2 * fs/cifs/cifsencrypt.c
4 * Copyright (C) International Business Machines Corp., 2005,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include <linux/slab.h>
26 #include "cifs_debug.h"
27 #include "cifs_unicode.h"
28 #include "cifsproto.h"
30 #include <linux/ctype.h>
31 #include <linux/random.h>
32 #include <linux/highmem.h>
35 * Calculate and return the CIFS signature based on the mac key and SMB PDU.
36 * The 16 byte signature must be allocated by the caller. Note we only use the
37 * 1st eight bytes and that the smb header signature field on input contains
38 * the sequence number before this function is called. Also, this function
39 * should be called with the server->srv_mutex held.
41 static int cifs_calc_signature(struct smb_rqst
*rqst
,
42 struct TCP_Server_Info
*server
, char *signature
)
46 struct kvec
*iov
= rqst
->rq_iov
;
47 int n_vec
= rqst
->rq_nvec
;
49 if (iov
== NULL
|| signature
== NULL
|| server
== NULL
)
52 if (!server
->secmech
.sdescmd5
) {
53 cifs_dbg(VFS
, "%s: Can't generate signature\n", __func__
);
57 rc
= crypto_shash_init(&server
->secmech
.sdescmd5
->shash
);
59 cifs_dbg(VFS
, "%s: Could not init md5\n", __func__
);
63 rc
= crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
64 server
->session_key
.response
, server
->session_key
.len
);
66 cifs_dbg(VFS
, "%s: Could not update with response\n", __func__
);
70 for (i
= 0; i
< n_vec
; i
++) {
71 if (iov
[i
].iov_len
== 0)
73 if (iov
[i
].iov_base
== NULL
) {
74 cifs_dbg(VFS
, "null iovec entry\n");
77 /* The first entry includes a length field (which does not get
78 signed that occupies the first 4 bytes before the header */
80 if (iov
[0].iov_len
<= 8) /* cmd field at offset 9 */
81 break; /* nothing to sign or corrupt header */
83 crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
84 iov
[i
].iov_base
+ 4, iov
[i
].iov_len
- 4);
87 crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
88 iov
[i
].iov_base
, iov
[i
].iov_len
);
91 cifs_dbg(VFS
, "%s: Could not update with payload\n",
97 /* now hash over the rq_pages array */
98 for (i
= 0; i
< rqst
->rq_npages
; i
++) {
101 cifs_rqst_page_to_kvec(rqst
, i
, &p_iov
);
102 crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
103 p_iov
.iov_base
, p_iov
.iov_len
);
104 kunmap(rqst
->rq_pages
[i
]);
107 rc
= crypto_shash_final(&server
->secmech
.sdescmd5
->shash
, signature
);
109 cifs_dbg(VFS
, "%s: Could not generate md5 hash\n", __func__
);
114 /* must be called with server->srv_mutex held */
115 int cifs_sign_rqst(struct smb_rqst
*rqst
, struct TCP_Server_Info
*server
,
116 __u32
*pexpected_response_sequence_number
)
119 char smb_signature
[20];
120 struct smb_hdr
*cifs_pdu
= (struct smb_hdr
*)rqst
->rq_iov
[0].iov_base
;
122 if ((cifs_pdu
== NULL
) || (server
== NULL
))
125 if (!(cifs_pdu
->Flags2
& SMBFLG2_SECURITY_SIGNATURE
) ||
126 server
->tcpStatus
== CifsNeedNegotiate
)
129 if (!server
->session_estab
) {
130 memcpy(cifs_pdu
->Signature
.SecuritySignature
, "BSRSPYL", 8);
134 cifs_pdu
->Signature
.Sequence
.SequenceNumber
=
135 cpu_to_le32(server
->sequence_number
);
136 cifs_pdu
->Signature
.Sequence
.Reserved
= 0;
138 *pexpected_response_sequence_number
= ++server
->sequence_number
;
139 ++server
->sequence_number
;
141 rc
= cifs_calc_signature(rqst
, server
, smb_signature
);
143 memset(cifs_pdu
->Signature
.SecuritySignature
, 0, 8);
145 memcpy(cifs_pdu
->Signature
.SecuritySignature
, smb_signature
, 8);
150 int cifs_sign_smbv(struct kvec
*iov
, int n_vec
, struct TCP_Server_Info
*server
,
151 __u32
*pexpected_response_sequence
)
153 struct smb_rqst rqst
= { .rq_iov
= iov
,
156 return cifs_sign_rqst(&rqst
, server
, pexpected_response_sequence
);
159 /* must be called with server->srv_mutex held */
160 int cifs_sign_smb(struct smb_hdr
*cifs_pdu
, struct TCP_Server_Info
*server
,
161 __u32
*pexpected_response_sequence_number
)
165 iov
.iov_base
= cifs_pdu
;
166 iov
.iov_len
= be32_to_cpu(cifs_pdu
->smb_buf_length
) + 4;
168 return cifs_sign_smbv(&iov
, 1, server
,
169 pexpected_response_sequence_number
);
172 int cifs_verify_signature(struct smb_rqst
*rqst
,
173 struct TCP_Server_Info
*server
,
174 __u32 expected_sequence_number
)
177 char server_response_sig
[8];
178 char what_we_think_sig_should_be
[20];
179 struct smb_hdr
*cifs_pdu
= (struct smb_hdr
*)rqst
->rq_iov
[0].iov_base
;
181 if (cifs_pdu
== NULL
|| server
== NULL
)
184 if (!server
->session_estab
)
187 if (cifs_pdu
->Command
== SMB_COM_LOCKING_ANDX
) {
188 struct smb_com_lock_req
*pSMB
=
189 (struct smb_com_lock_req
*)cifs_pdu
;
190 if (pSMB
->LockType
& LOCKING_ANDX_OPLOCK_RELEASE
)
194 /* BB what if signatures are supposed to be on for session but
195 server does not send one? BB */
197 /* Do not need to verify session setups with signature "BSRSPYL " */
198 if (memcmp(cifs_pdu
->Signature
.SecuritySignature
, "BSRSPYL ", 8) == 0)
199 cifs_dbg(FYI
, "dummy signature received for smb command 0x%x\n",
202 /* save off the origiginal signature so we can modify the smb and check
203 its signature against what the server sent */
204 memcpy(server_response_sig
, cifs_pdu
->Signature
.SecuritySignature
, 8);
206 cifs_pdu
->Signature
.Sequence
.SequenceNumber
=
207 cpu_to_le32(expected_sequence_number
);
208 cifs_pdu
->Signature
.Sequence
.Reserved
= 0;
210 mutex_lock(&server
->srv_mutex
);
211 rc
= cifs_calc_signature(rqst
, server
, what_we_think_sig_should_be
);
212 mutex_unlock(&server
->srv_mutex
);
217 /* cifs_dump_mem("what we think it should be: ",
218 what_we_think_sig_should_be, 16); */
220 if (memcmp(server_response_sig
, what_we_think_sig_should_be
, 8))
227 /* first calculate 24 bytes ntlm response and then 16 byte session key */
228 int setup_ntlm_response(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
231 unsigned int temp_len
= CIFS_SESS_KEY_SIZE
+ CIFS_AUTH_RESP_SIZE
;
232 char temp_key
[CIFS_SESS_KEY_SIZE
];
237 ses
->auth_key
.response
= kmalloc(temp_len
, GFP_KERNEL
);
238 if (!ses
->auth_key
.response
)
241 ses
->auth_key
.len
= temp_len
;
243 rc
= SMBNTencrypt(ses
->password
, ses
->server
->cryptkey
,
244 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
, nls_cp
);
246 cifs_dbg(FYI
, "%s Can't generate NTLM response, error: %d\n",
251 rc
= E_md4hash(ses
->password
, temp_key
, nls_cp
);
253 cifs_dbg(FYI
, "%s Can't generate NT hash, error: %d\n",
258 rc
= mdfour(ses
->auth_key
.response
, temp_key
, CIFS_SESS_KEY_SIZE
);
260 cifs_dbg(FYI
, "%s Can't generate NTLM session key, error: %d\n",
266 #ifdef CONFIG_CIFS_WEAK_PW_HASH
267 int calc_lanman_hash(const char *password
, const char *cryptkey
, bool encrypt
,
268 char *lnm_session_key
)
272 char password_with_pad
[CIFS_ENCPWD_SIZE
];
274 memset(password_with_pad
, 0, CIFS_ENCPWD_SIZE
);
276 strncpy(password_with_pad
, password
, CIFS_ENCPWD_SIZE
);
278 if (!encrypt
&& global_secflags
& CIFSSEC_MAY_PLNTXT
) {
279 memcpy(lnm_session_key
, password_with_pad
,
284 /* calculate old style session key */
285 /* calling toupper is less broken than repeatedly
286 calling nls_toupper would be since that will never
287 work for UTF8, but neither handles multibyte code pages
288 but the only alternative would be converting to UCS-16 (Unicode)
289 (using a routine something like UniStrupr) then
290 uppercasing and then converting back from Unicode - which
291 would only worth doing it if we knew it were utf8. Basically
292 utf8 and other multibyte codepages each need their own strupper
293 function since a byte at a time will ont work. */
295 for (i
= 0; i
< CIFS_ENCPWD_SIZE
; i
++)
296 password_with_pad
[i
] = toupper(password_with_pad
[i
]);
298 rc
= SMBencrypt(password_with_pad
, cryptkey
, lnm_session_key
);
302 #endif /* CIFS_WEAK_PW_HASH */
304 /* Build a proper attribute value/target info pairs blob.
305 * Fill in netbios and dns domain name and workstation name
306 * and client time (total five av pairs and + one end of fields indicator.
307 * Allocate domain name which gets freed when session struct is deallocated.
310 build_avpair_blob(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
313 unsigned int size
= 2 * sizeof(struct ntlmssp2_name
);
314 char *defdmname
= "WORKGROUP";
315 unsigned char *blobptr
;
316 struct ntlmssp2_name
*attrptr
;
318 if (!ses
->domainName
) {
319 ses
->domainName
= kstrdup(defdmname
, GFP_KERNEL
);
320 if (!ses
->domainName
)
324 dlen
= strlen(ses
->domainName
);
327 * The length of this blob is two times the size of a
328 * structure (av pair) which holds name/size
329 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
330 * unicode length of a netbios domain name
332 ses
->auth_key
.len
= size
+ 2 * dlen
;
333 ses
->auth_key
.response
= kzalloc(ses
->auth_key
.len
, GFP_KERNEL
);
334 if (!ses
->auth_key
.response
) {
335 ses
->auth_key
.len
= 0;
339 blobptr
= ses
->auth_key
.response
;
340 attrptr
= (struct ntlmssp2_name
*) blobptr
;
343 * As defined in MS-NTLM 3.3.2, just this av pair field
344 * is sufficient as part of the temp
346 attrptr
->type
= cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME
);
347 attrptr
->length
= cpu_to_le16(2 * dlen
);
348 blobptr
= (unsigned char *)attrptr
+ sizeof(struct ntlmssp2_name
);
349 cifs_strtoUTF16((__le16
*)blobptr
, ses
->domainName
, dlen
, nls_cp
);
354 /* Server has provided av pairs/target info in the type 2 challenge
355 * packet and we have plucked it and stored within smb session.
356 * We parse that blob here to find netbios domain name to be used
357 * as part of ntlmv2 authentication (in Target String), if not already
358 * specified on the command line.
359 * If this function returns without any error but without fetching
360 * domain name, authentication may fail against some server but
361 * may not fail against other (those who are not very particular
362 * about target string i.e. for some, just user name might suffice.
365 find_domain_name(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
367 unsigned int attrsize
;
369 unsigned int onesize
= sizeof(struct ntlmssp2_name
);
370 unsigned char *blobptr
;
371 unsigned char *blobend
;
372 struct ntlmssp2_name
*attrptr
;
374 if (!ses
->auth_key
.len
|| !ses
->auth_key
.response
)
377 blobptr
= ses
->auth_key
.response
;
378 blobend
= blobptr
+ ses
->auth_key
.len
;
380 while (blobptr
+ onesize
< blobend
) {
381 attrptr
= (struct ntlmssp2_name
*) blobptr
;
382 type
= le16_to_cpu(attrptr
->type
);
383 if (type
== NTLMSSP_AV_EOL
)
385 blobptr
+= 2; /* advance attr type */
386 attrsize
= le16_to_cpu(attrptr
->length
);
387 blobptr
+= 2; /* advance attr size */
388 if (blobptr
+ attrsize
> blobend
)
390 if (type
== NTLMSSP_AV_NB_DOMAIN_NAME
) {
393 if (!ses
->domainName
) {
395 kmalloc(attrsize
+ 1, GFP_KERNEL
);
396 if (!ses
->domainName
)
398 cifs_from_utf16(ses
->domainName
,
399 (__le16
*)blobptr
, attrsize
, attrsize
,
404 blobptr
+= attrsize
; /* advance attr value */
410 static int calc_ntlmv2_hash(struct cifs_ses
*ses
, char *ntlmv2_hash
,
411 const struct nls_table
*nls_cp
)
415 char nt_hash
[CIFS_NTHASH_SIZE
];
420 if (!ses
->server
->secmech
.sdeschmacmd5
) {
421 cifs_dbg(VFS
, "%s: can't generate ntlmv2 hash\n", __func__
);
425 /* calculate md4 hash of password */
426 E_md4hash(ses
->password
, nt_hash
, nls_cp
);
428 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
, nt_hash
,
431 cifs_dbg(VFS
, "%s: Could not set NT Hash as a key\n", __func__
);
435 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
437 cifs_dbg(VFS
, "%s: could not init hmacmd5\n", __func__
);
441 /* convert ses->user_name to unicode */
442 len
= ses
->user_name
? strlen(ses
->user_name
) : 0;
443 user
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
450 len
= cifs_strtoUTF16(user
, ses
->user_name
, len
, nls_cp
);
453 memset(user
, '\0', 2);
456 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
457 (char *)user
, 2 * len
);
460 cifs_dbg(VFS
, "%s: Could not update with user\n", __func__
);
464 /* convert ses->domainName to unicode and uppercase */
465 if (ses
->domainName
) {
466 len
= strlen(ses
->domainName
);
468 domain
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
469 if (domain
== NULL
) {
473 len
= cifs_strtoUTF16((__le16
*)domain
, ses
->domainName
, len
,
476 crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
477 (char *)domain
, 2 * len
);
480 cifs_dbg(VFS
, "%s: Could not update with domain\n",
484 } else if (ses
->serverName
) {
485 len
= strlen(ses
->serverName
);
487 server
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
488 if (server
== NULL
) {
492 len
= cifs_strtoUTF16((__le16
*)server
, ses
->serverName
, len
,
495 crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
496 (char *)server
, 2 * len
);
499 cifs_dbg(VFS
, "%s: Could not update with server\n",
505 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
508 cifs_dbg(VFS
, "%s: Could not generate md5 hash\n", __func__
);
514 CalcNTLMv2_response(const struct cifs_ses
*ses
, char *ntlmv2_hash
)
517 unsigned int offset
= CIFS_SESS_KEY_SIZE
+ 8;
519 if (!ses
->server
->secmech
.sdeschmacmd5
) {
520 cifs_dbg(VFS
, "%s: can't generate ntlmv2 hash\n", __func__
);
524 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
,
525 ntlmv2_hash
, CIFS_HMAC_MD5_HASH_SIZE
);
527 cifs_dbg(VFS
, "%s: Could not set NTLMV2 Hash as a key\n",
532 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
534 cifs_dbg(VFS
, "%s: could not init hmacmd5\n", __func__
);
538 if (ses
->server
->negflavor
== CIFS_NEGFLAVOR_EXTENDED
)
539 memcpy(ses
->auth_key
.response
+ offset
,
540 ses
->ntlmssp
->cryptkey
, CIFS_SERVER_CHALLENGE_SIZE
);
542 memcpy(ses
->auth_key
.response
+ offset
,
543 ses
->server
->cryptkey
, CIFS_SERVER_CHALLENGE_SIZE
);
544 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
545 ses
->auth_key
.response
+ offset
, ses
->auth_key
.len
- offset
);
547 cifs_dbg(VFS
, "%s: Could not update with response\n", __func__
);
551 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
552 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
);
554 cifs_dbg(VFS
, "%s: Could not generate md5 hash\n", __func__
);
561 setup_ntlmv2_rsp(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
566 struct ntlmv2_resp
*buf
;
567 char ntlmv2_hash
[16];
568 unsigned char *tiblob
= NULL
; /* target info blob */
570 if (ses
->server
->negflavor
== CIFS_NEGFLAVOR_EXTENDED
) {
571 if (!ses
->domainName
) {
572 rc
= find_domain_name(ses
, nls_cp
);
574 cifs_dbg(VFS
, "error %d finding domain name\n",
576 goto setup_ntlmv2_rsp_ret
;
580 rc
= build_avpair_blob(ses
, nls_cp
);
582 cifs_dbg(VFS
, "error %d building av pair blob\n", rc
);
583 goto setup_ntlmv2_rsp_ret
;
587 baselen
= CIFS_SESS_KEY_SIZE
+ sizeof(struct ntlmv2_resp
);
588 tilen
= ses
->auth_key
.len
;
589 tiblob
= ses
->auth_key
.response
;
591 ses
->auth_key
.response
= kmalloc(baselen
+ tilen
, GFP_KERNEL
);
592 if (!ses
->auth_key
.response
) {
594 ses
->auth_key
.len
= 0;
595 goto setup_ntlmv2_rsp_ret
;
597 ses
->auth_key
.len
+= baselen
;
599 buf
= (struct ntlmv2_resp
*)
600 (ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
);
601 buf
->blob_signature
= cpu_to_le32(0x00000101);
603 buf
->time
= cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME
));
604 get_random_bytes(&buf
->client_chal
, sizeof(buf
->client_chal
));
607 memcpy(ses
->auth_key
.response
+ baselen
, tiblob
, tilen
);
609 /* calculate ntlmv2_hash */
610 rc
= calc_ntlmv2_hash(ses
, ntlmv2_hash
, nls_cp
);
612 cifs_dbg(VFS
, "could not get v2 hash rc %d\n", rc
);
613 goto setup_ntlmv2_rsp_ret
;
616 /* calculate first part of the client response (CR1) */
617 rc
= CalcNTLMv2_response(ses
, ntlmv2_hash
);
619 cifs_dbg(VFS
, "Could not calculate CR1 rc: %d\n", rc
);
620 goto setup_ntlmv2_rsp_ret
;
623 /* now calculate the session key for NTLMv2 */
624 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
,
625 ntlmv2_hash
, CIFS_HMAC_MD5_HASH_SIZE
);
627 cifs_dbg(VFS
, "%s: Could not set NTLMV2 Hash as a key\n",
629 goto setup_ntlmv2_rsp_ret
;
632 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
634 cifs_dbg(VFS
, "%s: Could not init hmacmd5\n", __func__
);
635 goto setup_ntlmv2_rsp_ret
;
638 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
639 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
,
640 CIFS_HMAC_MD5_HASH_SIZE
);
642 cifs_dbg(VFS
, "%s: Could not update with response\n", __func__
);
643 goto setup_ntlmv2_rsp_ret
;
646 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
647 ses
->auth_key
.response
);
649 cifs_dbg(VFS
, "%s: Could not generate md5 hash\n", __func__
);
651 setup_ntlmv2_rsp_ret
:
658 calc_seckey(struct cifs_ses
*ses
)
661 struct crypto_blkcipher
*tfm_arc4
;
662 struct scatterlist sgin
, sgout
;
663 struct blkcipher_desc desc
;
664 unsigned char sec_key
[CIFS_SESS_KEY_SIZE
]; /* a nonce */
666 get_random_bytes(sec_key
, CIFS_SESS_KEY_SIZE
);
668 tfm_arc4
= crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC
);
669 if (IS_ERR(tfm_arc4
)) {
670 rc
= PTR_ERR(tfm_arc4
);
671 cifs_dbg(VFS
, "could not allocate crypto API arc4\n");
677 rc
= crypto_blkcipher_setkey(tfm_arc4
, ses
->auth_key
.response
,
680 cifs_dbg(VFS
, "%s: Could not set response as a key\n",
685 sg_init_one(&sgin
, sec_key
, CIFS_SESS_KEY_SIZE
);
686 sg_init_one(&sgout
, ses
->ntlmssp
->ciphertext
, CIFS_CPHTXT_SIZE
);
688 rc
= crypto_blkcipher_encrypt(&desc
, &sgout
, &sgin
, CIFS_CPHTXT_SIZE
);
690 cifs_dbg(VFS
, "could not encrypt session key rc: %d\n", rc
);
691 crypto_free_blkcipher(tfm_arc4
);
695 /* make secondary_key/nonce as session key */
696 memcpy(ses
->auth_key
.response
, sec_key
, CIFS_SESS_KEY_SIZE
);
697 /* and make len as that of session key only */
698 ses
->auth_key
.len
= CIFS_SESS_KEY_SIZE
;
700 crypto_free_blkcipher(tfm_arc4
);
706 cifs_crypto_shash_release(struct TCP_Server_Info
*server
)
708 if (server
->secmech
.cmacaes
)
709 crypto_free_shash(server
->secmech
.cmacaes
);
711 if (server
->secmech
.hmacsha256
)
712 crypto_free_shash(server
->secmech
.hmacsha256
);
714 if (server
->secmech
.md5
)
715 crypto_free_shash(server
->secmech
.md5
);
717 if (server
->secmech
.hmacmd5
)
718 crypto_free_shash(server
->secmech
.hmacmd5
);
720 kfree(server
->secmech
.sdesccmacaes
);
722 kfree(server
->secmech
.sdeschmacsha256
);
724 kfree(server
->secmech
.sdeschmacmd5
);
726 kfree(server
->secmech
.sdescmd5
);
730 cifs_crypto_shash_allocate(struct TCP_Server_Info
*server
)
735 server
->secmech
.hmacmd5
= crypto_alloc_shash("hmac(md5)", 0, 0);
736 if (IS_ERR(server
->secmech
.hmacmd5
)) {
737 cifs_dbg(VFS
, "could not allocate crypto hmacmd5\n");
738 return PTR_ERR(server
->secmech
.hmacmd5
);
741 server
->secmech
.md5
= crypto_alloc_shash("md5", 0, 0);
742 if (IS_ERR(server
->secmech
.md5
)) {
743 cifs_dbg(VFS
, "could not allocate crypto md5\n");
744 rc
= PTR_ERR(server
->secmech
.md5
);
745 goto crypto_allocate_md5_fail
;
748 server
->secmech
.hmacsha256
= crypto_alloc_shash("hmac(sha256)", 0, 0);
749 if (IS_ERR(server
->secmech
.hmacsha256
)) {
750 cifs_dbg(VFS
, "could not allocate crypto hmacsha256\n");
751 rc
= PTR_ERR(server
->secmech
.hmacsha256
);
752 goto crypto_allocate_hmacsha256_fail
;
755 server
->secmech
.cmacaes
= crypto_alloc_shash("cmac(aes)", 0, 0);
756 if (IS_ERR(server
->secmech
.cmacaes
)) {
757 cifs_dbg(VFS
, "could not allocate crypto cmac-aes");
758 rc
= PTR_ERR(server
->secmech
.cmacaes
);
759 goto crypto_allocate_cmacaes_fail
;
762 size
= sizeof(struct shash_desc
) +
763 crypto_shash_descsize(server
->secmech
.hmacmd5
);
764 server
->secmech
.sdeschmacmd5
= kmalloc(size
, GFP_KERNEL
);
765 if (!server
->secmech
.sdeschmacmd5
) {
767 goto crypto_allocate_hmacmd5_sdesc_fail
;
769 server
->secmech
.sdeschmacmd5
->shash
.tfm
= server
->secmech
.hmacmd5
;
770 server
->secmech
.sdeschmacmd5
->shash
.flags
= 0x0;
772 size
= sizeof(struct shash_desc
) +
773 crypto_shash_descsize(server
->secmech
.md5
);
774 server
->secmech
.sdescmd5
= kmalloc(size
, GFP_KERNEL
);
775 if (!server
->secmech
.sdescmd5
) {
777 goto crypto_allocate_md5_sdesc_fail
;
779 server
->secmech
.sdescmd5
->shash
.tfm
= server
->secmech
.md5
;
780 server
->secmech
.sdescmd5
->shash
.flags
= 0x0;
782 size
= sizeof(struct shash_desc
) +
783 crypto_shash_descsize(server
->secmech
.hmacsha256
);
784 server
->secmech
.sdeschmacsha256
= kmalloc(size
, GFP_KERNEL
);
785 if (!server
->secmech
.sdeschmacsha256
) {
787 goto crypto_allocate_hmacsha256_sdesc_fail
;
789 server
->secmech
.sdeschmacsha256
->shash
.tfm
= server
->secmech
.hmacsha256
;
790 server
->secmech
.sdeschmacsha256
->shash
.flags
= 0x0;
792 size
= sizeof(struct shash_desc
) +
793 crypto_shash_descsize(server
->secmech
.cmacaes
);
794 server
->secmech
.sdesccmacaes
= kmalloc(size
, GFP_KERNEL
);
795 if (!server
->secmech
.sdesccmacaes
) {
796 cifs_dbg(VFS
, "%s: Can't alloc cmacaes\n", __func__
);
798 goto crypto_allocate_cmacaes_sdesc_fail
;
800 server
->secmech
.sdesccmacaes
->shash
.tfm
= server
->secmech
.cmacaes
;
801 server
->secmech
.sdesccmacaes
->shash
.flags
= 0x0;
805 crypto_allocate_cmacaes_sdesc_fail
:
806 kfree(server
->secmech
.sdeschmacsha256
);
808 crypto_allocate_hmacsha256_sdesc_fail
:
809 kfree(server
->secmech
.sdescmd5
);
811 crypto_allocate_md5_sdesc_fail
:
812 kfree(server
->secmech
.sdeschmacmd5
);
814 crypto_allocate_hmacmd5_sdesc_fail
:
815 crypto_free_shash(server
->secmech
.cmacaes
);
817 crypto_allocate_cmacaes_fail
:
818 crypto_free_shash(server
->secmech
.hmacsha256
);
820 crypto_allocate_hmacsha256_fail
:
821 crypto_free_shash(server
->secmech
.md5
);
823 crypto_allocate_md5_fail
:
824 crypto_free_shash(server
->secmech
.hmacmd5
);