Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 026e93dc authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French
Browse files

CIFS: Encrypt SMB3 requests before sending



This change allows to encrypt packets if it is required by a server
for SMB sessions or tree connections.

Signed-off-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
parent cabfb368
Loading
Loading
Loading
Loading
+2 −0
Original line number Original line Diff line number Diff line
@@ -174,6 +174,8 @@ config CIFS_SMB2
	select CRYPTO_AES
	select CRYPTO_AES
	select CRYPTO_SHA256
	select CRYPTO_SHA256
	select CRYPTO_CMAC
	select CRYPTO_CMAC
	select CRYPTO_AEAD2
	select CRYPTO_CCM


	help
	help
	  This enables support for the Server Message Block version 2
	  This enables support for the Server Message Block version 2
+12 −1
Original line number Original line Diff line number Diff line
@@ -34,6 +34,7 @@
#include <linux/random.h>
#include <linux/random.h>
#include <linux/highmem.h>
#include <linux/highmem.h>
#include <crypto/skcipher.h>
#include <crypto/skcipher.h>
#include <crypto/aead.h>


static int
static int
cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
@@ -874,7 +875,7 @@ calc_seckey(struct cifs_ses *ses)
}
}


void
void
cifs_crypto_shash_release(struct TCP_Server_Info *server)
cifs_crypto_secmech_release(struct TCP_Server_Info *server)
{
{
	if (server->secmech.cmacaes) {
	if (server->secmech.cmacaes) {
		crypto_free_shash(server->secmech.cmacaes);
		crypto_free_shash(server->secmech.cmacaes);
@@ -896,6 +897,16 @@ cifs_crypto_shash_release(struct TCP_Server_Info *server)
		server->secmech.hmacmd5 = NULL;
		server->secmech.hmacmd5 = NULL;
	}
	}


	if (server->secmech.ccmaesencrypt) {
		crypto_free_aead(server->secmech.ccmaesencrypt);
		server->secmech.ccmaesencrypt = NULL;
	}

	if (server->secmech.ccmaesdecrypt) {
		crypto_free_aead(server->secmech.ccmaesdecrypt);
		server->secmech.ccmaesdecrypt = NULL;
	}

	kfree(server->secmech.sdesccmacaes);
	kfree(server->secmech.sdesccmacaes);
	server->secmech.sdesccmacaes = NULL;
	server->secmech.sdesccmacaes = NULL;
	kfree(server->secmech.sdeschmacsha256);
	kfree(server->secmech.sdeschmacsha256);
+2 −0
Original line number Original line Diff line number Diff line
@@ -1376,6 +1376,8 @@ MODULE_SOFTDEP("pre: nls");
MODULE_SOFTDEP("pre: aes");
MODULE_SOFTDEP("pre: aes");
MODULE_SOFTDEP("pre: cmac");
MODULE_SOFTDEP("pre: cmac");
MODULE_SOFTDEP("pre: sha256");
MODULE_SOFTDEP("pre: sha256");
MODULE_SOFTDEP("pre: aead2");
MODULE_SOFTDEP("pre: ccm");
#endif /* CONFIG_CIFS_SMB2 */
#endif /* CONFIG_CIFS_SMB2 */
module_init(init_cifs)
module_init(init_cifs)
module_exit(exit_cifs)
module_exit(exit_cifs)
+2 −0
Original line number Original line Diff line number Diff line
@@ -136,6 +136,8 @@ struct cifs_secmech {
	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */
	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */
	struct sdesc *sdesccmacaes;  /* ctxt to generate smb3 signature */
	struct sdesc *sdesccmacaes;  /* ctxt to generate smb3 signature */
	struct crypto_aead *ccmaesencrypt; /* smb3 encryption aead */
	struct crypto_aead *ccmaesdecrypt; /* smb3 decryption aead */
};
};


/* per smb session structure/fields */
/* per smb session structure/fields */
+1 −1
Original line number Original line Diff line number Diff line
@@ -445,7 +445,7 @@ extern int SMBNTencrypt(unsigned char *, unsigned char *, unsigned char *,
			const struct nls_table *);
			const struct nls_table *);
extern int setup_ntlm_response(struct cifs_ses *, const struct nls_table *);
extern int setup_ntlm_response(struct cifs_ses *, const struct nls_table *);
extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *);
extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *);
extern void cifs_crypto_shash_release(struct TCP_Server_Info *);
extern void cifs_crypto_secmech_release(struct TCP_Server_Info *server);
extern int calc_seckey(struct cifs_ses *);
extern int calc_seckey(struct cifs_ses *);
extern int generate_smb30signingkey(struct cifs_ses *);
extern int generate_smb30signingkey(struct cifs_ses *);
extern int generate_smb311signingkey(struct cifs_ses *);
extern int generate_smb311signingkey(struct cifs_ses *);
Loading