[linux-cifs-client] smbdes vs crypto api

[Steven French]

>Are there any plans to make the cifs kernel code use the crypto-api
> framework instead of it's own des implementation?

In the current cifs vfs development/testing tree 
(bk://cifs.bkbits.net/linux-2.5cifs) I have trimmed the smbencrypt.c code 
(which calls smbdes.c) down quite a bit, and I wouldn't mind going farther 
and getting rid of most or all of fs/cifs/smbdes.c (and md4.c and md5.c) 
too by moving to the crypto API for the des/md4/md5 functions although due 
to packet signing the md5.c is the most performance sensitive and 
therefore might get the most bang for the buck by going to the crypto API 
(the common implementation is presumably easier to make more efficient).

The code used by cifs vfs for des is quite small (there are really only 
two key functions E_P24 and E_P16 and they call smbhash to do the work) 
but moving to a common implementation in the crypto API could shave 
150-200 lines of code (out of fs/cifs/smbdes.c) from the cifs vfs. Ideally 
the function I would like to replace (with calls to the common crypto API 
would be):
        smbhash(unsigned char *out, unsigned char *in, unsigned char *key, 
int forw)
(and get rid of the functions in smbdes.c which smbhash calls).



There has not been a patch proposed for moving to the crypto API for DES 
although there was a patch to use the MD4/MD5 from the crypto API but I 
did not pursue integrating it since it seemed to add both complexity and 
path length and didn't decrease the lines of cifs code much.  I would 
rather wait for a simple wrapper MD4 wrapper function to replace the 
existing cifs

        mdfour(unsigned char *out, unsigned char *in, int n)

and a simpler wrapper function than what the crypto API offers to hide the 
md5 calls - currently the cifs specific md5 implementation is pretty 
straightforward(but calling the md5 in the crypto API looked like it would 
make the signature calculating code which needs it much more awkward 
looking than the current MD5Init/Update/Final approach): 

38 static int cifs_calculate_signature(const struct smb_hdr * cifs_pdu, 
const char * key, char * signature)
39 {
40         struct  MD5Context context;
41 
42         if((cifs_pdu == NULL) || (signature == NULL))
43                 return -EINVAL;
44 
45         MD5Init(&context);
46         MD5Update(&context,key,CIFS_SESSION_KEY_SIZE+16);
47         MD5Update(&context
,cifs_pdu->Protocol,cifs_pdu->smb_buf_length);
48         MD5Final(signature,&context);
49         return 0;
50 }





Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com
-------------- next part --------------
HTML attachment scrubbed and removed