From: Suresh Jayaraman <sjayaraman-l3A5Bk7waGM@public.gmane.org>
To: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 4/8] ntlmv2/ntlmssp define, declare, and use crypto hash functions
Date: Thu, 09 Sep 2010 17:30:18 +0530 [thread overview]
Message-ID: <4C88CC52.7080303@suse.de> (raw)
In-Reply-To: <1283921151-13090-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On 09/08/2010 10:15 AM, shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> From: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>
>
> Allocate crypto hashing functions, ecurity descriptiors, and respective
> contexts when a smb/tcp connection is established.
> Release them when a tcp/smb connection is taken down.
>
> md5 and hmac-md5 are two crypto hashing functions that are used
> throught the life of an smb/tcp connection by various functions that
> calcualte signagure and ntlmv2 hash, HMAC etc.
>
>
> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> fs/cifs/cifsencrypt.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++
> fs/cifs/cifsproto.h | 2 +
> fs/cifs/connect.c | 16 +++++++++--
> 3 files changed, 86 insertions(+), 3 deletions(-)
>
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index 4bdcf13..4772c4d 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -369,3 +369,74 @@ void CalcNTLMv2_response(const struct cifsSesInfo *ses,
> hmac_md5_final(v2_session_response, &context);
> /* cifs_dump_mem("v2_sess_rsp: ", v2_session_response, 32); */
> }
> +
> +void
> +cifs_crypto_shash_release(struct TCP_Server_Info *server)
> +{
> + if (server->secmech.md5)
> + crypto_free_shash(server->secmech.md5);
> +
> + if (server->secmech.hmacmd5)
> + crypto_free_shash(server->secmech.hmacmd5);
> +
> + kfree(server->secmech.sdeschmacmd5);
> +
> + kfree(server->secmech.sdescmd5);
> +}
> +
> +int
> +cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
> +{
> + int rc;
> + unsigned int size;
> +
> + server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
> + if (!server->secmech.hmacmd5 ||
> + IS_ERR(server->secmech.hmacmd5)) {
crypto_alloc_hash() seems to return a pointer to struct crypto_shash.
Would it be sufficient to use IS_ERR() to check?
Also, instead of returning 1, we should use PTR_ERR() to propagate the
appropriate error back. Otherwise, rc will always be 1 which gives
little clue in case of error..
> + cERROR(1, "could not allocate crypto hmacmd5\n");
> + return 1;
> + }
> +
> + server->secmech.md5 = crypto_alloc_shash("md5", 0, 0);
> + if (!server->secmech.md5 || IS_ERR(server->secmech.md5)) {
> + cERROR(1, "could not allocate crypto md5\n");
> + rc = 1;
ditto here..
> + goto cifs_crypto_shash_allocate_ret1;
nit: the goto labels could use better names..?
> + }
> +
> + size = sizeof(struct shash_desc) +
> + crypto_shash_descsize(server->secmech.hmacmd5);
> + server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
> + if (!server->secmech.sdeschmacmd5) {
> + cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5\n");
> + rc = -ENOMEM;
> + goto cifs_crypto_shash_allocate_ret2;
> + }
> + server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
> + server->secmech.sdeschmacmd5->shash.flags = 0x0;
> +
> +
> + size = sizeof(struct shash_desc) +
> + crypto_shash_descsize(server->secmech.md5);
> + server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
> + if (!server->secmech.sdescmd5) {
> + cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5\n");
> + rc = -ENOMEM;
> + goto cifs_crypto_shash_allocate_ret3;
> + }
> + server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
> + server->secmech.sdescmd5->shash.flags = 0x0;
> +
> + return 0;
> +
> +cifs_crypto_shash_allocate_ret3:
> + kfree(server->secmech.sdeschmacmd5);
> +
> +cifs_crypto_shash_allocate_ret2:
> + crypto_free_shash(server->secmech.md5);
> +
> +cifs_crypto_shash_allocate_ret1:
> + crypto_free_shash(server->secmech.hmacmd5);
> +
> + return rc;
> +}
> diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
> index eadf78c..fa3716c 100644
> --- a/fs/cifs/cifsproto.h
> +++ b/fs/cifs/cifsproto.h
> @@ -368,6 +368,8 @@ extern int cifs_calculate_mac_key(struct session_key *key, const char *rn,
> extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
> extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
> const struct nls_table *);
> +extern int cifs_crypto_shash_allocate(struct TCP_Server_Info *);
> +extern void cifs_crypto_shash_release(struct TCP_Server_Info *);
> #ifdef CONFIG_CIFS_WEAK_PW_HASH
> extern void calc_lanman_hash(const char *password, const char *cryptkey,
> bool encrypt, char *lnm_session_key);
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 0ea52e9..f5369e7 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -1520,6 +1520,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server)
> server->tcpStatus = CifsExiting;
> spin_unlock(&GlobalMid_Lock);
>
> + cifs_crypto_shash_release(server);
> cifs_fscache_release_client_cookie(server);
>
> task = xchg(&server->tsk, NULL);
> @@ -1574,10 +1575,16 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
> goto out_err;
> }
>
> + rc = cifs_crypto_shash_allocate(tcp_ses);
> + if (rc) {
> + cERROR(1, "could not setup hash structures rc %d", rc);
> + goto out_err;
> + }
> +
> tcp_ses->hostname = extract_hostname(volume_info->UNC);
> if (IS_ERR(tcp_ses->hostname)) {
> rc = PTR_ERR(tcp_ses->hostname);
> - goto out_err;
> + goto out_err2;
> }
>
> tcp_ses->noblocksnd = volume_info->noblocksnd;
> @@ -1618,7 +1625,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
> }
> if (rc < 0) {
> cERROR(1, "Error connecting to socket. Aborting operation");
> - goto out_err;
> + goto out_err2;
> }
>
> /*
> @@ -1632,7 +1639,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
> rc = PTR_ERR(tcp_ses->tsk);
> cERROR(1, "error %d create cifsd thread", rc);
> module_put(THIS_MODULE);
> - goto out_err;
> + goto out_err2;
> }
>
> /* thread spawned, put it on the list */
> @@ -1644,6 +1651,9 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
>
> return tcp_ses;
>
> +out_err2:
> + cifs_crypto_shash_release(tcp_ses);
> +
> out_err:
> if (tcp_ses) {
> if (!IS_ERR(tcp_ses->hostname))
--
Suresh Jayaraman
next prev parent reply other threads:[~2010-09-09 12:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-08 4:45 [PATCH 4/8] ntlmv2/ntlmssp define, declare, and use crypto hash functions shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <1283921151-13090-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-09-08 20:00 ` Jeff Layton
2010-09-09 12:00 ` Suresh Jayaraman [this message]
2010-09-09 16:13 ` Shirish Pargaonkar
[not found] ` <AANLkTinAA+5aXp0mO=h4f3TiLrL6PR4Uu_DHw2Ched3J-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-09-09 16:47 ` Suresh Jayaraman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C88CC52.7080303@suse.de \
--to=sjayaraman-l3a5bk7wagm@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.