Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c1bf7e4 authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French
Browse files

CIFS: Enable signing in SMB2 



Use hmac-sha256 and rather than hmac-md5 that is used for CIFS/SMB.

Signature field in SMB2 header is 16 bytes instead of 8 bytes.

Automatically enable signing by client when requested by the server
when signing ability is available to the client.

Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
Signed-off-by: default avatarPavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 009d3443

fs/cifs/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ config CIFS 
	select CRYPTO_ARC4

	select CRYPTO_ECB

	select CRYPTO_DES

	select CRYPTO_SHA256

	help

	  This is the client VFS module for the Common Internet File System

	  (CIFS) protocol which is the successor to the Server Message Block

fs/cifs/cifsencrypt.c

+29 −1
Original line number Diff line number Diff line
@@ -686,12 +686,17 @@ calc_seckey(struct cifs_ses *ses) 
void

cifs_crypto_shash_release(struct TCP_Server_Info *server)

{

	if (server->secmech.hmacsha256)

		crypto_free_shash(server->secmech.hmacsha256);



	if (server->secmech.md5)

		crypto_free_shash(server->secmech.md5);



	if (server->secmech.hmacmd5)

		crypto_free_shash(server->secmech.hmacmd5);



	kfree(server->secmech.sdeschmacsha256);



	kfree(server->secmech.sdeschmacmd5);



	kfree(server->secmech.sdescmd5);
@@ -716,6 +721,13 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server) 
		goto crypto_allocate_md5_fail;

	}



	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);

	if (IS_ERR(server->secmech.hmacsha256)) {

		cERROR(1, "could not allocate crypto hmacsha256\n");

		rc = PTR_ERR(server->secmech.hmacsha256);

		goto crypto_allocate_hmacsha256_fail;

	}



	size = sizeof(struct shash_desc) +

			crypto_shash_descsize(server->secmech.hmacmd5);

	server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
@@ -727,7 +739,6 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server) 
	server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;

	server->secmech.sdeschmacmd5->shash.flags = 0x0;





	size = sizeof(struct shash_desc) +

			crypto_shash_descsize(server->secmech.md5);

	server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
@@ -739,12 +750,29 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server) 
	server->secmech.sdescmd5->shash.tfm = server->secmech.md5;

	server->secmech.sdescmd5->shash.flags = 0x0;



	size = sizeof(struct shash_desc) +

			crypto_shash_descsize(server->secmech.hmacsha256);

	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);

	if (!server->secmech.sdeschmacsha256) {

		cERROR(1, "%s: Can't alloc hmacsha256\n", __func__);

		rc = -ENOMEM;

		goto crypto_allocate_hmacsha256_sdesc_fail;

	}

	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;

	server->secmech.sdeschmacsha256->shash.flags = 0x0;



	return 0;



crypto_allocate_hmacsha256_sdesc_fail:

	kfree(server->secmech.sdescmd5);



crypto_allocate_md5_sdesc_fail:

	kfree(server->secmech.sdeschmacmd5);



crypto_allocate_hmacmd5_sdesc_fail:

	crypto_free_shash(server->secmech.hmacsha256);



crypto_allocate_hmacsha256_fail:

	crypto_free_shash(server->secmech.md5);



crypto_allocate_md5_fail:

fs/cifs/cifsglob.h

+2 −0
Original line number Diff line number Diff line
@@ -128,8 +128,10 @@ struct sdesc { 
struct cifs_secmech {

	struct crypto_shash *hmacmd5; /* hmac-md5 hash function */

	struct crypto_shash *md5; /* md5 hash function */

	struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */

	struct sdesc *sdeschmacmd5;  /* ctxt to generate ntlmv2 hash, CR1 */

	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */

	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */

};



/* per smb session structure/fields */

fs/cifs/cifsproto.h

+1 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ extern char *cifs_compose_mount_options(const char *sb_mountdata, 
extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer,

					struct TCP_Server_Info *server);

extern void DeleteMidQEntry(struct mid_q_entry *midEntry);

extern void cifs_delete_mid(struct mid_q_entry *mid);

extern void cifs_wake_up_task(struct mid_q_entry *mid);

extern int cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,

			   unsigned int nvec, mid_receive_t *receive,

fs/cifs/smb2glob.h

+4 −0
Original line number Diff line number Diff line
@@ -47,4 +47,8 @@ 
#define END_OF_CHAIN 4

#define RELATED_REQUEST 8



#define SMB2_SIGNATURE_SIZE (16)

#define SMB2_NTLMV2_SESSKEY_SIZE (16)

#define SMB2_HMACSHA256_SIZE (32)



#endif	/* _SMB2_GLOB_H */