[linux-cifs-client][PATCH] Enable signing for ntlmv2 within NTLMSSP using kernel crypto APIs

Shirish Pargaonkar shirishpargaonkar at gmail.com
Mon Aug 2 22:46:07 MDT 2010


On Mon, Aug 2, 2010 at 1:55 AM, Herbert Xu <herbert at gondor.apana.org.au> wrote:
> shirishpargaonkar at gmail.com wrote:
>>
>> static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
>> -                                   const struct mac_key *key, char *signature)
>> +                       struct TCP_Server_Info *server, char *signature)
>> {
>> -       struct  MD5Context context;
>> +       int rc = 0;
>> +       struct scatterlist sgin[2];
>> +       struct hash_desc desc;
>>
>> -       if ((cifs_pdu == NULL) || (signature == NULL) || (key == NULL))
>> +       if (cifs_pdu == NULL || server == NULL || signature == NULL)
>>                return -EINVAL;
>>
>> -       cifs_MD5_init(&context);
>> -       cifs_MD5_update(&context, (char *)&key->data, key->len);
>> -       cifs_MD5_update(&context, cifs_pdu->Protocol, cifs_pdu->smb_buf_length);
>> +       desc.tfm = server->ntlmssp.tfm_md5;
>> +
>> +       rc = crypto_hash_init(&desc);
>
> We're phasing out the crypto_hash_* interface.  Please use the
> equivalent crypto_shash_* interface (or if you require access
> to asynchronous hardware, the crypto_ahash_* interface).
>
> Thanks,
> --
> Email: Herbert Xu <herbert at gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>

Herbert,

I have compile issues with crypto_shash interfaces, no such issues
with crypto_hash_ APIs,
everything works fine.

When I have code like this, I have errors and warning and when I cast
them as (char *),  module
oopses.

struct session_key {
        unsigned int len;
        union {
                char ntlm[CIFS_SESS_KEY_SIZE + 16];
                char krb5[CIFS_SESS_KEY_SIZE + 16]; /* BB: length correct? */
                struct {
                        char key[16];
                        struct ntlmv2_resp resp;
                } ntlmv2;
        } data;
};
        if (server->secType == RawNTLMSSP)
                crypto_shash_update(&desc, server->session_key.data.ntlmv2.key,
                                CIFS_NTLMV2_SESSKEY_SIZE);
        else
                crypto_shash_update(&desc, server->session_key.data,
          <----
                                server->session_key.len);


And
        len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);
        UniStrupr(user);

        crypto_shash_update(&desc, user, 2 * len);
                         <----

No such issues and oops with crypto_hash_APIs.


More information about the samba-technical mailing list