| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250806203705.2560493-18-dhowells@redhat.com>
Date: Wed, 6 Aug 2025 21:36:38 +0100
From: David Howells <dhowells@...hat.com>
To: Steve French <sfrench@...ba.org>
Cc: David Howells <dhowells@...hat.com>,
Paulo Alcantara <pc@...guebit.org>,
Shyam Prasad N <sprasad@...rosoft.com>,
Tom Talpey <tom@...pey.com>,
Wang Zhaolong <wangzhaolong@...weicloud.com>,
Stefan Metzmacher <metze@...ba.org>,
Mina Almasry <almasrymina@...gle.com>,
linux-cifs@...r.kernel.org,
linux-kernel@...r.kernel.org,
netfs@...ts.linux.dev,
linux-fsdevel@...r.kernel.org
Subject: [RFC PATCH 17/31] cifs: Rework smb2 decryption
Signed-off-by: David Howells <dhowells@...hat.com>
cc: Steve French <sfrench@...ba.org>
cc: Paulo Alcantara <pc@...guebit.org>
cc: Shyam Prasad N <sprasad@...rosoft.com>
cc: Tom Talpey <tom@...pey.com>
cc: linux-cifs@...r.kernel.org
cc: netfs@...ts.linux.dev
cc: linux-fsdevel@...r.kernel.org
---
fs/smb/client/cifsglob.h | 60 -----------------
fs/smb/client/smb2ops.c | 138 +++++----------------------------------
2 files changed, 15 insertions(+), 183 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index ae06c2b5a9c8..1eed8a463b58 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -2280,66 +2280,6 @@ static inline void move_cifs_info_to_smb2(struct smb2_file_all_info *dst, const
dst->FileNameLength = src->FileNameLength;
}
-static inline int cifs_get_num_sgs(const struct smb_rqst *rqst,
- int num_rqst,
- const u8 *sig)
-{
- unsigned int len, skip;
- unsigned int nents = 0;
- unsigned long addr;
- size_t data_size;
- int i, j;
-
- /*
- * The first rqst has a transform header where the first 20 bytes are
- * not part of the encrypted blob.
- */
- skip = 20;
-
- /* Assumes the first rqst has a transform header as the first iov.
- * I.e.
- * rqst[0].rq_iov[0] is transform header
- * rqst[0].rq_iov[1+] data to be encrypted/decrypted
- * rqst[1+].rq_iov[0+] data to be encrypted/decrypted
- */
- for (i = 0; i < num_rqst; i++) {
- data_size = iov_iter_count(&rqst[i].rq_iter);
-
- /* We really don't want a mixture of pinned and unpinned pages
- * in the sglist. It's hard to keep track of which is what.
- * Instead, we convert to a BVEC-type iterator higher up.
- */
- if (data_size &&
- WARN_ON_ONCE(user_backed_iter(&rqst[i].rq_iter)))
- return -EIO;
-
- /* We also don't want to have any extra refs or pins to clean
- * up in the sglist.
- */
- if (data_size &&
- WARN_ON_ONCE(iov_iter_extract_will_pin(&rqst[i].rq_iter)))
- return -EIO;
-
- for (j = 0; j < rqst[i].rq_nvec; j++) {
- struct kvec *iov = &rqst[i].rq_iov[j];
-
- addr = (unsigned long)iov->iov_base + skip;
- if (is_vmalloc_or_module_addr((void *)addr)) {
- len = iov->iov_len - skip;
- nents += DIV_ROUND_UP(offset_in_page(addr) + len,
- PAGE_SIZE);
- } else {
- nents++;
- }
- skip = 0;
- }
- if (data_size)
- nents += iov_iter_npages(&rqst[i].rq_iter, INT_MAX);
- }
- nents += DIV_ROUND_UP(offset_in_page(sig) + SMB2_SIGNATURE_SIZE, PAGE_SIZE);
- return nents;
-}
-
/* We can not use the normal sg_set_buf() as we will sometimes pass a
* stack object as buf.
*/
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index baa54e746f0f..5933757d0170 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4186,94 +4186,11 @@ fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
}
-static void *smb2_aead_req_alloc(struct crypto_aead *tfm, const struct smb_rqst *rqst,
- int num_rqst, const u8 *sig, u8 **iv,
- struct aead_request **req, struct sg_table *sgt,
- unsigned int *num_sgs, size_t *sensitive_size)
-{
- unsigned int req_size = sizeof(**req) + crypto_aead_reqsize(tfm);
- unsigned int iv_size = crypto_aead_ivsize(tfm);
- unsigned int len;
- u8 *p;
-
- *num_sgs = cifs_get_num_sgs(rqst, num_rqst, sig);
- if (IS_ERR_VALUE((long)(int)*num_sgs))
- return ERR_PTR(*num_sgs);
-
- len = iv_size;
- len += crypto_aead_alignmask(tfm) & ~(crypto_tfm_ctx_alignment() - 1);
- len = ALIGN(len, crypto_tfm_ctx_alignment());
- len += req_size;
- len = ALIGN(len, __alignof__(struct scatterlist));
- len += array_size(*num_sgs, sizeof(struct scatterlist));
- *sensitive_size = len;
-
- p = kvzalloc(len, GFP_NOFS);
- if (!p)
- return ERR_PTR(-ENOMEM);
-
- *iv = (u8 *)PTR_ALIGN(p, crypto_aead_alignmask(tfm) + 1);
- *req = (struct aead_request *)PTR_ALIGN(*iv + iv_size,
- crypto_tfm_ctx_alignment());
- sgt->sgl = (struct scatterlist *)PTR_ALIGN((u8 *)*req + req_size,
- __alignof__(struct scatterlist));
- return p;
-}
-
-static void *smb2_get_aead_req(struct crypto_aead *tfm, struct smb_rqst *rqst,
- int num_rqst, const u8 *sig, u8 **iv,
- struct aead_request **req, struct scatterlist **sgl,
- size_t *sensitive_size)
-{
- struct sg_table sgtable = {};
- unsigned int skip, num_sgs, i, j;
- ssize_t rc;
- void *p;
-
- p = smb2_aead_req_alloc(tfm, rqst, num_rqst, sig, iv, req, &sgtable,
- &num_sgs, sensitive_size);
- if (IS_ERR(p))
- return ERR_CAST(p);
-
- sg_init_marker(sgtable.sgl, num_sgs);
-
- /*
- * The first rqst has a transform header where the
- * first 20 bytes are not part of the encrypted blob.
- */
- skip = 20;
-
- for (i = 0; i < num_rqst; i++) {
- struct iov_iter *iter = &rqst[i].rq_iter;
- size_t count = iov_iter_count(iter);
-
- for (j = 0; j < rqst[i].rq_nvec; j++) {
- cifs_sg_set_buf(&sgtable,
- rqst[i].rq_iov[j].iov_base + skip,
- rqst[i].rq_iov[j].iov_len - skip);
-
- /* See the above comment on the 'skip' assignment */
- skip = 0;
- }
- sgtable.orig_nents = sgtable.nents;
-
- rc = extract_iter_to_sg(iter, count, &sgtable,
- num_sgs - sgtable.nents, 0);
- iov_iter_revert(iter, rc);
- sgtable.orig_nents = sgtable.nents;
- }
-
- cifs_sg_set_buf(&sgtable, sig, SMB2_SIGNATURE_SIZE);
- sg_mark_end(&sgtable.sgl[sgtable.nents - 1]);
- *sgl = sgtable.sgl;
- return p;
-}
-
/*
* Allocate the context info needed for the encryption operation, along with a
* scatterlist to point to the buffer.
*/
-static void *smb2_aead_req_alloc_new(struct crypto_aead *tfm, const struct iov_iter *iter,
+static void *smb2_aead_req_alloc(struct crypto_aead *tfm, const struct iov_iter *iter,
const u8 *sig, u8 **iv,
struct aead_request **req, struct sg_table *sgt,
unsigned int *num_sgs, size_t *sensitive_size)
@@ -4309,10 +4226,10 @@ static void *smb2_aead_req_alloc_new(struct crypto_aead *tfm, const struct iov_i
* Set up for doing a crypto operation, building a scatterlist from the
* supplied iterator.
*/
-static void *smb2_get_aead_req_new(struct crypto_aead *tfm, const struct iov_iter *iter,
- const u8 *sig, u8 **iv,
- struct aead_request **req, struct scatterlist **sgl,
- size_t *sensitive_size)
+static void *smb2_get_aead_req(struct crypto_aead *tfm, const struct iov_iter *iter,
+ const u8 *sig, u8 **iv,
+ struct aead_request **req, struct scatterlist **sgl,
+ size_t *sensitive_size)
{
struct sg_table sgtable = {};
struct iov_iter tmp = *iter;
@@ -4320,8 +4237,8 @@ static void *smb2_get_aead_req_new(struct crypto_aead *tfm, const struct iov_ite
ssize_t rc;
void *p;
- p = smb2_aead_req_alloc_new(tfm, iter, sig, iv, req, &sgtable,
- &num_sgs, sensitive_size);
+ p = smb2_aead_req_alloc(tfm, iter, sig, iv, req, &sgtable,
+ &num_sgs, sensitive_size);
if (IS_ERR(p))
return ERR_CAST(p);
@@ -4412,8 +4329,8 @@ encrypt_message(struct TCP_Server_Info *server,
return rc;
}
- creq = smb2_get_aead_req_new(tfm, iter, sign, &iv, &req, &sg,
- &sensitive_size);
+ creq = smb2_get_aead_req(tfm, iter, sign, &iv, &req, &sg,
+ &sensitive_size);
if (IS_ERR(creq))
return PTR_ERR(creq);
@@ -4446,11 +4363,10 @@ encrypt_message(struct TCP_Server_Info *server,
* untouched.
*/
static int
-decrypt_message(struct TCP_Server_Info *server, int num_rqst,
- struct smb_rqst *rqst, struct crypto_aead *tfm)
+decrypt_message(struct TCP_Server_Info *server,
+ struct smb2_transform_hdr *tr_hdr,
+ struct iov_iter *iter, struct crypto_aead *tfm)
{
- struct smb2_transform_hdr *tr_hdr =
- (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base;
unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
int rc = 0;
struct scatterlist *sg;
@@ -4486,8 +4402,7 @@ decrypt_message(struct TCP_Server_Info *server, int num_rqst,
return rc;
}
- creq = smb2_get_aead_req(tfm, rqst, num_rqst, sign, &iv, &req, &sg,
- &sensitive_size);
+ creq = smb2_get_aead_req(tfm, iter, sign, &iv, &req, &sg, &sensitive_size);
if (IS_ERR(creq))
return PTR_ERR(creq);
@@ -4546,24 +4461,10 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
unsigned int buf_data_size, struct iov_iter *iter,
bool is_offloaded)
{
+ struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf;
struct crypto_aead *tfm;
- struct smb_rqst rqst = {NULL};
- struct kvec iov[2];
- size_t iter_size = 0;
int rc;
- iov[0].iov_base = buf;
- iov[0].iov_len = sizeof(struct smb2_transform_hdr);
- iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
- iov[1].iov_len = buf_data_size;
-
- rqst.rq_iov = iov;
- rqst.rq_nvec = 2;
- if (iter) {
- rqst.rq_iter = *iter;
- iter_size = iov_iter_count(iter);
- }
-
if (is_offloaded) {
if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
(server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
@@ -4583,20 +4484,11 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
tfm = server->secmech.dec;
}
- rc = decrypt_message(server, 1, &rqst, tfm);
+ rc = decrypt_message(server, tr_hdr, iter, tfm);
cifs_dbg(FYI, "Decrypt message returned %d\n", rc);
if (is_offloaded)
crypto_free_aead(tfm);
-
- if (rc)
- return rc;
-
- memmove(buf, iov[1].iov_base, buf_data_size);
-
- if (!is_offloaded)
- server->total_read = buf_data_size + iter_size;
-
return rc;
}
Powered by blists - more mailing lists