On 09/08/2010 10:14 AM, shirishpargaonkar@xxxxxxxxx wrote: > From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > > > Defining per smb connection structures, sdesc, ntlmssp_auth, cifs_secmech, > and cphready. > > Fields tilen and tilbob are session specific. > > sdesc holds security descriptor, ntlmssp_auth holds secondary key which > is a nonce that gets used as a key to generate signatures, > ciphertext is genereated by rc4/arc4 encryption of secondary key using > ntlmv2 session key and sent in the session key field of the type 3 message > sent by the client during ntlmssp negotiation/exchange > These are per session structures and secondary key and cipher text > get calculated only once per smb connection, during first smb session setup > for that smb connection. > > Field cphready is used to mark such that once secondary keys and ciphertext > are calculated during very first smb session setup for a smb connection > and ciphertext is sent to the server, the same does not happen during > subsequent smb session setups/establishments. > > if key exchange is negotiated between client and server, hmacmd5 and md5 hold > respective crypto function/algorithm. > > tilen and tiblob hold the length and blob that is target info or > attribute value (av) pairs, which is part of the authentication blob. > These are per smb session fields. > > Various defines are defined such as values used in AV pairs/Target Info pairs. > And various key and hash sizes are also defined. > > The reason mac_key was changed to session key is, this structure does not hold > message authentication code, it holds the session key (for ntlmv2, ntlmv1 etc.). > mac is generated as a signature in cifs_calc* functions. > wondering whether making mac_key => session_key change a separate patch would help/make it simpler..? -- Suresh Jayaraman -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
