From: Stefan Metzmacher <metze@samba.org>
To: Enzo Matsumiya <ematsumiya@suse.de>, linux-cifs@vger.kernel.org
Cc: smfrench@gmail.com, pc@cjr.nz, ronniesahlberg@gmail.com,
nspmangalore@gmail.com
Subject: Re: [RFC PATCH v2 1/3] cifs: introduce AES-GMAC signing support for SMB 3.1.1
Date: Wed, 14 Sep 2022 06:07:56 +0200 [thread overview]
Message-ID: <0f2d41bf-f0da-aa10-76a3-ced2a3cebba3@samba.org> (raw)
In-Reply-To: <20220829213354.2714-2-ematsumiya@suse.de>
Hi Enzo,
> +static int smb311_crypt_sign(struct smb_rqst *rqst, int num_rqst, int enc,
> + bool sign_only, struct crypto_aead *tfm, u8 *key,
> + unsigned int keylen, u8 *iv, unsigned int assoclen,
> + unsigned int cryptlen)
> +{
> + struct smb2_hdr *shdr = (struct smb2_hdr *)rqst[0].rq_iov[0].iov_base;
> + struct smb2_transform_hdr *tr_hdr =
> + (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base;
> + u8 sig[SMB2_SIGNATURE_SIZE] = { 0 };
> + struct aead_request *aead_req;
> + DECLARE_CRYPTO_WAIT(wait);
> + struct scatterlist *sg;
I'd propose to keep the encryption and signing cases separate
as pdu layout of an encrypted TRANSFORM is completely different
from the signing an SMB2 message. So having them in one function
is just confusing.
> +static int smb311_aes_gmac_nonce(struct smb2_hdr *shdr, bool is_server,
> + u8 **out_nonce)
> +{
> + struct {
> + /* for MessageId (8 bytes) */
> + __le64 mid;
> + /* for role (client or server) and if SMB2 CANCEL (4 bytes) */
> + __le32 role;
> + } __packed nonce;
> +
> + if (!shdr || !out_nonce)
> + return -EINVAL;
>
> - if (!rc && enc)
> - memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
> + *out_nonce = kzalloc(SMB3_AES_GCM_NONCE, GFP_KERNEL);
> + if (!*out_nonce)
> + return -ENOMEM;
Why wasting time to allocate/free a 12 byte buffer for every pdu?
Can't we have a named structure and pass in a reference from the
caller, which has it on the stack?
metze
next prev parent reply other threads:[~2022-09-14 4:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-29 21:33 [RFC PATCH v2 0/3] cifs: introduce support for AES-GMAC signing Enzo Matsumiya
2022-08-29 21:33 ` [RFC PATCH v2 1/3] cifs: introduce AES-GMAC signing support for SMB 3.1.1 Enzo Matsumiya
2022-09-14 4:07 ` Stefan Metzmacher [this message]
2022-09-14 14:32 ` Enzo Matsumiya
2022-09-14 14:47 ` Stefan Metzmacher
2022-08-29 21:33 ` [RFC PATCH v2 2/3] cifs: deprecate 'enable_negotiate_signing' module param Enzo Matsumiya
2022-08-29 21:33 ` [RFC PATCH v2 3/3] cifs: show signing algorithm name in DebugData Enzo Matsumiya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0f2d41bf-f0da-aa10-76a3-ced2a3cebba3@samba.org \
--to=metze@samba.org \
--cc=ematsumiya@suse.de \
--cc=linux-cifs@vger.kernel.org \
--cc=nspmangalore@gmail.com \
--cc=pc@cjr.nz \
--cc=ronniesahlberg@gmail.com \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).