Probably harmless to change this code path (build_ntlmssp_auth_blob is
called at session negotiation time so shouldn't have much of a
performance impact).
On the other hand if we can find optimizations in the encryption and
signing paths, that would be really helpful. There was a lot of
focus on encryption performance at SambaXP last week.
Andreas from Redhat gave a talk on the improvements in Samba with TLS
implementation of AES-GCM. I added the cifs client implementation of
AES-GCM and notice it is now faster to encrypt packets than sign them
(performance is about 2 to 3 times faster now with GCM).
On Sun, Jun 9, 2019 at 6:57 AM Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:
>
> The CIFS code uses the sync skcipher API to invoke the ecb(arc4) skcipher,
> of which only a single generic C code implementation exists. This means
> that going through all the trouble of using scatterlists etc buys us
> very little, and we're better off just invoking the arc4 library directly.
>
> Cc: linux-cifs@xxxxxxxxxxxxxxx
> Cc: Steve French <sfrench@xxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
> fs/cifs/Kconfig | 2 +-
> fs/cifs/cifsencrypt.c | 50 +++++---------------
> 2 files changed, 13 insertions(+), 39 deletions(-)
>
> diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
> index aae2b8b2adf5..523e9ea78a28 100644
> --- a/fs/cifs/Kconfig
> +++ b/fs/cifs/Kconfig
> @@ -10,7 +10,7 @@ config CIFS
> select CRYPTO_SHA512
> select CRYPTO_CMAC
> select CRYPTO_HMAC
> - select CRYPTO_ARC4
> + select CRYPTO_LIB_ARC4
> select CRYPTO_AEAD2
> select CRYPTO_CCM
> select CRYPTO_ECB
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index d2a05e46d6f5..d0ab5a38e5d2 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -33,7 +33,7 @@
> #include <linux/ctype.h>
> #include <linux/random.h>
> #include <linux/highmem.h>
> -#include <crypto/skcipher.h>
> +#include <crypto/arc4.h>
> #include <crypto/aead.h>
>
> int __cifs_calc_signature(struct smb_rqst *rqst,
> @@ -772,11 +772,9 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
> int
> calc_seckey(struct cifs_ses *ses)
> {
> - int rc;
> - struct crypto_skcipher *tfm_arc4;
> - struct scatterlist sgin, sgout;
> - struct skcipher_request *req;
> + struct crypto_arc4_ctx *ctx_arc4;
> unsigned char *sec_key;
> + int rc = 0;
>
> sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
> if (sec_key == NULL)
> @@ -784,49 +782,25 @@ calc_seckey(struct cifs_ses *ses)
>
> get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
>
> - tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
> - if (IS_ERR(tfm_arc4)) {
> - rc = PTR_ERR(tfm_arc4);
> - cifs_dbg(VFS, "could not allocate crypto API arc4\n");
> - goto out;
> - }
> -
> - rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
> - CIFS_SESS_KEY_SIZE);
> - if (rc) {
> - cifs_dbg(VFS, "%s: Could not set response as a key\n",
> - __func__);
> - goto out_free_cipher;
> - }
> -
> - req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
> - if (!req) {
> + ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
> + if (!ctx_arc4) {
> rc = -ENOMEM;
> - cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
> - goto out_free_cipher;
> + cifs_dbg(VFS, "could not allocate arc4 context\n");
> + goto out;
> }
>
> - sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
> - sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
> -
> - skcipher_request_set_callback(req, 0, NULL, NULL);
> - skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL);
> -
> - rc = crypto_skcipher_encrypt(req);
> - skcipher_request_free(req);
> - if (rc) {
> - cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
> - goto out_free_cipher;
> - }
> + crypto_arc4_set_key(ctx_arc4, ses->auth_key.response,
> + CIFS_SESS_KEY_SIZE);
> + crypto_arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
> + CIFS_CPHTXT_SIZE);
>
> /* make secondary_key/nonce as session key */
> memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
> /* and make len as that of session key only */
> ses->auth_key.len = CIFS_SESS_KEY_SIZE;
>
> -out_free_cipher:
> - crypto_free_skcipher(tfm_arc4);
> out:
> + kfree(ctx_arc4);
> kfree(sec_key);
> return rc;
> }
> --
> 2.20.1
>
--
Thanks,
Steve
