Re: [PATCH -v3 1/4 cifs] NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds

Jeff Layton <jlayton@xxxxxxxxxx> · Tue, 14 Sep 2010 07:03:28 -0400

On Mon, 13 Sep 2010 14:15:10 -0500
shirishpargaonkar@xxxxxxxxx wrote:

> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
> 
> 
> Change name of variable mac_key to session key.
> The reason mac_key was changed to session key is, this structure does not
> hold message authentication code, it holds the session key (for ntlmv2,
> ntlmv1 etc.).  mac is generated as a signature in cifs_calc* functions.
> 
> 
> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
> ---
>  fs/cifs/cifsencrypt.c |   22 +++++++++++-----------
>  fs/cifs/cifsglob.h    |    4 ++--
>  fs/cifs/cifsproto.h   |    4 ++--
>  fs/cifs/sess.c        |   10 +++++-----
>  fs/cifs/transport.c   |    6 +++---
>  5 files changed, 23 insertions(+), 23 deletions(-)
> 
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index 35042d8..eed70ca 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -42,7 +42,7 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
>  		       unsigned char *p24);
>  
>  static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
> -				    const struct mac_key *key, char *signature)
> +				const struct session_key *key, char *signature)
>  {
>  	struct	MD5Context context;
>  
> @@ -78,7 +78,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
>  	server->sequence_number++;
>  	spin_unlock(&GlobalMid_Lock);
>  
> -	rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key,
> +	rc = cifs_calculate_signature(cifs_pdu, &server->session_key,
>  				      smb_signature);
>  	if (rc)
>  		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
> @@ -89,7 +89,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
>  }
>  
>  static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
> -				const struct mac_key *key, char *signature)
> +				const struct session_key *key, char *signature)
>  {
>  	struct  MD5Context context;
>  	int i;
> @@ -145,7 +145,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
>  	server->sequence_number++;
>  	spin_unlock(&GlobalMid_Lock);
>  
> -	rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key,
> +	rc = cifs_calc_signature2(iov, n_vec, &server->session_key,
>  				      smb_signature);
>  	if (rc)
>  		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
> @@ -156,14 +156,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
>  }
>  
>  int cifs_verify_signature(struct smb_hdr *cifs_pdu,
> -			  const struct mac_key *mac_key,
> +			  const struct session_key *session_key,
>  			  __u32 expected_sequence_number)
>  {
>  	unsigned int rc;
>  	char server_response_sig[8];
>  	char what_we_think_sig_should_be[20];
>  
> -	if ((cifs_pdu == NULL) || (mac_key == NULL))
> +	if (cifs_pdu == NULL || session_key == NULL)
>  		return -EINVAL;
>  
>  	if (cifs_pdu->Command == SMB_COM_NEGOTIATE)
> @@ -192,7 +192,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
>  					cpu_to_le32(expected_sequence_number);
>  	cifs_pdu->Signature.Sequence.Reserved = 0;
>  
> -	rc = cifs_calculate_signature(cifs_pdu, mac_key,
> +	rc = cifs_calculate_signature(cifs_pdu, session_key,
>  		what_we_think_sig_should_be);
>  
>  	if (rc)
> @@ -209,7 +209,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
>  }
>  
>  /* We fill in key by putting in 40 byte array which was allocated by caller */
> -int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +int cifs_calculate_session_key(struct session_key *key, const char *rn,
>  			   const char *password)
>  {
>  	char temp_key[16];
> @@ -347,11 +347,11 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
>  	/* now calculate the MAC key for NTLMv2 */
>  	hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context);
>  	hmac_md5_update(resp_buf, 16, &context);
> -	hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context);
> +	hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context);
>  
> -	memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf,
> +	memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
>  	       sizeof(struct ntlmv2_resp));
> -	ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp);
> +	ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp);
>  }
>  
>  void CalcNTLMv2_response(const struct cifsSesInfo *ses,
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 0cdfb8c..14dfa9a 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -97,7 +97,7 @@ enum protocolEnum {
>  	/* Netbios frames protocol not supported at this time */
>  };
>  
> -struct mac_key {
> +struct session_key {
>  	unsigned int len;
>  	union {
>  		char ntlm[CIFS_SESS_KEY_SIZE + 16];
> @@ -182,7 +182,7 @@ struct TCP_Server_Info {
>  	/* 16th byte of RFC1001 workstation name is always null */
>  	char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
>  	__u32 sequence_number; /* needed for CIFS PDU signature */
> -	struct mac_key mac_signing_key;
> +	struct session_key session_key;
>  	char ntlmv2_hash[16];
>  	unsigned long lstrp; /* when we got last response from this server */
>  	u16 dialect; /* dialect index that server chose */
> diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
> index 1d60c65..3f4fa81 100644
> --- a/fs/cifs/cifsproto.h
> +++ b/fs/cifs/cifsproto.h
> @@ -362,9 +362,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *);
>  extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *,
>  			  __u32 *);
>  extern int cifs_verify_signature(struct smb_hdr *,
> -				 const struct mac_key *mac_key,
> +				 const struct session_key *session_key,
>  				__u32 expected_sequence_number);
> -extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +extern int cifs_calculate_session_key(struct session_key *key, const char *rn,
>  				 const char *pass);
>  extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
>  extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index 0a57cb7..8882012 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -480,7 +480,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>  	/* calculate session key,  BB what about adding similar ntlmv2 path? */
>  	SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key);
>  	if (first)
> -		cifs_calculate_mac_key(&ses->server->mac_signing_key,
> +		cifs_calculate_session_key(&ses->server->session_key,
>  				       ntlm_session_key, ses->password);
>  
>  	memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE);
> @@ -690,7 +690,7 @@ ssetup_ntlmssp_authenticate:
>  
>  		if (first_time) /* should this be moved into common code
>  				  with similar ntlmv2 path? */
> -			cifs_calculate_mac_key(&ses->server->mac_signing_key,
> +			cifs_calculate_session_key(&ses->server->session_key,
>  				ntlm_session_key, ses->password);
>  		/* copy session key */
>  
> @@ -765,15 +765,15 @@ ssetup_ntlmssp_authenticate:
>  		}
>  		/* bail out if key is too long */
>  		if (msg->sesskey_len >
> -		    sizeof(ses->server->mac_signing_key.data.krb5)) {
> +		    sizeof(ses->server->session_key.data.krb5)) {
>  			cERROR(1, "Kerberos signing key too long (%u bytes)",
>  				msg->sesskey_len);
>  			rc = -EOVERFLOW;
>  			goto ssetup_exit;
>  		}
>  		if (first_time) {
> -			ses->server->mac_signing_key.len = msg->sesskey_len;
> -			memcpy(ses->server->mac_signing_key.data.krb5,
> +			ses->server->session_key.len = msg->sesskey_len;
> +			memcpy(ses->server->session_key.data.krb5,
>  				msg->data, msg->sesskey_len);
>  		}
>  		pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
> diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
> index 82f78c4..a66c91e 100644
> --- a/fs/cifs/transport.c
> +++ b/fs/cifs/transport.c
> @@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
>  		    (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
>  					     SECMODE_SIGN_ENABLED))) {
>  			rc = cifs_verify_signature(midQ->resp_buf,
> -						&ses->server->mac_signing_key,
> +						&ses->server->session_key,
>  						midQ->sequence_number+1);
>  			if (rc) {
>  				cERROR(1, "Unexpected SMB signature");
> @@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
>  		    (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
>  					     SECMODE_SIGN_ENABLED))) {
>  			rc = cifs_verify_signature(out_buf,
> -						&ses->server->mac_signing_key,
> +						&ses->server->session_key,
>  						midQ->sequence_number+1);
>  			if (rc) {
>  				cERROR(1, "Unexpected SMB signature");
> @@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
>  	    (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
>  				     SECMODE_SIGN_ENABLED))) {
>  		rc = cifs_verify_signature(out_buf,
> -					   &ses->server->mac_signing_key,
> +					   &ses->server->session_key,
>  					   midQ->sequence_number+1);
>  		if (rc) {
>  			cERROR(1, "Unexpected SMB signature");

Thanks for splitting that out. It should make the later patches more
clear.

Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html