| 149 | |||
| 150 | int cifs_verify_signature(struct kvec *iov, unsigned int nr_iov, | ||
| 213 | struct TCP_Server_Info *server, | 151 | struct TCP_Server_Info *server, |
| 214 | __u32 expected_sequence_number) | 152 | __u32 expected_sequence_number) |
| 215 | { | 153 | { |
| 216 | unsigned int rc; | 154 | unsigned int rc; |
| 217 | char server_response_sig[8]; | 155 | char server_response_sig[8]; |
| 218 | char what_we_think_sig_should_be[20]; | 156 | char what_we_think_sig_should_be[20]; |
| 157 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)iov[0].iov_base; | ||
| 219 | 158 | ||
| 220 | if (cifs_pdu == NULL || server == NULL) | 159 | if (cifs_pdu == NULL || server == NULL) |
| 221 | return -EINVAL; | 160 | return -EINVAL; |
| @@ -247,8 +186,8 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, | |||
| 247 | cifs_pdu->Signature.Sequence.Reserved = 0; | 186 | cifs_pdu->Signature.Sequence.Reserved = 0; |
| 248 | 187 | ||
| 249 | mutex_lock(&server->srv_mutex); | 188 | mutex_lock(&server->srv_mutex); |
| 250 | rc = cifs_calculate_signature(cifs_pdu, server, | 189 | rc = cifs_calc_signature(iov, nr_iov, server, |
| 251 | what_we_think_sig_should_be); | 190 | what_we_think_sig_should_be); |
| 252 | mutex_unlock(&server->srv_mutex); | 191 | mutex_unlock(&server->srv_mutex); |
| 253 | 192 | ||
| 254 | if (rc) | 193 | if (rc) |