Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5fcd7f3f authored Feb 16, 2018 by Aurelien Aptel Committed by Steve French Apr 01, 2018

CIFS: add sha512 secmech



* prepare for SMB3.11 pre-auth integrity
* enable sha512 when SMB311 is enabled in Kconfig
* add sha512 as a soft dependency

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>

parent 82fb82be

fs/cifs/Kconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -189,6 +189,7 @@ config CIFS_NFSD_EXPORT
		config CIFS_SMB311
		bool "SMB3.1.1 network file system support (Experimental)"
		depends on CIFS
		select CRYPTO_SHA512

		help
		This enables experimental support for the newest, SMB3.1.1, dialect.

fs/cifs/cifsencrypt.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -829,6 +829,11 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
		server->secmech.md5 = NULL;
		}

		if (server->secmech.md5) {
		crypto_free_shash(server->secmech.sha512);
		server->secmech.sha512 = NULL;
		}

		if (server->secmech.hmacmd5) {
		crypto_free_shash(server->secmech.hmacmd5);
		server->secmech.hmacmd5 = NULL;
		@@ -852,4 +857,6 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
		server->secmech.sdeschmacmd5 = NULL;
		kfree(server->secmech.sdescmd5);
		server->secmech.sdescmd5 = NULL;
		kfree(server->secmech.sdescsha512);
		server->secmech.sdescsha512 = NULL;
		}

fs/cifs/cifsfs.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1486,6 +1486,7 @@ MODULE_SOFTDEP("pre: nls");
		MODULE_SOFTDEP("pre: aes");
		MODULE_SOFTDEP("pre: cmac");
		MODULE_SOFTDEP("pre: sha256");
		MODULE_SOFTDEP("pre: sha512");
		MODULE_SOFTDEP("pre: aead2");
		MODULE_SOFTDEP("pre: ccm");
		module_init(init_cifs)

fs/cifs/cifsglob.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -130,10 +130,12 @@ struct cifs_secmech {
		struct crypto_shash md5; / md5 hash function */
		struct crypto_shash hmacsha256; / hmac-sha256 hash function */
		struct crypto_shash cmacaes; / block-cipher based MAC function */
		struct crypto_shash sha512; / sha512 hash function */
		struct sdesc sdeschmacmd5; / ctxt to generate ntlmv2 hash, CR1 */
		struct sdesc sdescmd5; / ctxt to generate cifs/smb signature */
		struct sdesc sdeschmacsha256; / ctxt to generate smb2 signature */
		struct sdesc sdesccmacaes; / ctxt to generate smb3 signature */
		struct sdesc sdescsha512; / ctxt to generate smb3.11 signing key */
		struct crypto_aead ccmaesencrypt; / smb3 encryption aead */
		struct crypto_aead ccmaesdecrypt; / smb3 decryption aead */
		};

fs/cifs/smb2proto.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -202,4 +202,7 @@ extern int smb3_validate_negotiate(const unsigned int, struct cifs_tcon *);

		extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
		enum securityEnum);
		#ifdef CONFIG_CIFS_SMB311
		extern int smb311_crypto_shash_allocate(struct TCP_Server_Info *server);
		#endif
		#endif /* _SMB2PROTO_H */