diff mbox series

[RFC,30/30] fs: cifs: move from the crypto cipher API to the new DES library interface

Message ID 20190622003112.31033-31-ard.biesheuvel@linaro.org
State New
Headers show
Series crypto: DES/3DES cleanup | expand

Commit Message

Ard Biesheuvel June 22, 2019, 12:31 a.m. UTC
Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

---
 fs/cifs/Kconfig      |  2 +-
 fs/cifs/smbencrypt.c | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

-- 
2.20.1

Comments

Eric Biggers June 26, 2019, 3:40 a.m. UTC | #1
On Sat, Jun 22, 2019 at 02:31:12AM +0200, Ard Biesheuvel wrote:
> Some legacy code in the CIFS driver uses single DES to calculate

> some password hash, and uses the crypto cipher API to do so. Given

> that there is no point in invoking an accelerated cipher for doing

> 56-bit symmetric encryption on a single 8-byte block of input, the

> flexibility of the crypto cipher API does not add much value here,

> and so we're much better off using a library call into the generic

> C implementation.

> 

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---

>  fs/cifs/Kconfig      |  2 +-

>  fs/cifs/smbencrypt.c | 18 +++++++++---------

>  2 files changed, 10 insertions(+), 10 deletions(-)


You could also remove the:

	MODULE_SOFTDEP("pre: des");

... like was done for arc4.

- Eric
diff mbox series

Patch

diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
index 3da294231dcc..dedab8f79ee8 100644
--- a/fs/cifs/Kconfig
+++ b/fs/cifs/Kconfig
@@ -14,7 +14,7 @@  config CIFS
 	select CRYPTO_CCM
 	select CRYPTO_ECB
 	select CRYPTO_AES
-	select CRYPTO_DES
+	select CRYPTO_LIB_DES
 	help
 	  This is the client VFS module for the SMB3 family of NAS protocols,
 	  (including support for the most recent, most secure dialect SMB3.1.1)
diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index a0b80ac651a6..5c55c35f47d6 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -23,13 +23,14 @@ 
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#include <linux/crypto.h>
 #include <linux/module.h>
 #include <linux/slab.h>
+#include <linux/fips.h>
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/random.h>
+#include <crypto/des.h>
 #include "cifs_fs_sb.h"
 #include "cifs_unicode.h"
 #include "cifspdu.h"
@@ -70,19 +71,18 @@  static int
 smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
 {
 	unsigned char key2[8];
-	struct crypto_cipher *tfm_des;
+	struct des_ctx ctx;
 
 	str_to_key(key, key2);
 
-	tfm_des = crypto_alloc_cipher("des", 0, 0);
-	if (IS_ERR(tfm_des)) {
-		cifs_dbg(VFS, "could not allocate des crypto API\n");
-		return PTR_ERR(tfm_des);
+	if (fips_enabled) {
+		cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");
+		return -ENOENT;
 	}
 
-	crypto_cipher_setkey(tfm_des, key2, 8);
-	crypto_cipher_encrypt_one(tfm_des, out, in);
-	crypto_free_cipher(tfm_des);
+	des_expand_key(&ctx, key2, DES_KEY_SIZE);
+	des_encrypt(&ctx, out, in);
+	memzero_explicit(&ctx, sizeof(ctx));
 
 	return 0;
 }