Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "Here is the crypto update for 5.3: API: - Test shash interface directly in testmgr - cra_driver_name is now mandatory Algorithms: - Replace arc4 crypto_cipher with library helper - Implement 5 way interleave for ECB, CBC and CTR on arm64 - Add xxhash - Add continuous self-test on noise source to drbg - Update jitter RNG Drivers: - Add support for SHA204A random number generator - Add support for 7211 in iproc-rng200 - Fix fuzz test failures in inside-secure - Fix fuzz test failures in talitos - Fix fuzz test failures in qat" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (143 commits) crypto: stm32/hash - remove interruptible condition for dma crypto: stm32/hash - Fix hmac issue more than 256 bytes crypto: stm32/crc32 - rename driver file crypto: amcc - remove memset after dma_alloc_coherent crypto: ccp - Switch to SPDX license identifiers crypto: ccp - Validate the the error value used to index error messages crypto: doc - Fix formatting of new crypto engine content crypto: doc - Add parameter documentation crypto: arm64/aes-ce - implement 5 way interleave for ECB, CBC and CTR crypto: arm64/aes-ce - add 5 way interleave routines crypto: talitos - drop icv_ool crypto: talitos - fix hash on SEC1. crypto: talitos - move struct talitos_edesc into talitos.h lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE crypto/NX: Set receive window credits to max number of CRBs in RxFIFO crypto: asymmetric_keys - select CRYPTO_HASH where needed crypto: serpent - mark __serpent_setkey_sbox noinline crypto: testmgr - dynamically allocate crypto_shash crypto: testmgr - dynamically allocate testvec_config crypto: talitos - eliminate unneeded 'done' functions at build time ...
This commit is contained in:
Linus Torvalds
@@ -10,7 +10,7 @@ config CIFS
|
||||
select CRYPTO_SHA512
|
||||
select CRYPTO_CMAC
|
||||
select CRYPTO_HMAC
|
||||
select CRYPTO_ARC4
|
||||
select CRYPTO_LIB_ARC4
|
||||
select CRYPTO_AEAD2
|
||||
select CRYPTO_CCM
|
||||
select CRYPTO_ECB
|
||||
|
||||
@@ -33,7 +33,8 @@
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/random.h>
|
||||
#include <linux/highmem.h>
|
||||
#include <crypto/skcipher.h>
|
||||
#include <linux/fips.h>
|
||||
#include <crypto/arc4.h>
|
||||
#include <crypto/aead.h>
|
||||
|
||||
int __cifs_calc_signature(struct smb_rqst *rqst,
|
||||
@@ -772,63 +773,32 @@ setup_ntlmv2_rsp_ret:
|
||||
int
|
||||
calc_seckey(struct cifs_ses *ses)
|
||||
{
|
||||
int rc;
|
||||
struct crypto_skcipher *tfm_arc4;
|
||||
struct scatterlist sgin, sgout;
|
||||
struct skcipher_request *req;
|
||||
unsigned char *sec_key;
|
||||
unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
|
||||
struct arc4_ctx *ctx_arc4;
|
||||
|
||||
sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
|
||||
if (sec_key == NULL)
|
||||
return -ENOMEM;
|
||||
if (fips_enabled)
|
||||
return -ENODEV;
|
||||
|
||||
get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
|
||||
|
||||
tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
|
||||
if (IS_ERR(tfm_arc4)) {
|
||||
rc = PTR_ERR(tfm_arc4);
|
||||
cifs_dbg(VFS, "could not allocate crypto API arc4\n");
|
||||
goto out;
|
||||
ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
|
||||
if (!ctx_arc4) {
|
||||
cifs_dbg(VFS, "could not allocate arc4 context\n");
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
|
||||
CIFS_SESS_KEY_SIZE);
|
||||
if (rc) {
|
||||
cifs_dbg(VFS, "%s: Could not set response as a key\n",
|
||||
__func__);
|
||||
goto out_free_cipher;
|
||||
}
|
||||
|
||||
req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
|
||||
if (!req) {
|
||||
rc = -ENOMEM;
|
||||
cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
|
||||
goto out_free_cipher;
|
||||
}
|
||||
|
||||
sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
|
||||
sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
|
||||
|
||||
skcipher_request_set_callback(req, 0, NULL, NULL);
|
||||
skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL);
|
||||
|
||||
rc = crypto_skcipher_encrypt(req);
|
||||
skcipher_request_free(req);
|
||||
if (rc) {
|
||||
cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
|
||||
goto out_free_cipher;
|
||||
}
|
||||
arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
|
||||
arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
|
||||
CIFS_CPHTXT_SIZE);
|
||||
|
||||
/* make secondary_key/nonce as session key */
|
||||
memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
|
||||
/* and make len as that of session key only */
|
||||
ses->auth_key.len = CIFS_SESS_KEY_SIZE;
|
||||
|
||||
out_free_cipher:
|
||||
crypto_free_skcipher(tfm_arc4);
|
||||
out:
|
||||
kfree(sec_key);
|
||||
return rc;
|
||||
memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
|
||||
kzfree(ctx_arc4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
|
||||
@@ -1591,7 +1591,6 @@ MODULE_DESCRIPTION
|
||||
("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
|
||||
"also older servers complying with the SNIA CIFS Specification)");
|
||||
MODULE_VERSION(CIFS_VERSION);
|
||||
MODULE_SOFTDEP("pre: arc4");
|
||||
MODULE_SOFTDEP("pre: des");
|
||||
MODULE_SOFTDEP("pre: ecb");
|
||||
MODULE_SOFTDEP("pre: hmac");
|
||||
|
||||
Reference in New Issue
Block a user