Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c1bf7e4 authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French
Browse files

CIFS: Enable signing in SMB2



Use hmac-sha256 and rather than hmac-md5 that is used for CIFS/SMB.

Signature field in SMB2 header is 16 bytes instead of 8 bytes.

Automatically enable signing by client when requested by the server
when signing ability is available to the client.

Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
Signed-off-by: default avatarPavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 009d3443
Loading
Loading
Loading
Loading
+1 −0
Original line number Original line Diff line number Diff line
@@ -9,6 +9,7 @@ config CIFS
	select CRYPTO_ARC4
	select CRYPTO_ARC4
	select CRYPTO_ECB
	select CRYPTO_ECB
	select CRYPTO_DES
	select CRYPTO_DES
	select CRYPTO_SHA256
	help
	help
	  This is the client VFS module for the Common Internet File System
	  This is the client VFS module for the Common Internet File System
	  (CIFS) protocol which is the successor to the Server Message Block
	  (CIFS) protocol which is the successor to the Server Message Block
+29 −1
Original line number Original line Diff line number Diff line
@@ -686,12 +686,17 @@ calc_seckey(struct cifs_ses *ses)
void
void
cifs_crypto_shash_release(struct TCP_Server_Info *server)
cifs_crypto_shash_release(struct TCP_Server_Info *server)
{
{
	if (server->secmech.hmacsha256)
		crypto_free_shash(server->secmech.hmacsha256);

	if (server->secmech.md5)
	if (server->secmech.md5)
		crypto_free_shash(server->secmech.md5);
		crypto_free_shash(server->secmech.md5);


	if (server->secmech.hmacmd5)
	if (server->secmech.hmacmd5)
		crypto_free_shash(server->secmech.hmacmd5);
		crypto_free_shash(server->secmech.hmacmd5);


	kfree(server->secmech.sdeschmacsha256);

	kfree(server->secmech.sdeschmacmd5);
	kfree(server->secmech.sdeschmacmd5);


	kfree(server->secmech.sdescmd5);
	kfree(server->secmech.sdescmd5);
@@ -716,6 +721,13 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
		goto crypto_allocate_md5_fail;
		goto crypto_allocate_md5_fail;
	}
	}


	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
	if (IS_ERR(server->secmech.hmacsha256)) {
		cERROR(1, "could not allocate crypto hmacsha256\n");
		rc = PTR_ERR(server->secmech.hmacsha256);
		goto crypto_allocate_hmacsha256_fail;
	}

	size = sizeof(struct shash_desc) +
	size = sizeof(struct shash_desc) +
			crypto_shash_descsize(server->secmech.hmacmd5);
			crypto_shash_descsize(server->secmech.hmacmd5);
	server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
	server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
@@ -727,7 +739,6 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
	server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
	server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
	server->secmech.sdeschmacmd5->shash.flags = 0x0;
	server->secmech.sdeschmacmd5->shash.flags = 0x0;



	size = sizeof(struct shash_desc) +
	size = sizeof(struct shash_desc) +
			crypto_shash_descsize(server->secmech.md5);
			crypto_shash_descsize(server->secmech.md5);
	server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
	server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
@@ -739,12 +750,29 @@ cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
	server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
	server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
	server->secmech.sdescmd5->shash.flags = 0x0;
	server->secmech.sdescmd5->shash.flags = 0x0;


	size = sizeof(struct shash_desc) +
			crypto_shash_descsize(server->secmech.hmacsha256);
	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
	if (!server->secmech.sdeschmacsha256) {
		cERROR(1, "%s: Can't alloc hmacsha256\n", __func__);
		rc = -ENOMEM;
		goto crypto_allocate_hmacsha256_sdesc_fail;
	}
	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
	server->secmech.sdeschmacsha256->shash.flags = 0x0;

	return 0;
	return 0;


crypto_allocate_hmacsha256_sdesc_fail:
	kfree(server->secmech.sdescmd5);

crypto_allocate_md5_sdesc_fail:
crypto_allocate_md5_sdesc_fail:
	kfree(server->secmech.sdeschmacmd5);
	kfree(server->secmech.sdeschmacmd5);


crypto_allocate_hmacmd5_sdesc_fail:
crypto_allocate_hmacmd5_sdesc_fail:
	crypto_free_shash(server->secmech.hmacsha256);

crypto_allocate_hmacsha256_fail:
	crypto_free_shash(server->secmech.md5);
	crypto_free_shash(server->secmech.md5);


crypto_allocate_md5_fail:
crypto_allocate_md5_fail:
+2 −0
Original line number Original line Diff line number Diff line
@@ -128,8 +128,10 @@ struct sdesc {
struct cifs_secmech {
struct cifs_secmech {
	struct crypto_shash *hmacmd5; /* hmac-md5 hash function */
	struct crypto_shash *hmacmd5; /* hmac-md5 hash function */
	struct crypto_shash *md5; /* md5 hash function */
	struct crypto_shash *md5; /* md5 hash function */
	struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */
	struct sdesc *sdeschmacmd5;  /* ctxt to generate ntlmv2 hash, CR1 */
	struct sdesc *sdeschmacmd5;  /* ctxt to generate ntlmv2 hash, CR1 */
	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */
};
};


/* per smb session structure/fields */
/* per smb session structure/fields */
+1 −0
Original line number Original line Diff line number Diff line
@@ -65,6 +65,7 @@ extern char *cifs_compose_mount_options(const char *sb_mountdata,
extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer,
extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer,
					struct TCP_Server_Info *server);
					struct TCP_Server_Info *server);
extern void DeleteMidQEntry(struct mid_q_entry *midEntry);
extern void DeleteMidQEntry(struct mid_q_entry *midEntry);
extern void cifs_delete_mid(struct mid_q_entry *mid);
extern void cifs_wake_up_task(struct mid_q_entry *mid);
extern void cifs_wake_up_task(struct mid_q_entry *mid);
extern int cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,
extern int cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,
			   unsigned int nvec, mid_receive_t *receive,
			   unsigned int nvec, mid_receive_t *receive,
+4 −0
Original line number Original line Diff line number Diff line
@@ -47,4 +47,8 @@
#define END_OF_CHAIN 4
#define END_OF_CHAIN 4
#define RELATED_REQUEST 8
#define RELATED_REQUEST 8


#define SMB2_SIGNATURE_SIZE (16)
#define SMB2_NTLMV2_SESSKEY_SIZE (16)
#define SMB2_HMACSHA256_SIZE (32)

#endif	/* _SMB2_GLOB_H */
#endif	/* _SMB2_GLOB_H */
Loading