aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsencrypt.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2012-10-09 18:35:22 -0400
committerJ. Bruce Fields <bfields@redhat.com>2012-10-09 18:35:22 -0400
commitf474af7051212b4efc8267583fad9c4ebf33ccff (patch)
tree1aa46ebc8065a341f247c2a2d9af2f624ad1d4f8 /fs/cifs/cifsencrypt.c
parent0d22f68f02c10d5d10ec5712917e5828b001a822 (diff)
parente3dd9a52cb5552c46c2a4ca7ccdfb4dab5c72457 (diff)
nfs: disintegrate UAPI for nfs
This is to complete part of the Userspace API (UAPI) disintegration for which the preparatory patches were pulled recently. After these patches, userspace headers will be segregated into: include/uapi/linux/.../foo.h for the userspace interface stuff, and: include/linux/.../foo.h for the strictly kernel internal stuff. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
-rw-r--r--fs/cifs/cifsencrypt.c67
1 files changed, 58 insertions, 9 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 6a0d741159f0..652f5051be09 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -29,6 +29,7 @@
29#include "ntlmssp.h" 29#include "ntlmssp.h"
30#include <linux/ctype.h> 30#include <linux/ctype.h>
31#include <linux/random.h> 31#include <linux/random.h>
32#include <linux/highmem.h>
32 33
33/* 34/*
34 * Calculate and return the CIFS signature based on the mac key and SMB PDU. 35 * Calculate and return the CIFS signature based on the mac key and SMB PDU.
@@ -37,11 +38,13 @@
37 * the sequence number before this function is called. Also, this function 38 * the sequence number before this function is called. Also, this function
38 * should be called with the server->srv_mutex held. 39 * should be called with the server->srv_mutex held.
39 */ 40 */
40static int cifs_calc_signature(const struct kvec *iov, int n_vec, 41static int cifs_calc_signature(struct smb_rqst *rqst,
41 struct TCP_Server_Info *server, char *signature) 42 struct TCP_Server_Info *server, char *signature)
42{ 43{
43 int i; 44 int i;
44 int rc; 45 int rc;
46 struct kvec *iov = rqst->rq_iov;
47 int n_vec = rqst->rq_nvec;
45 48
46 if (iov == NULL || signature == NULL || server == NULL) 49 if (iov == NULL || signature == NULL || server == NULL)
47 return -EINVAL; 50 return -EINVAL;
@@ -91,6 +94,16 @@ static int cifs_calc_signature(const struct kvec *iov, int n_vec,
91 } 94 }
92 } 95 }
93 96
97 /* now hash over the rq_pages array */
98 for (i = 0; i < rqst->rq_npages; i++) {
99 struct kvec p_iov;
100
101 cifs_rqst_page_to_kvec(rqst, i, &p_iov);
102 crypto_shash_update(&server->secmech.sdescmd5->shash,
103 p_iov.iov_base, p_iov.iov_len);
104 kunmap(rqst->rq_pages[i]);
105 }
106
94 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); 107 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature);
95 if (rc) 108 if (rc)
96 cERROR(1, "%s: Could not generate md5 hash", __func__); 109 cERROR(1, "%s: Could not generate md5 hash", __func__);
@@ -99,12 +112,12 @@ static int cifs_calc_signature(const struct kvec *iov, int n_vec,
99} 112}
100 113
101/* must be called with server->srv_mutex held */ 114/* must be called with server->srv_mutex held */
102int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, 115int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server,
103 __u32 *pexpected_response_sequence_number) 116 __u32 *pexpected_response_sequence_number)
104{ 117{
105 int rc = 0; 118 int rc = 0;
106 char smb_signature[20]; 119 char smb_signature[20];
107 struct smb_hdr *cifs_pdu = (struct smb_hdr *)iov[0].iov_base; 120 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
108 121
109 if ((cifs_pdu == NULL) || (server == NULL)) 122 if ((cifs_pdu == NULL) || (server == NULL))
110 return -EINVAL; 123 return -EINVAL;
@@ -125,7 +138,7 @@ int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
125 *pexpected_response_sequence_number = server->sequence_number++; 138 *pexpected_response_sequence_number = server->sequence_number++;
126 server->sequence_number++; 139 server->sequence_number++;
127 140
128 rc = cifs_calc_signature(iov, n_vec, server, smb_signature); 141 rc = cifs_calc_signature(rqst, server, smb_signature);
129 if (rc) 142 if (rc)
130 memset(cifs_pdu->Signature.SecuritySignature, 0, 8); 143 memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
131 else 144 else
@@ -134,6 +147,15 @@ int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
134 return rc; 147 return rc;
135} 148}
136 149
150int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
151 __u32 *pexpected_response_sequence)
152{
153 struct smb_rqst rqst = { .rq_iov = iov,
154 .rq_nvec = n_vec };
155
156 return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
157}
158
137/* must be called with server->srv_mutex held */ 159/* must be called with server->srv_mutex held */
138int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, 160int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
139 __u32 *pexpected_response_sequence_number) 161 __u32 *pexpected_response_sequence_number)
@@ -147,14 +169,14 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
147 pexpected_response_sequence_number); 169 pexpected_response_sequence_number);
148} 170}
149 171
150int cifs_verify_signature(struct kvec *iov, unsigned int nr_iov, 172int cifs_verify_signature(struct smb_rqst *rqst,
151 struct TCP_Server_Info *server, 173 struct TCP_Server_Info *server,
152 __u32 expected_sequence_number) 174 __u32 expected_sequence_number)
153{ 175{
154 unsigned int rc; 176 unsigned int rc;
155 char server_response_sig[8]; 177 char server_response_sig[8];
156 char what_we_think_sig_should_be[20]; 178 char what_we_think_sig_should_be[20];
157 struct smb_hdr *cifs_pdu = (struct smb_hdr *)iov[0].iov_base; 179 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
158 180
159 if (cifs_pdu == NULL || server == NULL) 181 if (cifs_pdu == NULL || server == NULL)
160 return -EINVAL; 182 return -EINVAL;
@@ -186,8 +208,7 @@ int cifs_verify_signature(struct kvec *iov, unsigned int nr_iov,
186 cifs_pdu->Signature.Sequence.Reserved = 0; 208 cifs_pdu->Signature.Sequence.Reserved = 0;
187 209
188 mutex_lock(&server->srv_mutex); 210 mutex_lock(&server->srv_mutex);
189 rc = cifs_calc_signature(iov, nr_iov, server, 211 rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
190 what_we_think_sig_should_be);
191 mutex_unlock(&server->srv_mutex); 212 mutex_unlock(&server->srv_mutex);
192 213
193 if (rc) 214 if (rc)
@@ -686,12 +707,17 @@ calc_seckey(struct cifs_ses *ses)
686void 707void
687cifs_crypto_shash_release(struct TCP_Server_Info *server) 708cifs_crypto_shash_release(struct TCP_Server_Info *server)
688{ 709{
710 if (server->secmech.hmacsha256)
711 crypto_free_shash(server->secmech.hmacsha256);
712
689 if (server->secmech.md5) 713 if (server->secmech.md5)
690 crypto_free_shash(server->secmech.md5); 714 crypto_free_shash(server->secmech.md5);
691 715
692 if (server->secmech.hmacmd5) 716 if (server->secmech.hmacmd5)
693 crypto_free_shash(server->secmech.hmacmd5); 717 crypto_free_shash(server->secmech.hmacmd5);
694 718
719 kfree(server->secmech.sdeschmacsha256);
720
695 kfree(server->secmech.sdeschmacmd5); 721 kfree(server->secmech.sdeschmacmd5);
696 722
697 kfree(server->secmech.sdescmd5); 723 kfree(server->secmech.sdescmd5);
@@ -716,6 +742,13 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
716 goto crypto_allocate_md5_fail; 742 goto crypto_allocate_md5_fail;
717 } 743 }
718 744
745 server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
746 if (IS_ERR(server->secmech.hmacsha256)) {
747 cERROR(1, "could not allocate crypto hmacsha256\n");
748 rc = PTR_ERR(server->secmech.hmacsha256);
749 goto crypto_allocate_hmacsha256_fail;
750 }
751
719 size = sizeof(struct shash_desc) + 752 size = sizeof(struct shash_desc) +
720 crypto_shash_descsize(server->secmech.hmacmd5); 753 crypto_shash_descsize(server->secmech.hmacmd5);
721 server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL); 754 server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
@@ -727,7 +760,6 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
727 server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5; 760 server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
728 server->secmech.sdeschmacmd5->shash.flags = 0x0; 761 server->secmech.sdeschmacmd5->shash.flags = 0x0;
729 762
730
731 size = sizeof(struct shash_desc) + 763 size = sizeof(struct shash_desc) +
732 crypto_shash_descsize(server->secmech.md5); 764 crypto_shash_descsize(server->secmech.md5);
733 server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL); 765 server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
@@ -739,12 +771,29 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
739 server->secmech.sdescmd5->shash.tfm = server->secmech.md5; 771 server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
740 server->secmech.sdescmd5->shash.flags = 0x0; 772 server->secmech.sdescmd5->shash.flags = 0x0;
741 773
774 size = sizeof(struct shash_desc) +
775 crypto_shash_descsize(server->secmech.hmacsha256);
776 server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
777 if (!server->secmech.sdeschmacsha256) {
778 cERROR(1, "%s: Can't alloc hmacsha256\n", __func__);
779 rc = -ENOMEM;
780 goto crypto_allocate_hmacsha256_sdesc_fail;
781 }
782 server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
783 server->secmech.sdeschmacsha256->shash.flags = 0x0;
784
742 return 0; 785 return 0;
743 786
787crypto_allocate_hmacsha256_sdesc_fail:
788 kfree(server->secmech.sdescmd5);
789
744crypto_allocate_md5_sdesc_fail: 790crypto_allocate_md5_sdesc_fail:
745 kfree(server->secmech.sdeschmacmd5); 791 kfree(server->secmech.sdeschmacmd5);
746 792
747crypto_allocate_hmacmd5_sdesc_fail: 793crypto_allocate_hmacmd5_sdesc_fail:
794 crypto_free_shash(server->secmech.hmacsha256);
795
796crypto_allocate_hmacsha256_fail:
748 crypto_free_shash(server->secmech.md5); 797 crypto_free_shash(server->secmech.md5);
749 798
750crypto_allocate_md5_fail: 799crypto_allocate_md5_fail:
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-06 13:35:09 -0500