CIFS: add sha512 secmech

author Aurelien Aptel <aaptel@suse.com>

Fri, 16 Feb 2018 18:19:28 +0000 (19:19 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 24 Apr 2018 07:36:27 +0000 (09:36 +0200)
author Aurelien Aptel <aaptel@suse.com>
Fri, 16 Feb 2018 18:19:28 +0000 (19:19 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 24 Apr 2018 07:36:27 +0000 (09:36 +0200)
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig

index d5b2e12b5d02212046f0a7b816550737cc3b45af..cb0f1fbe836dc9b874da012d02d4184a7e8b477e 100644 (file)
--- a/fs/cifs/Kconfig
+++ b/fs/cifs/Kconfig
@@ -190,6 +190,7 @@ config CIFS_NFSD_EXPORT
  config CIFS_SMB311
         bool "SMB3.1.1 network file system support (Experimental)"
         depends on CIFS
+       select CRYPTO_SHA512
  
         help
           This enables experimental support for the newest, SMB3.1.1, dialect.
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c

index 478a145aa4d09292f1c22187df79f85b9862731b..6fa6d459678e14ec5cc6af5d06646767fc27005a 100644 (file)
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -829,6 +829,11 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
                 server->secmech.md5 = NULL;
         }
  
+       if (server->secmech.md5) {
+               crypto_free_shash(server->secmech.sha512);
+               server->secmech.sha512 = NULL;
+       }
+
         if (server->secmech.hmacmd5) {
                 crypto_free_shash(server->secmech.hmacmd5);
                 server->secmech.hmacmd5 = NULL;
@@ -852,4 +857,6 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
         server->secmech.sdeschmacmd5 = NULL;
         kfree(server->secmech.sdescmd5);
         server->secmech.sdescmd5 = NULL;
+       kfree(server->secmech.sdescsha512);
+       server->secmech.sdescsha512 = NULL;
  }
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c

index 8c8b75d33f310ce5e258042ff489f942379cdd27..dbcd2e0660664c15a1f4cdea415163c322749ad3 100644 (file)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1476,6 +1476,7 @@ MODULE_SOFTDEP("pre: nls");
  MODULE_SOFTDEP("pre: aes");
  MODULE_SOFTDEP("pre: cmac");
  MODULE_SOFTDEP("pre: sha256");
+MODULE_SOFTDEP("pre: sha512");
  MODULE_SOFTDEP("pre: aead2");
  MODULE_SOFTDEP("pre: ccm");
  module_init(init_cifs)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h

index 6b6496820a21dee0ee1bcb6dd9c8155def7ef309..33d6eb58ce34124174650d471ff705d6b56ae359 100644 (file)
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -130,10 +130,12 @@ struct cifs_secmech {
         struct crypto_shash *md5; /* md5 hash function */
         struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */
         struct crypto_shash *cmacaes; /* block-cipher based MAC function */
+       struct crypto_shash *sha512; /* sha512 hash function */
         struct sdesc *sdeschmacmd5;  /* ctxt to generate ntlmv2 hash, CR1 */
         struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
         struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */
         struct sdesc *sdesccmacaes;  /* ctxt to generate smb3 signature */
+       struct sdesc *sdescsha512; /* ctxt to generate smb3.11 signing key */
         struct crypto_aead *ccmaesencrypt; /* smb3 encryption aead */
         struct crypto_aead *ccmaesdecrypt; /* smb3 decryption aead */
  };
diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h

index e9ab5227e7a8ac3d69e69afe678cee78566056a8..6fe4898f6975c61e3e800d1b7b73c9d2ffc480e8 100644 (file)
--- a/fs/cifs/smb2proto.h
+++ b/fs/cifs/smb2proto.h
@@ -203,4 +203,7 @@ extern int smb3_validate_negotiate(const unsigned int, struct cifs_tcon *);
  
  extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
                                         enum securityEnum);
+#ifdef CONFIG_CIFS_SMB311
+extern int smb311_crypto_shash_allocate(struct TCP_Server_Info *server);
+#endif
  #endif                 /* _SMB2PROTO_H */
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c

index c3c271f557a0a13ab6aaa98e079ddf0e069542ab..bf49cb73b9e6ad80f4e67b961e22640fda6df3db 100644 (file)
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -70,6 +70,36 @@ err:
         return rc;
  }
  
+#ifdef CONFIG_CIFS_SMB311
+int
+smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
+{
+       struct cifs_secmech *p = &server->secmech;
+       int rc = 0;
+
+       rc = cifs_alloc_hash("hmac(sha256)",
+                            &p->hmacsha256,
+                            &p->sdeschmacsha256);
+       if (rc)
+               return rc;
+
+       rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
+       if (rc)
+               goto err;
+
+       rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512);
+       if (rc)
+               goto err;
+
+       return 0;
+
+err:
+       cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
+       cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
+       return rc;
+}
+#endif
+
  static struct cifs_ses *
  smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
  {
author	Aurelien Aptel <aaptel@suse.com>
	Fri, 16 Feb 2018 18:19:28 +0000 (19:19 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 24 Apr 2018 07:36:27 +0000 (09:36 +0200)
fs/cifs/Kconfig		patch \| blob \| blame \| history
fs/cifs/cifsencrypt.c		patch \| blob \| blame \| history
fs/cifs/cifsfs.c		patch \| blob \| blame \| history
fs/cifs/cifsglob.h		patch \| blob \| blame \| history
fs/cifs/smb2proto.h		patch \| blob \| blame \| history
fs/cifs/smb2transport.c		patch \| blob \| blame \| history