xref: /kernel/linux/linux-5.10/fs/cifs/cifsencrypt.c

41 			struct TCP_Server_Info *server, char *signature,
48 	int is_smb2 = server->vals->header_preamble_size == 0;
110  * should be called with the server->srv_mutex held.
113 			struct TCP_Server_Info *server, char *signature)
117 	if (!rqst->rq_iov || !signature || !server)
120 	rc = cifs_alloc_hash("md5", &server->secmech.md5,
121 			     &server->secmech.sdescmd5);
125 	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
131 	rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
132 		server->session_key.response, server->session_key.len);
138 	return __cifs_calc_signature(rqst, server, signature,
139 				     &server->secmech.sdescmd5->shash);
142 /* must be called with server->srv_mutex held */
143 int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server,
154 	if ((cifs_pdu == NULL) || (server == NULL))
158 	    server->tcpStatus == CifsNeedNegotiate)
161 	if (!server->session_estab) {
167 				cpu_to_le32(server->sequence_number);
170 	*pexpected_response_sequence_number = ++server->sequence_number;
171 	++server->sequence_number;
173 	rc = cifs_calc_signature(rqst, server, smb_signature);
182 int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
188 	return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
191 /* must be called with server->srv_mutex held */
192 int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
202 	return cifs_sign_smbv(iov, 2, server,
207 			  struct TCP_Server_Info *server,
219 	if (cifs_pdu == NULL || server == NULL)
222 	if (!server->session_estab)
233 	   server does not send one? BB */
241 		its signature against what the server sent */
248 	mutex_lock(&server->srv_mutex);
249 	rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
250 	mutex_unlock(&server->srv_mutex);
281 	rc = SMBNTencrypt(ses->password, ses->server->cryptkey,
402  * domain name, authentication may fail against some server but
454  * We parse that blob here to find the server given timestamp
504 	wchar_t *server;
506 	if (!ses->server->secmech.sdeschmacmd5) {
514 	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash,
521 	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
542 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
562 		crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
574 		server = kmalloc(2 + (len * 2), GFP_KERNEL);
575 		if (server == NULL) {
579 		len = cifs_strtoUTF16((__le16 *)server, ses->serverName, len,
582 		crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
583 					(char *)server, 2 * len);
584 		kfree(server);
586 			cifs_dbg(VFS, "%s: Could not update with server\n",
592 	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
612 	if (!ses->server->secmech.sdeschmacmd5) {
617 	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
625 	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
631 	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED)
636 		       ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
637 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
645 	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
664 	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
685 	/* Must be within 5 minutes of the server (or in range +/-2h
686 	 * in case of Mac OS X), so simply carry over server timestamp
714 	mutex_lock(&ses->server->srv_mutex);
717 			     &ses->server->secmech.hmacmd5,
718 			     &ses->server->secmech.sdeschmacmd5);
738 	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
746 	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
752 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
760 	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
766 	mutex_unlock(&ses->server->srv_mutex);
805 cifs_crypto_secmech_release(struct TCP_Server_Info *server)
807 	if (server->secmech.cmacaes) {
808 		crypto_free_shash(server->secmech.cmacaes);
809 		server->secmech.cmacaes = NULL;
812 	if (server->secmech.hmacsha256) {
813 		crypto_free_shash(server->secmech.hmacsha256);
814 		server->secmech.hmacsha256 = NULL;
817 	if (server->secmech.md5) {
818 		crypto_free_shash(server->secmech.md5);
819 		server->secmech.md5 = NULL;
822 	if (server->secmech.sha512) {
823 		crypto_free_shash(server->secmech.sha512);
824 		server->secmech.sha512 = NULL;
827 	if (server->secmech.hmacmd5) {
828 		crypto_free_shash(server->secmech.hmacmd5);
829 		server->secmech.hmacmd5 = NULL;
832 	if (server->secmech.ccmaesencrypt) {
833 		crypto_free_aead(server->secmech.ccmaesencrypt);
834 		server->secmech.ccmaesencrypt = NULL;
837 	if (server->secmech.ccmaesdecrypt) {
838 		crypto_free_aead(server->secmech.ccmaesdecrypt);
839 		server->secmech.ccmaesdecrypt = NULL;
842 	kfree(server->secmech.sdesccmacaes);
843 	server->secmech.sdesccmacaes = NULL;
844 	kfree(server->secmech.sdeschmacsha256);
845 	server->secmech.sdeschmacsha256 = NULL;
846 	kfree(server->secmech.sdeschmacmd5);
847 	server->secmech.sdeschmacmd5 = NULL;
848 	kfree(server->secmech.sdescmd5);
849 	server->secmech.sdescmd5 = NULL;
850 	kfree(server->secmech.sdescsha512);
851 	server->secmech.sdescsha512 = NULL;

Indexes created Thu Nov 07 10:32:03 CST 2024