From patchwork Fri Jun 28 09:35:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 168050 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3454889ilk; Fri, 28 Jun 2019 02:36:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqyJ8ZLTuXg5oY3+0iATM0s+6HOwyw2S8vuEnJPXDxr4IzAyQmFWq7J0yG+sFltDepmg5hKs X-Received: by 2002:a17:902:8f87:: with SMTP id z7mr10193545plo.65.1561714574214; Fri, 28 Jun 2019 02:36:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561714574; cv=none; d=google.com; s=arc-20160816; b=Ohqtp/869pbYGMSKHl25AJQ3Z/UnSID8fPcMVmSBUQDzn9GOmlxz6MgjksveI0JJw0 9xZK4iApEX3FU7UD6yJ8DdUgsBxjkKl6NQwKChItn7/uBD9xqfAw8MwlSKHs5fUHMabg iv+SnYlT/99Ew8MwKwS0mu3P6/7/Kc7aa0FFI3AEXvBVO/nCqRzYfFAOAjV6irRSNxS+ ALRy7Vzn7i6s13uR4kvTjJLqWSgt+Kt8UeE0aCq+atVlQQtJc7E3FjXg/ZpzrqluayjS GVWIRBrRrjsjrniUqI4PE2kLPOl0n/EbYoiD0lO0YnfH5zzj75gp5WQmXgyanPv3lchG 5lSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JECSO/bEpbkseNS0KKB92/HftgO7GU1wpPzeVM070Yw=; b=HBEXuWJ41/uQSrHprTDoOfacpjkHb6mw3V6H42bSGa33CUj8duBUbeUwNzIttMhpPt aY4GcQJ6oncvP5nhTKt0Wy58rMTMM584nyzlvYLA26MyEKvyAeMfJneoxPxeuxa21IUL 7fQt5Ir/EhQJEQ/w4FS6TYFtCu/eVa3Lm0sviie068yxfFMXcA4V7P1uzKr325LQlFLV ENiU62lvKmsnNm2D5PmUSmZpO4MHe/qVbOwmGGY2Bq02Pf4x7EiQQTRN37c4H481B9V8 CnwattLIg8T8n1Y+yVhO1ynDPlCmmHxuUGn0F9AT2zgpDhdZNdIRk1lDmi+5b6z/zx5V qS4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zlY2AJuc; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j7si2015771pfi.10.2019.06.28.02.36.14; Fri, 28 Jun 2019 02:36:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zlY2AJuc; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726687AbfF1JgM (ORCPT + 3 others); Fri, 28 Jun 2019 05:36:12 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:33759 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726796AbfF1JgM (ORCPT ); Fri, 28 Jun 2019 05:36:12 -0400 Received: by mail-wm1-f68.google.com with SMTP id h19so8945212wme.0 for ; Fri, 28 Jun 2019 02:36:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JECSO/bEpbkseNS0KKB92/HftgO7GU1wpPzeVM070Yw=; b=zlY2AJucQbYM/macwfXX7nkWL8+g71mABisTQgAR01ipSHJ5py7TXZCc59woXboj0q SVRpo8+B+ByhLMsma4XJGGPVYmIl0QOd4pDKmxWX458MlzC07SBaLH3Yas+N6ib3BzpT 83od6GJnu0hO3hbQzd9JOX8SEVVYZGqTsDdvsRAMUceCFK5WVs/tQENe/OuNT/Mtk2GK K27x3JPYokGcTJ9fUic3tidzYQtk7ZCQc0bnOIt+kLF9/JmKqlz95A/wQmJh+fvTDOul pwUl42BzDufuoRNh70U3rzvCzT7o82wp1QQyNnTzQAcQm+OR05LI1QZd9/Qtn2YII2dh AT6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JECSO/bEpbkseNS0KKB92/HftgO7GU1wpPzeVM070Yw=; b=dbLZFLcH79kk6NXEjhe+7wNMexIfLCNPBEO7ARmITeY4rV7uew1r+MSsXAV/dvxAGy 9utubmGlgzVa48ZiVYDaFVIC1rE5nyze7rdCQkkY7iZjzLTzznoMLzcs6iZfPo4qvbsZ hOro7ZZOk0fqCh0M+ZXrBtEdDZuCGKE0B06FPUiNWJ33sIXjXpPJ0/NRcO2kCLSqY75o OFwKmjtX2NERlo514Ao50bocG81w39c7XpQcCTY1p6uawQs5xQSBRrVnjhJz27/i3zNS w1wRO5bdD3PNI6YMtZ3zr2vh950xvGXWHS3jyBlOkF1kS3mR8vUyhap7dNGDaUKZQcdN YovA== X-Gm-Message-State: APjAAAVFsKktS3J+xSppKFTDbDr/KR47zE6b6rCZfuw0HrvIUQeS/mkI HYvxaSa+wOKtwMWJVE1gHdVqxB+Z2xlPhQ== X-Received: by 2002:a7b:c455:: with SMTP id l21mr6763458wmi.114.1561714570778; Fri, 28 Jun 2019 02:36:10 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id m24sm1709910wmi.39.2019.06.28.02.36.09 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 28 Jun 2019 02:36:10 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, horia.geanta@nxp.com, Ard Biesheuvel Subject: [PATCH v3 30/30] fs: cifs: move from the crypto cipher API to the new DES library interface Date: Fri, 28 Jun 2019 11:35:29 +0200 Message-Id: <20190628093529.12281-31-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190628093529.12281-1-ard.biesheuvel@linaro.org> References: <20190628093529.12281-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel --- fs/cifs/Kconfig | 2 +- fs/cifs/cifsfs.c | 1 - fs/cifs/smbencrypt.c | 18 +++++++++--------- 3 files changed, 10 insertions(+), 11 deletions(-) -- 2.20.1 diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index 3da294231dcc..dedab8f79ee8 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig @@ -14,7 +14,7 @@ config CIFS select CRYPTO_CCM select CRYPTO_ECB select CRYPTO_AES - select CRYPTO_DES + select CRYPTO_LIB_DES help This is the client VFS module for the SMB3 family of NAS protocols, (including support for the most recent, most secure dialect SMB3.1.1) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index e55afaf9e5a3..44f4cc160197 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1590,7 +1590,6 @@ MODULE_DESCRIPTION ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " "also older servers complying with the SNIA CIFS Specification)"); MODULE_VERSION(CIFS_VERSION); -MODULE_SOFTDEP("pre: des"); MODULE_SOFTDEP("pre: ecb"); MODULE_SOFTDEP("pre: hmac"); MODULE_SOFTDEP("pre: md4"); diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c index a0b80ac651a6..5c55c35f47d6 100644 --- a/fs/cifs/smbencrypt.c +++ b/fs/cifs/smbencrypt.c @@ -23,13 +23,14 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#include #include #include +#include #include #include #include #include +#include #include "cifs_fs_sb.h" #include "cifs_unicode.h" #include "cifspdu.h" @@ -70,19 +71,18 @@ static int smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) { unsigned char key2[8]; - struct crypto_cipher *tfm_des; + struct des_ctx ctx; str_to_key(key, key2); - tfm_des = crypto_alloc_cipher("des", 0, 0); - if (IS_ERR(tfm_des)) { - cifs_dbg(VFS, "could not allocate des crypto API\n"); - return PTR_ERR(tfm_des); + if (fips_enabled) { + cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n"); + return -ENOENT; } - crypto_cipher_setkey(tfm_des, key2, 8); - crypto_cipher_encrypt_one(tfm_des, out, in); - crypto_free_cipher(tfm_des); + des_expand_key(&ctx, key2, DES_KEY_SIZE); + des_encrypt(&ctx, out, in); + memzero_explicit(&ctx, sizeof(ctx)); return 0; }