Commit 9651ddba authored by Herbert Xu's avatar Herbert Xu

cifs: Use skcipher

This patch replaces uses of blkcipher with skcipher.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent ab1e6fa4
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include <linux/ctype.h> #include <linux/ctype.h>
#include <linux/random.h> #include <linux/random.h>
#include <linux/highmem.h> #include <linux/highmem.h>
#include <crypto/skcipher.h>
static int static int
cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server) cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
...@@ -789,38 +790,46 @@ int ...@@ -789,38 +790,46 @@ int
calc_seckey(struct cifs_ses *ses) calc_seckey(struct cifs_ses *ses)
{ {
int rc; int rc;
struct crypto_blkcipher *tfm_arc4; struct crypto_skcipher *tfm_arc4;
struct scatterlist sgin, sgout; struct scatterlist sgin, sgout;
struct blkcipher_desc desc; struct skcipher_request *req;
unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */ unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE); get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_arc4)) { if (IS_ERR(tfm_arc4)) {
rc = PTR_ERR(tfm_arc4); rc = PTR_ERR(tfm_arc4);
cifs_dbg(VFS, "could not allocate crypto API arc4\n"); cifs_dbg(VFS, "could not allocate crypto API arc4\n");
return rc; return rc;
} }
desc.tfm = tfm_arc4; rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response,
CIFS_SESS_KEY_SIZE); CIFS_SESS_KEY_SIZE);
if (rc) { if (rc) {
cifs_dbg(VFS, "%s: Could not set response as a key\n", cifs_dbg(VFS, "%s: Could not set response as a key\n",
__func__); __func__);
return rc; goto out_free_cipher;
}
req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
if (!req) {
rc = -ENOMEM;
cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
goto out_free_cipher;
} }
sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE); skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL);
rc = crypto_skcipher_encrypt(req);
skcipher_request_free(req);
if (rc) { if (rc) {
cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc); cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
crypto_free_blkcipher(tfm_arc4); goto out_free_cipher;
return rc;
} }
/* make secondary_key/nonce as session key */ /* make secondary_key/nonce as session key */
...@@ -828,7 +837,8 @@ calc_seckey(struct cifs_ses *ses) ...@@ -828,7 +837,8 @@ calc_seckey(struct cifs_ses *ses)
/* and make len as that of session key only */ /* and make len as that of session key only */
ses->auth_key.len = CIFS_SESS_KEY_SIZE; ses->auth_key.len = CIFS_SESS_KEY_SIZE;
crypto_free_blkcipher(tfm_arc4); out_free_cipher:
crypto_free_skcipher(tfm_arc4);
return rc; return rc;
} }
......
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
#include <crypto/skcipher.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/fs.h> #include <linux/fs.h>
...@@ -70,31 +71,42 @@ smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) ...@@ -70,31 +71,42 @@ smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{ {
int rc; int rc;
unsigned char key2[8]; unsigned char key2[8];
struct crypto_blkcipher *tfm_des; struct crypto_skcipher *tfm_des;
struct scatterlist sgin, sgout; struct scatterlist sgin, sgout;
struct blkcipher_desc desc; struct skcipher_request *req;
str_to_key(key, key2); str_to_key(key, key2);
tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC); tfm_des = crypto_alloc_skcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_des)) { if (IS_ERR(tfm_des)) {
rc = PTR_ERR(tfm_des); rc = PTR_ERR(tfm_des);
cifs_dbg(VFS, "could not allocate des crypto API\n"); cifs_dbg(VFS, "could not allocate des crypto API\n");
goto smbhash_err; goto smbhash_err;
} }
desc.tfm = tfm_des; req = skcipher_request_alloc(tfm_des, GFP_KERNEL);
if (!req) {
rc = -ENOMEM;
cifs_dbg(VFS, "could not allocate des crypto API\n");
goto smbhash_free_skcipher;
}
crypto_blkcipher_setkey(tfm_des, key2, 8); crypto_skcipher_setkey(tfm_des, key2, 8);
sg_init_one(&sgin, in, 8); sg_init_one(&sgin, in, 8);
sg_init_one(&sgout, out, 8); sg_init_one(&sgout, out, 8);
rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, 8); skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sgin, &sgout, 8, NULL);
rc = crypto_skcipher_encrypt(req);
if (rc) if (rc)
cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc); cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);
crypto_free_blkcipher(tfm_des); skcipher_request_free(req);
smbhash_free_skcipher:
crypto_free_skcipher(tfm_des);
smbhash_err: smbhash_err:
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment