From patchwork Thu Aug 15 09:01:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 171429 Delivered-To: patch@linaro.org Received: by 2002:a92:d204:0:0:0:0:0 with SMTP id y4csp1918789ily; Thu, 15 Aug 2019 02:02:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwj+H66tYgqCoUnfrM9bGCJu5KCrkAj9zb+JLK1s3lxYgql4DFQQ/6EGkV0/X3YwIzuBbgw X-Received: by 2002:a17:902:2aab:: with SMTP id j40mr3267098plb.76.1565859742327; Thu, 15 Aug 2019 02:02:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565859742; cv=none; d=google.com; s=arc-20160816; b=wVPx4kjFfar5JNEVBvHEBgC3cczVMLbvlvN669r15P7gP3h65cRtE3pRlpIK+Et0KD xzubqKD3OOvCiekqqjNKFWCzNd2AKbcOQw2250fBETMfSSPaUM29FNiabYaRyRvcTvSG serVRNFqZnDFNwykv00h0xuAw0YNXyRhSO40yDOvpzEiVQRBbpg2b4QjyunaUQFU6Kad mksJf9BJSl1S96Zx4UujDUkX1NwUPFyY/e7QbdWeYE851mQexu2w6Bq9TVYemYLP9Plu Lv5GK75zfwXTrH5R8cbEo+/ZzMvysRkxnVqZC0uSXZ8laXgkLhVTNylk3wkXH+kHGe25 hzdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=BotHPKD3g+g+mUZQ/dtkowLHJlOQtGFVF7+kbySZOcU=; b=OT53KmNGYjofS6eZKXX1D2NUYHW/4cawfrLTR6cTJ3sD5yORrz0ugTSBLOWynv9pD1 6Yr0iLPiyB+OMrGsKOP4PB13DfuX7eZgU/aA74LKgd8zJgQu70+tKcYz3J5nO+lyh9ev t87xp9tGReHw1chrFnAtUqsZV/Th1eg/GoxFSuZv0wyb+w8lNdxD6AYDua2/LqR2JceO km/IWB15+Sh6auYZdlfP502gPSpom5jsAMtugRY/tUlcmbKnK1pBE+LDBuMBapZaVUzR rrmYSVriL66jcejEz3YBGsiuXxvG2UfONUDeNUg+vohK8kgeyIGmzSugypyRiPTMacU6 sM+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=whv+LhAh; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k11si1650459pfi.3.2019.08.15.02.02.22; Thu, 15 Aug 2019 02:02:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=whv+LhAh; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730213AbfHOJCV (ORCPT + 3 others); Thu, 15 Aug 2019 05:02:21 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:56002 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730823AbfHOJCV (ORCPT ); Thu, 15 Aug 2019 05:02:21 -0400 Received: by mail-wm1-f67.google.com with SMTP id f72so674667wmf.5 for ; Thu, 15 Aug 2019 02:02:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BotHPKD3g+g+mUZQ/dtkowLHJlOQtGFVF7+kbySZOcU=; b=whv+LhAhxs1dUKQOELKk0+c9ufyVLY04ilRm4Xr/A3joJ+etHGyyoDTbsisvPcFm1b hqFntJVU38lK/9tlFHSPFxW5putYTbXeMuNadA4os9moVI1ktBNzzyo2WUhryYMAGhQx r56uPTE+wCR/UIdyngOuDCktneeoxFL/hipPlKgqXtHg2oob1vOkpKX+Z/dLhNmqx/WO e1XejR5fP7q4a+WIGiKAKFDTDNy4u6WdUonPFjo8v3jBMt+JrIaHOztze1S0Bx/gdCrd 1c6jfWFFb9RmFb0aTbQJ0Redfvmy3XFTjLoupJN8cTuaIRmVBt5u8mp7iXWnKrnZrCFR T2GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BotHPKD3g+g+mUZQ/dtkowLHJlOQtGFVF7+kbySZOcU=; b=KyjjiGikWEg72e1AxdMqlWhGOc/HWwsIM8+9duKRw9inDVUYFSN8RJpsY3M1dgI2oq 0Rc43oxsnOZYk2VABNvC5xdOuk5BGQsyr+uOcITpfJYunffpQoMEBjtCDlCUqsqxPcb3 Bj65WkxBzTjnFk14r+r4Oc6lMefaRVRz1QVQG6NrjigpKo826zpH1kj/70MHR7LzPVV+ uez8i0xdegp+kfqzVMhDfr10+FdbxFU75o6QqW+55RGitWyaIVybD9wRgYmP10hxWp2R uKJnM9ep09HXzWUmc7Iv4g6nWLXPiaaJHHiMEM2KTwFx5hTq888jSqbrwgfXWec48SbU z6sA== X-Gm-Message-State: APjAAAW08Ju6Ap/AWlxpF4rYBt8yO/f8S3JuHJ96nJu80A7xc82+K2Hp VLxjv8aoxzje+5RAOT5z6jAPjK157FL6cJ3z X-Received: by 2002:a1c:3945:: with SMTP id g66mr1622342wma.139.1565859739008; Thu, 15 Aug 2019 02:02:19 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a407:da00:f1b5:e68c:5f7f:79e7]) by smtp.gmail.com with ESMTPSA id x20sm3857533wrg.10.2019.08.15.02.02.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Aug 2019 02:02:18 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel Subject: [PATCH v5 30/30] fs: cifs: move from the crypto cipher API to the new DES library interface Date: Thu, 15 Aug 2019 12:01:12 +0300 Message-Id: <20190815090112.9377-31-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190815090112.9377-1-ard.biesheuvel@linaro.org> References: <20190815090112.9377-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel --- fs/cifs/Kconfig | 2 +- fs/cifs/cifsfs.c | 1 - fs/cifs/smbencrypt.c | 18 +++++++++--------- 3 files changed, 10 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index b16219e5dac9..350bc3061656 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig @@ -16,7 +16,7 @@ config CIFS select CRYPTO_GCM select CRYPTO_ECB select CRYPTO_AES - select CRYPTO_DES + select CRYPTO_LIB_DES select KEYS help This is the client VFS module for the SMB3 family of NAS protocols, diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 3289b566463f..4e2f74894e9b 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " "also older servers complying with the SNIA CIFS Specification)"); MODULE_VERSION(CIFS_VERSION); -MODULE_SOFTDEP("pre: des"); MODULE_SOFTDEP("pre: ecb"); MODULE_SOFTDEP("pre: hmac"); MODULE_SOFTDEP("pre: md4"); diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c index 2b6d87bfdf8e..39a938443e3e 100644 --- a/fs/cifs/smbencrypt.c +++ b/fs/cifs/smbencrypt.c @@ -11,13 +11,14 @@ */ -#include #include #include +#include #include #include #include #include +#include #include "cifs_fs_sb.h" #include "cifs_unicode.h" #include "cifspdu.h" @@ -58,19 +59,18 @@ static int smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) { unsigned char key2[8]; - struct crypto_cipher *tfm_des; + struct des_ctx ctx; str_to_key(key, key2); - tfm_des = crypto_alloc_cipher("des", 0, 0); - if (IS_ERR(tfm_des)) { - cifs_dbg(VFS, "could not allocate des crypto API\n"); - return PTR_ERR(tfm_des); + if (fips_enabled) { + cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n"); + return -ENOENT; } - crypto_cipher_setkey(tfm_des, key2, 8); - crypto_cipher_encrypt_one(tfm_des, out, in); - crypto_free_cipher(tfm_des); + des_expand_key(&ctx, key2, DES_KEY_SIZE); + des_encrypt(&ctx, out, in); + memzero_explicit(&ctx, sizeof(ctx)); return 0; }