[PATCH 0/8] smb: client: More crypto library conversions

Linux-CIFS Archive mirror
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-cifs@vger.kernel.org, Steve French <sfrench@samba.org>
Cc: samba-technical@lists.samba.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, Paulo Alcantara <pc@manguebit.org>,
	Ronnie Sahlberg <ronniesahlberg@gmail.com>,
	Shyam Prasad N <sprasad@microsoft.com>,
	Tom Talpey <tom@talpey.com>, Bharath SM <bharathsm@microsoft.com>,
	Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 0/8] smb: client: More crypto library conversions
Date: Sat, 11 Oct 2025 18:57:30 -0700	[thread overview]
Message-ID: <20251012015738.244315-1-ebiggers@kernel.org> (raw)

This series converts fs/smb/client/ to access SHA-512, HMAC-SHA256, MD5,
and HMAC-MD5 using the library APIs instead of crypto_shash.

This simplifies the code significantly.  It also slightly improves
performance, as it eliminates unnecessary overhead.

Tested with Samba with all SMB versions, with mfsymlinks in the mount
options, 'server min protocol = NT1' and 'server signing = required' in
smb.conf, and doing a simple file data and symlink verification test.
That seems to cover all the modified code paths.

However, with SMB 1.0 I get "CIFS: VFS: SMB signature verification
returned error = -13", regardless of whether this series is applied or
not.  Presumably, testing that case requires some other setting I
couldn't find.

Regardless, these are straightforward conversions and all the actual
crypto is exactly the same as before, as far as I can tell.

Eric Biggers (8):
  smb: client: Use SHA-512 library for SMB3.1.1 preauth hash
  smb: client: Use HMAC-SHA256 library for key generation
  smb: client: Use HMAC-SHA256 library for SMB2 signature calculation
  smb: client: Use MD5 library for M-F symlink hashing
  smb: client: Use MD5 library for SMB1 signature calculation
  smb: client: Use HMAC-MD5 library for NTLMv2
  smb: client: Remove obsolete crypto_shash allocations
  smb: client: Consolidate cmac(aes) shash allocation

 fs/smb/client/Kconfig         |   7 +-
 fs/smb/client/cifsencrypt.c   | 201 +++++++++++++---------------------
 fs/smb/client/cifsfs.c        |   4 -
 fs/smb/client/cifsglob.h      |   3 -
 fs/smb/client/cifsproto.h     |  10 +-
 fs/smb/client/link.c          |  31 +-----
 fs/smb/client/sess.c          |   2 +-
 fs/smb/client/smb2misc.c      |  53 ++-------
 fs/smb/client/smb2proto.h     |   8 +-
 fs/smb/client/smb2transport.c | 164 +++++----------------------
 10 files changed, 131 insertions(+), 352 deletions(-)

base-commit: 67029a49db6c1f21106a1b5fcdd0ea234a6e0711
-- 
2.51.0

next             reply	other threads:[~2025-10-12  1:59 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-12  1:57 Eric Biggers [this message]
2025-10-12  1:57 ` [PATCH 1/8] smb: client: Use SHA-512 library for SMB3.1.1 preauth hash Eric Biggers
2025-10-12  1:57 ` [PATCH 2/8] smb: client: Use HMAC-SHA256 library for key generation Eric Biggers
2025-10-12  1:57 ` [PATCH 3/8] smb: client: Use HMAC-SHA256 library for SMB2 signature calculation Eric Biggers
2025-10-12  1:57 ` [PATCH 4/8] smb: client: Use MD5 library for M-F symlink hashing Eric Biggers
2025-10-12  1:57 ` [PATCH 5/8] smb: client: Use MD5 library for SMB1 signature calculation Eric Biggers
2025-10-12  1:57 ` [PATCH 6/8] smb: client: Use HMAC-MD5 library for NTLMv2 Eric Biggers
2025-10-12  1:57 ` [PATCH 7/8] smb: client: Remove obsolete crypto_shash allocations Eric Biggers
2025-10-12  1:57 ` [PATCH 8/8] smb: client: Consolidate cmac(aes) shash allocation Eric Biggers
2025-10-13 14:44 ` [PATCH 0/8] smb: client: More crypto library conversions Enzo Matsumiya
2025-10-14  6:07   ` Eric Biggers
2025-10-14  3:42 ` Eric Biggers
2025-10-17 16:12   ` Steve French
2025-10-17 16:24     ` Eric Biggers
2025-10-14  7:55 ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251012015738.244315-1-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=bharathsm@microsoft.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pc@manguebit.org \
    --cc=ronniesahlberg@gmail.com \
    --cc=samba-technical@lists.samba.org \
    --cc=sfrench@samba.org \
    --cc=sprasad@microsoft.com \
    --cc=tom@talpey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).