[PATCH -v2 0/6] ntlmv2 within ntlmssp - enable and sign using crypto apis

[PATCH -v2 0/6] ntlmv2 within ntlmssp - enable and sign using crypto apis

[shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w]

Three major functionality changes


Make NTLMv2 as a default authentication mechanism within NTLMSSP

Enable cifs/smb signing

Use Crypto sync hash APIs instead of cifs crypto functions to genereate
various hashes such as arc4/rc4, md5, and hmac-md5 used during authentication
and smb/cifs signature generation

Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

Re: [PATCH -v2 0/6] ntlmv2 within ntlmssp - enable and sign using crypto apis

[Jeff Layton]

On Thu,  9 Sep 2010 13:16:55 -0500
shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:

> Three major functionality changes
> 

Maybe this should be 3 separate patchsets then? It would be best if
these major functionality changes were bisectable. Also, these patches
mix a lot of trivial cleanup code in with the deltas that actually make
the major changes. Those should be separated.

IOW, more patches that are smaller and targeted would be ideal.

> 
> Make NTLMv2 as a default authentication mechanism within NTLMSSP
> 
> Enable cifs/smb signing
> 
> Use Crypto sync hash APIs instead of cifs crypto functions to genereate
> various hashes such as arc4/rc4, md5, and hmac-md5 used during authentication
> and smb/cifs signature generation
> 

It seems like this set should be a net reduction in code or at least
something closer to 0. This set should not be merged without an
accompanying patch to remove the unused crypto code after the
conversion to the kernel crypto APIs.

-- 
Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>

Re: [PATCH -v2 0/6] ntlmv2 within ntlmssp - enable and sign using crypto apis

[Shirish Pargaonkar]

On Sun, Sep 12, 2010 at 7:27 PM, Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
> On Thu,  9 Sep 2010 13:16:55 -0500
> shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>
>> Three major functionality changes
>>
>
> Maybe this should be 3 separate patchsets then? It would be best if
> these major functionality changes were bisectable. Also, these patches
> mix a lot of trivial cleanup code in with the deltas that actually make
> the major changes. Those should be separated.
>
> IOW, more patches that are smaller and targeted would be ideal.
>
>>
>> Make NTLMv2 as a default authentication mechanism within NTLMSSP
>>
>> Enable cifs/smb signing
>>
>> Use Crypto sync hash APIs instead of cifs crypto functions to genereate
>> various hashes such as arc4/rc4, md5, and hmac-md5 used during authentication
>> and smb/cifs signature generation
>>
>
> It seems like this set should be a net reduction in code or at least
> something closer to 0. This set should not be merged without an
> accompanying patch to remove the unused crypto code after the
> conversion to the kernel crypto APIs.

I really do not have time to go through the code to remove the
unused cifs crypto code.  It is not trivial to remove those functions
because they still get used for ntlm authentication.
I am definitely not planning to attempt the code removal till end of the year.

>
> --
> Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH -v2 0/6] ntlmv2 within ntlmssp - enable and sign using crypto apis

[Shirish Pargaonkar]

On Sun, Sep 12, 2010 at 7:27 PM, Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
> On Thu,  9 Sep 2010 13:16:55 -0500
> shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>
>> Three major functionality changes
>>
>
> Maybe this should be 3 separate patchsets then? It would be best if
> these major functionality changes were bisectable. Also, these patches
> mix a lot of trivial cleanup code in with the deltas that actually make
> the major changes. Those should be separated.
>
> IOW, more patches that are smaller and targeted would be ideal.

It is probably easier to separate ntlmv2/ntlmssp authentication patch
but for signing, we need rc4/arcfour code which does not exist in cifs
and so we have to use linux kernel apis and lot of data structures that
get introduced in TCP_Server_Info structure.  Change from name
mac_key to session key would gate some of the changes in auth and
signing code. So I would really prefer to keep the patchset intact.

>
>>
>> Make NTLMv2 as a default authentication mechanism within NTLMSSP
>>
>> Enable cifs/smb signing
>>
>> Use Crypto sync hash APIs instead of cifs crypto functions to genereate
>> various hashes such as arc4/rc4, md5, and hmac-md5 used during authentication
>> and smb/cifs signature generation
>>
>
> It seems like this set should be a net reduction in code or at least
> something closer to 0. This set should not be merged without an
> accompanying patch to remove the unused crypto code after the
> conversion to the kernel crypto APIs.
>
> --
> Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>