CIFS: Encrypt SMB3 requests before sending (026e93dc) · Commits · e / devices / android_kernel_fairphone_FP4

fs/cifs/Kconfig

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -174,6 +174,8 @@ config CIFS_SMB2
	select CRYPTO_AES		select CRYPTO_AES
	select CRYPTO_SHA256		select CRYPTO_SHA256
	select CRYPTO_CMAC		select CRYPTO_CMAC
			select CRYPTO_AEAD2
			select CRYPTO_CCM

	help		help
	This enables support for the Server Message Block version 2		This enables support for the Server Message Block version 2

+12 −1

Original line number	Original line	Diff line number	Diff line
	@@ -34,6 +34,7 @@
	#include <linux/random.h>		#include <linux/random.h>
	#include <linux/highmem.h>		#include <linux/highmem.h>
	#include <crypto/skcipher.h>		#include <crypto/skcipher.h>
			#include <crypto/aead.h>

	static int		static int
	cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)		cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
	@@ -874,7 +875,7 @@ calc_seckey(struct cifs_ses *ses)
	}		}

	void		void
	cifs_crypto_shash_release(struct TCP_Server_Info *server)		cifs_crypto_secmech_release(struct TCP_Server_Info *server)
	{		{
	if (server->secmech.cmacaes) {		if (server->secmech.cmacaes) {
	crypto_free_shash(server->secmech.cmacaes);		crypto_free_shash(server->secmech.cmacaes);
	@@ -896,6 +897,16 @@ cifs_crypto_shash_release(struct TCP_Server_Info *server)
	server->secmech.hmacmd5 = NULL;		server->secmech.hmacmd5 = NULL;
	}		}

			if (server->secmech.ccmaesencrypt) {
			crypto_free_aead(server->secmech.ccmaesencrypt);
			server->secmech.ccmaesencrypt = NULL;
			}

			if (server->secmech.ccmaesdecrypt) {
			crypto_free_aead(server->secmech.ccmaesdecrypt);
			server->secmech.ccmaesdecrypt = NULL;
			}

	kfree(server->secmech.sdesccmacaes);		kfree(server->secmech.sdesccmacaes);
	server->secmech.sdesccmacaes = NULL;		server->secmech.sdesccmacaes = NULL;
	kfree(server->secmech.sdeschmacsha256);		kfree(server->secmech.sdeschmacsha256);

+2 −0

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -136,6 +136,8 @@ struct cifs_secmech {
	struct sdesc sdescmd5; / ctxt to generate cifs/smb signature */		struct sdesc sdescmd5; / ctxt to generate cifs/smb signature */
	struct sdesc sdeschmacsha256; / ctxt to generate smb2 signature */		struct sdesc sdeschmacsha256; / ctxt to generate smb2 signature */
	struct sdesc sdesccmacaes; / ctxt to generate smb3 signature */		struct sdesc sdesccmacaes; / ctxt to generate smb3 signature */
			struct crypto_aead ccmaesencrypt; / smb3 encryption aead */
			struct crypto_aead ccmaesdecrypt; / smb3 decryption aead */
	};		};

	/* per smb session structure/fields */		/* per smb session structure/fields */

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -445,7 +445,7 @@ extern int SMBNTencrypt(unsigned char , unsigned char , unsigned char *,
	const struct nls_table *);		const struct nls_table *);
	extern int setup_ntlm_response(struct cifs_ses , const struct nls_table );		extern int setup_ntlm_response(struct cifs_ses , const struct nls_table );
	extern int setup_ntlmv2_rsp(struct cifs_ses , const struct nls_table );		extern int setup_ntlmv2_rsp(struct cifs_ses , const struct nls_table );
	extern void cifs_crypto_shash_release(struct TCP_Server_Info *);		extern void cifs_crypto_secmech_release(struct TCP_Server_Info *server);
	extern int calc_seckey(struct cifs_ses *);		extern int calc_seckey(struct cifs_ses *);
	extern int generate_smb30signingkey(struct cifs_ses *);		extern int generate_smb30signingkey(struct cifs_ses *);
	extern int generate_smb311signingkey(struct cifs_ses *);		extern int generate_smb311signingkey(struct cifs_ses *);