Hi all, This is v3 of this series. Please refer to the original cover letter here: https://lore.kernel.org/linux-cifs/20220829213354.2714-1-ematsumiya@xxxxxxx/ Major changes from v2: - added patches 1-4 as some groundwork (see more below) - the core function is now smb311_calc_signature(), and it's been simplified a lot, and removed the "merge" with crypt_message() (thanks metze for the help!) - fix a very specific bug when AES-GMAC was used with KASAN enabled (patch 8/8) Summary of each patch below. Please refer to each individual commit message for more details: - Patch 1/8: smb3: rename encryption/decryption TFMs Rename the encryption/decryption TFMs to more meaningful names. - Patch 2/8: cifs: secmech: use shash_desc directly, remove sdesc This patch removes the sdesc struct and uses the crypto API shash_desc directly instead. It's what the API use anyway, so no need for a wrapper. - Patch 3/8: cifs: allocate ephemeral secmechs only on demand Remove the ephemeral, single-use TFMs from cifs_secmech, and allocate/free them only when they're used (on session setup), making the only long lived TFMs the signing and encrypting ones. - Patch 4/8: cifs: create sign/verify secmechs, don't leave keys in memory This patch goes further and completely remove the algorithm-specific TFMs from cifs_secmech, and introduce `sign' and `verify' TFMs. This removes the need to allocate a new TFM on every signature verification. Another added benefit is that's no longer necessary to keep the generated private keys in memory, as they're set right after negprot and the TFMs will use the expanded version of the keys internally. - Patch 5/8: cifs: introduce AES-GMAC signing support for SMB 3.1.1 Several changes needed to be made in this patch, see the commit message/changes for more details. - Patch 6/8: cifs: deprecate 'enable_negotiate_signing' module param - Patch 7/8: cifs: show signing algorithm name in DebugData The above patches are pretty much the same as v2. - Patch 8/8: cifs: use MAX_CIFS_SMALL_BUFFER_SIZE-8 as padding buffer I hit a use-after-free on the crypto API when using AES-GMAC, with KASAN enabled, and on a very specific test that used the smb2_padding array. In summary, KASAN was not happy with the stack-allocated array so this is the fix the I ended up with (of all the several forms of fix that I implemented). I welcome and expect all kinds of feedback and reviews. Cheers, Enzo Enzo Matsumiya (8): smb3: rename encryption/decryption TFMs cifs: secmech: use shash_desc directly, remove sdesc cifs: allocate ephemeral secmechs only on demand cifs: create sign/verify secmechs, don't leave keys in memory cifs: introduce AES-GMAC signing support for SMB 3.1.1 cifs: deprecate 'enable_negotiate_signing' module param cifs: show signing algorithm name in DebugData cifs: use MAX_CIFS_SMALL_BUFFER_SIZE-8 as padding buffer fs/cifs/cifs_debug.c | 7 +- fs/cifs/cifsencrypt.c | 157 ++++------- fs/cifs/cifsfs.c | 14 +- fs/cifs/cifsglob.h | 68 +++-- fs/cifs/cifsproto.h | 5 +- fs/cifs/link.c | 13 +- fs/cifs/misc.c | 49 ++-- fs/cifs/sess.c | 12 - fs/cifs/smb1ops.c | 6 + fs/cifs/smb2glob.h | 10 + fs/cifs/smb2misc.c | 29 +- fs/cifs/smb2ops.c | 103 ++----- fs/cifs/smb2pdu.c | 78 ++++-- fs/cifs/smb2pdu.h | 2 - fs/cifs/smb2proto.h | 15 +- fs/cifs/smb2transport.c | 581 +++++++++++++++++++++------------------- 16 files changed, 572 insertions(+), 577 deletions(-) -- 2.35.3
