mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-08 14:13:53 +00:00
CIFS: add sha512 secmech
* prepare for SMB3.11 pre-auth integrity * enable sha512 when SMB311 is enabled in Kconfig * add sha512 as a soft dependency Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
This commit is contained in:
parent
82fb82be05
commit
5fcd7f3f96
@ -189,6 +189,7 @@ config CIFS_NFSD_EXPORT
|
||||
config CIFS_SMB311
|
||||
bool "SMB3.1.1 network file system support (Experimental)"
|
||||
depends on CIFS
|
||||
select CRYPTO_SHA512
|
||||
|
||||
help
|
||||
This enables experimental support for the newest, SMB3.1.1, dialect.
|
||||
|
@ -829,6 +829,11 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
|
||||
server->secmech.md5 = NULL;
|
||||
}
|
||||
|
||||
if (server->secmech.md5) {
|
||||
crypto_free_shash(server->secmech.sha512);
|
||||
server->secmech.sha512 = NULL;
|
||||
}
|
||||
|
||||
if (server->secmech.hmacmd5) {
|
||||
crypto_free_shash(server->secmech.hmacmd5);
|
||||
server->secmech.hmacmd5 = NULL;
|
||||
@ -852,4 +857,6 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
|
||||
server->secmech.sdeschmacmd5 = NULL;
|
||||
kfree(server->secmech.sdescmd5);
|
||||
server->secmech.sdescmd5 = NULL;
|
||||
kfree(server->secmech.sdescsha512);
|
||||
server->secmech.sdescsha512 = NULL;
|
||||
}
|
||||
|
@ -1486,6 +1486,7 @@ MODULE_SOFTDEP("pre: nls");
|
||||
MODULE_SOFTDEP("pre: aes");
|
||||
MODULE_SOFTDEP("pre: cmac");
|
||||
MODULE_SOFTDEP("pre: sha256");
|
||||
MODULE_SOFTDEP("pre: sha512");
|
||||
MODULE_SOFTDEP("pre: aead2");
|
||||
MODULE_SOFTDEP("pre: ccm");
|
||||
module_init(init_cifs)
|
||||
|
@ -130,10 +130,12 @@ struct cifs_secmech {
|
||||
struct crypto_shash *md5; /* md5 hash function */
|
||||
struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */
|
||||
struct crypto_shash *cmacaes; /* block-cipher based MAC function */
|
||||
struct crypto_shash *sha512; /* sha512 hash function */
|
||||
struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */
|
||||
struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
|
||||
struct sdesc *sdeschmacsha256; /* ctxt to generate smb2 signature */
|
||||
struct sdesc *sdesccmacaes; /* ctxt to generate smb3 signature */
|
||||
struct sdesc *sdescsha512; /* ctxt to generate smb3.11 signing key */
|
||||
struct crypto_aead *ccmaesencrypt; /* smb3 encryption aead */
|
||||
struct crypto_aead *ccmaesdecrypt; /* smb3 decryption aead */
|
||||
};
|
||||
|
@ -202,4 +202,7 @@ extern int smb3_validate_negotiate(const unsigned int, struct cifs_tcon *);
|
||||
|
||||
extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
|
||||
enum securityEnum);
|
||||
#ifdef CONFIG_CIFS_SMB311
|
||||
extern int smb311_crypto_shash_allocate(struct TCP_Server_Info *server);
|
||||
#endif
|
||||
#endif /* _SMB2PROTO_H */
|
||||
|
@ -70,6 +70,36 @@ smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
|
||||
return rc;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_CIFS_SMB311
|
||||
int
|
||||
smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
|
||||
{
|
||||
struct cifs_secmech *p = &server->secmech;
|
||||
int rc = 0;
|
||||
|
||||
rc = cifs_alloc_hash("hmac(sha256)",
|
||||
&p->hmacsha256,
|
||||
&p->sdeschmacsha256);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512);
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
return 0;
|
||||
|
||||
err:
|
||||
cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
|
||||
cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
|
||||
return rc;
|
||||
}
|
||||
#endif
|
||||
|
||||
static struct cifs_ses *
|
||||
smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user