From patchwork Sat Jun 22 00:31:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 167453 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp1376952ilk; Fri, 21 Jun 2019 17:32:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqyKK/UicAU2NQABovH3A2r8w7D52fdo1zXw2DUm/9hP+m3epPmprnJFLQKGugCRwBPoSAQY X-Received: by 2002:a17:90a:3544:: with SMTP id q62mr10119456pjb.53.1561163539464; Fri, 21 Jun 2019 17:32:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561163539; cv=none; d=google.com; s=arc-20160816; b=rc1neZf8K7h2WF4Gjoe8Kchgv2wq6lEuYEcUi1eYjmF/4/5HuttlmT4n7BRWZ4wRIq 7XAghe0nM/oQoHMT1A1+7T/tOx+Jls1COSm8EJWNfhWYMTtdbZWY0H8aOKCUoTNOdeFT 4Q7/jK/bNj84u5LRtVN+YPS3QgWXa6puwZgfewLwanlzg3SxmoxEwJxq3UssPC0wt43W LT0Erkp3Css6ygD/TEXePa/7tV9YkU3WQBvhGBVmf9yyxbV12uRaFuz16CnA1sBMY+AM x3O5+Gqfswduq4DxvZELgFu4IeqWArptd7he3V9nx/ZOpSuXtH+f26JHchtl65DXGjWA 0JqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mCsEnAP2oL66UMgflkiPsBtum694MAUnMKTZwZyY2CQ=; b=upatWGdraNWhhq0Ri9Vpag4zNAzpvPFDhr8veM34GD9+zMMADWeZiRoTVaoLn2IsPf 2o3jx+osu5FcB9iLelirRYt8tC7XXgrfGUX198ocKx5/dAOr/nV9oRSj8iHcpcHB0K1t F3mOpeX4h4BGAfm+QYtWrhxwxJ8iQDZ824S9UqQs1HV/SDSXHHKg+IrLGgI2VxcWZ6ZS y8LGSVRU6UU/kmZeAv4b9WZdJnb557T24KunfjLukyJIIXATwclkh3nr9EtZIVvkXMf4 fAZZULn9JmXlgt1XkpYw7OAy4e9V9W+I+gA3x8aMZPS1sWZvvYcpuVHm7O5mQHp1hFOo VLtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dZTd+802; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si4096271plg.320.2019.06.21.17.32.19; Fri, 21 Jun 2019 17:32:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dZTd+802; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726237AbfFVAcS (ORCPT + 3 others); Fri, 21 Jun 2019 20:32:18 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:55808 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726270AbfFVAcS (ORCPT ); Fri, 21 Jun 2019 20:32:18 -0400 Received: by mail-wm1-f68.google.com with SMTP id a15so7712590wmj.5 for ; Fri, 21 Jun 2019 17:32:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mCsEnAP2oL66UMgflkiPsBtum694MAUnMKTZwZyY2CQ=; b=dZTd+802WlPaJ1ZQsrZxqUX9/heuVYJkSzVtU7Ygjw6KyQLH+YruszrRWdjahzXJ5n s4FAz+L8q+9OXE1nwe/pWoP9BRH1BGaDzoLHGUZKEse33IpSeamAYWGtfQqe0vTBVqzG yVPe2Nkr3j8Jl11kd834kuU8/A6LDkNzOd/k/IYS1/5mdpaV/1qPeT9aAU4adzn0J5Fw y/rHBkaFfc+BTa+01Qn7yheezs5GftP/luxbilPW4KG0LQoy5QkPD5HmOvSQo5jymFV8 uaT6fcTSZUPhzcIKvLKh/sV70Lq0MgmMaETnbo6Q/ZSyyJymI6/lC5olAB6LVim3m+BR b2CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mCsEnAP2oL66UMgflkiPsBtum694MAUnMKTZwZyY2CQ=; b=ID3MHixH/ZFJrdXqPDLGMZIBBUojyIghWh7pwyGo3UwWmmN0K4ONgnxlPTcmJepj9u NGP3Sze1vIMldTtQ0A7SY/OBwspSVYmEejYzACLtFX7/2cSecKIE0JZroPZ60w0r4V3v HY1mgy5sTKN2/EUMk9Sotyvg+nrZUTUm6nWK/AQCOv/gGMGtAbfgoZtXGg2Mp0A9765k L8iTZae7Fv0KdepwHyvlo7GpKKsaDisdnxBJlN/vCsjmU/K6mREpoxRVnel28gJWizcf PzxaGKCDrKtos76V+vc4EsexdG9K0kh97UBrp94ftc8F3bTkcYKwtqrAsHWPTlOuHCIW sttg== X-Gm-Message-State: APjAAAXGy3Nc/0BmZpApy55nWMJeKYM8+VM0ETWrguDluyoiRDSR3jLF v/IbkvH5/HRmjbJibG8AMEqJmlKIQZ/+MphN X-Received: by 2002:a7b:cc09:: with SMTP id f9mr5912789wmh.68.1561163536119; Fri, 21 Jun 2019 17:32:16 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:99d4:1ff0:ed6:dfbb]) by smtp.gmail.com with ESMTPSA id v18sm4792019wrd.51.2019.06.21.17.32.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Jun 2019 17:32:15 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@google.com, Ard Biesheuvel Subject: [RFC PATCH 30/30] fs: cifs: move from the crypto cipher API to the new DES library interface Date: Sat, 22 Jun 2019 02:31:12 +0200 Message-Id: <20190622003112.31033-31-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190622003112.31033-1-ard.biesheuvel@linaro.org> References: <20190622003112.31033-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel --- fs/cifs/Kconfig | 2 +- fs/cifs/smbencrypt.c | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) -- 2.20.1 diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index 3da294231dcc..dedab8f79ee8 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig @@ -14,7 +14,7 @@ config CIFS select CRYPTO_CCM select CRYPTO_ECB select CRYPTO_AES - select CRYPTO_DES + select CRYPTO_LIB_DES help This is the client VFS module for the SMB3 family of NAS protocols, (including support for the most recent, most secure dialect SMB3.1.1) diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c index a0b80ac651a6..5c55c35f47d6 100644 --- a/fs/cifs/smbencrypt.c +++ b/fs/cifs/smbencrypt.c @@ -23,13 +23,14 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#include #include #include +#include #include #include #include #include +#include #include "cifs_fs_sb.h" #include "cifs_unicode.h" #include "cifspdu.h" @@ -70,19 +71,18 @@ static int smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) { unsigned char key2[8]; - struct crypto_cipher *tfm_des; + struct des_ctx ctx; str_to_key(key, key2); - tfm_des = crypto_alloc_cipher("des", 0, 0); - if (IS_ERR(tfm_des)) { - cifs_dbg(VFS, "could not allocate des crypto API\n"); - return PTR_ERR(tfm_des); + if (fips_enabled) { + cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n"); + return -ENOENT; } - crypto_cipher_setkey(tfm_des, key2, 8); - crypto_cipher_encrypt_one(tfm_des, out, in); - crypto_free_cipher(tfm_des); + des_expand_key(&ctx, key2, DES_KEY_SIZE); + des_encrypt(&ctx, out, in); + memzero_explicit(&ctx, sizeof(ctx)); return 0; }