Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp523495pxb; Wed, 18 Aug 2021 07:47:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKMSQGxvcZdPxkWCEM/fJYclTUhqKH3XO7cGFZWoq2bTn3/q+/7TwZ+PDclh7Gq3uQoDg5 X-Received: by 2002:a92:d647:: with SMTP id x7mr6075971ilp.123.1629298032811; Wed, 18 Aug 2021 07:47:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629298032; cv=none; d=google.com; s=arc-20160816; b=XlmlbTlNAut6FpAJ3jBMkJZDSof0Cas2HFomRlARB1i5+SL1SQo+u4tXTZdCOc1uhM iBmKgV/pUXkVuoY2q3h4lBmmEyP6suPJ3W2w9bChRngHleEqSy+MGwoKPnoFk0dCkSR2 Rk3DoQgKt/YdmaYBgLtkwNgexOg8BF+yRI6HB7yCp0qGU1n/rvgGmm82ykAyHKH8rYAW 2mXPIy/og3PahpkfnjfBc20iZFcX+YZftn7ny1xSUVFFL5tR+pkNWY5M9OzUQXFLBkrg dSN9kTH94ht9I6ZA1qskDcxCTrQPZ9p0jBos5x2v+zJ7O3cq1R3CC5+E/a66KdWCMMd7 NERQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=geTiE/DrfAK8mObpMEcjP+nLt/uj4y1fSUxwqr6GD3U=; b=08jo59i/s/pFxcDX/C/Gp33cObIqZueCprhaFuXKf8fbNqFS6Ey9XMqhoBXjeJ0Gnv 8GHakadQPJYAySO1BF7zCvRcJJ4dvPDdh30WmOFnrSRKlXOnD1rypECXVULJx0NQx3CK eN9KfiOPKbkEiqsbyUPDckRJer3GqO6vnl9K+yc0EpM/RG7vhUGn5pIWb6uvM1X/AqXl oYmW+wHP5PLomsPcPSn7e00A5YFC3qHQkaEEqjlgnmIe9+gnSvQikpfeVhGcCfDJ/SEm /hNWiW3M7qND77fvOAQ54DSV2mqeB83YbCLMttUtoSZcaJ3isyHE7BaeGylscpak2+si /Qhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="t9cQF9M/"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l3si5375592jaq.39.2021.08.18.07.46.52; Wed, 18 Aug 2021 07:47:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="t9cQF9M/"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238799AbhHROrP (ORCPT + 99 others); Wed, 18 Aug 2021 10:47:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:42946 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239504AbhHROrL (ORCPT ); Wed, 18 Aug 2021 10:47:11 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C776C610E8; Wed, 18 Aug 2021 14:46:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629297996; bh=dnNq6pJOVqMIA97HptfxlkewvfMJcMfte5he5jYR9nE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t9cQF9M/rznmq/IZpk1Caz2WuRKx0hHhNursqzQGAieboRfpQCzq4+RHwA9igD88Z ffj8/JRjrotXD/QMJf+Zk6nLK+iITsbiAIWoM4K90d9H81L0OMuyz4Z8YLgSHN7dqB 071znGvWl/pnr2fdWmjr0L51e+h4AM7KsFW9/0Ck7+ZKBiFshtrMoz3yJioUFUl5IU 4CxvQZQrSYgv07TyAwoRBEbAd5CzwPMxKPl/YEXrRJ/ElEYEkNxDtD9nuuGr96yITZ R22LjQ6ie14cExtBdUFRZLpeRfm4XHh3tQ8fiO6cxG16ozbSGqzjcX1Zn8cl/eiBcQ EAbYyeUXWng2w== From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel Subject: [PATCH 1/2] fs/cifs: Incorporate obsolete MD4 crypto code Date: Wed, 18 Aug 2021 16:46:16 +0200 Message-Id: <20210818144617.110061-2-ardb@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210818144617.110061-1-ardb@kernel.org> References: <20210818144617.110061-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org MD4 belongs in a museum, not in a modern OS kernel, but sadly, the CIFS code still relies on it, and so we have had to keep it around. So let's move the MD4 implementation back into the CIFS code (where it used to reside up until 2003), so that we can drop it from the crypto API in a subsequent patch. Signed-off-by: Ard Biesheuvel --- fs/cifs/Kconfig | 1 - fs/cifs/cifsfs.c | 1 - fs/cifs/smbencrypt.c | 200 +++++++++++++++++--- 3 files changed, 177 insertions(+), 25 deletions(-) diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index 7364950a9ef4..748f4dd3466c 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig @@ -4,7 +4,6 @@ config CIFS depends on INET select NLS select CRYPTO - select CRYPTO_MD4 select CRYPTO_MD5 select CRYPTO_SHA256 select CRYPTO_SHA512 diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 64b71c4e2a9d..06ce13d274f8 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1755,7 +1755,6 @@ MODULE_DESCRIPTION MODULE_VERSION(CIFS_VERSION); MODULE_SOFTDEP("ecb"); MODULE_SOFTDEP("hmac"); -MODULE_SOFTDEP("md4"); MODULE_SOFTDEP("md5"); MODULE_SOFTDEP("nls"); MODULE_SOFTDEP("aes"); diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c index 39a938443e3e..77f720dca86f 100644 --- a/fs/cifs/smbencrypt.c +++ b/fs/cifs/smbencrypt.c @@ -38,6 +38,177 @@ #define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) #define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val))) +#define MD4_DIGEST_SIZE 16 +#define MD4_HMAC_BLOCK_SIZE 64 +#define MD4_BLOCK_WORDS 16 +#define MD4_HASH_WORDS 4 + +struct md4_ctx { + u32 hash[MD4_HASH_WORDS]; + u32 block[MD4_BLOCK_WORDS]; + u64 byte_count; +}; + +static inline u32 lshift(u32 x, unsigned int s) +{ + x &= 0xFFFFFFFF; + return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); +} + +static inline u32 F(u32 x, u32 y, u32 z) +{ + return (x & y) | ((~x) & z); +} + +static inline u32 G(u32 x, u32 y, u32 z) +{ + return (x & y) | (x & z) | (y & z); +} + +static inline u32 H(u32 x, u32 y, u32 z) +{ + return x ^ y ^ z; +} + +#define ROUND1(a,b,c,d,k,s) (a = lshift(a + F(b,c,d) + k, s)) +#define ROUND2(a,b,c,d,k,s) (a = lshift(a + G(b,c,d) + k + (u32)0x5A827999,s)) +#define ROUND3(a,b,c,d,k,s) (a = lshift(a + H(b,c,d) + k + (u32)0x6ED9EBA1,s)) + +static void md4_transform(u32 *hash, u32 const *in) +{ + u32 a, b, c, d; + + a = hash[0]; + b = hash[1]; + c = hash[2]; + d = hash[3]; + + ROUND1(a, b, c, d, in[0], 3); + ROUND1(d, a, b, c, in[1], 7); + ROUND1(c, d, a, b, in[2], 11); + ROUND1(b, c, d, a, in[3], 19); + ROUND1(a, b, c, d, in[4], 3); + ROUND1(d, a, b, c, in[5], 7); + ROUND1(c, d, a, b, in[6], 11); + ROUND1(b, c, d, a, in[7], 19); + ROUND1(a, b, c, d, in[8], 3); + ROUND1(d, a, b, c, in[9], 7); + ROUND1(c, d, a, b, in[10], 11); + ROUND1(b, c, d, a, in[11], 19); + ROUND1(a, b, c, d, in[12], 3); + ROUND1(d, a, b, c, in[13], 7); + ROUND1(c, d, a, b, in[14], 11); + ROUND1(b, c, d, a, in[15], 19); + + ROUND2(a, b, c, d,in[ 0], 3); + ROUND2(d, a, b, c, in[4], 5); + ROUND2(c, d, a, b, in[8], 9); + ROUND2(b, c, d, a, in[12], 13); + ROUND2(a, b, c, d, in[1], 3); + ROUND2(d, a, b, c, in[5], 5); + ROUND2(c, d, a, b, in[9], 9); + ROUND2(b, c, d, a, in[13], 13); + ROUND2(a, b, c, d, in[2], 3); + ROUND2(d, a, b, c, in[6], 5); + ROUND2(c, d, a, b, in[10], 9); + ROUND2(b, c, d, a, in[14], 13); + ROUND2(a, b, c, d, in[3], 3); + ROUND2(d, a, b, c, in[7], 5); + ROUND2(c, d, a, b, in[11], 9); + ROUND2(b, c, d, a, in[15], 13); + + ROUND3(a, b, c, d,in[ 0], 3); + ROUND3(d, a, b, c, in[8], 9); + ROUND3(c, d, a, b, in[4], 11); + ROUND3(b, c, d, a, in[12], 15); + ROUND3(a, b, c, d, in[2], 3); + ROUND3(d, a, b, c, in[10], 9); + ROUND3(c, d, a, b, in[6], 11); + ROUND3(b, c, d, a, in[14], 15); + ROUND3(a, b, c, d, in[1], 3); + ROUND3(d, a, b, c, in[9], 9); + ROUND3(c, d, a, b, in[5], 11); + ROUND3(b, c, d, a, in[13], 15); + ROUND3(a, b, c, d, in[3], 3); + ROUND3(d, a, b, c, in[11], 9); + ROUND3(c, d, a, b, in[7], 11); + ROUND3(b, c, d, a, in[15], 15); + + hash[0] += a; + hash[1] += b; + hash[2] += c; + hash[3] += d; +} + +static inline void md4_transform_helper(struct md4_ctx *ctx) +{ + le32_to_cpu_array(ctx->block, ARRAY_SIZE(ctx->block)); + md4_transform(ctx->hash, ctx->block); +} + +static void md4_init(struct md4_ctx *mctx) +{ + mctx->hash[0] = 0x67452301; + mctx->hash[1] = 0xefcdab89; + mctx->hash[2] = 0x98badcfe; + mctx->hash[3] = 0x10325476; + mctx->byte_count = 0; +} + +static void md4_update(struct md4_ctx *mctx, const u8 *data, unsigned int len) +{ + const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f); + + mctx->byte_count += len; + + if (avail > len) { + memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), + data, len); + return; + } + + memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), + data, avail); + + md4_transform_helper(mctx); + data += avail; + len -= avail; + + while (len >= sizeof(mctx->block)) { + memcpy(mctx->block, data, sizeof(mctx->block)); + md4_transform_helper(mctx); + data += sizeof(mctx->block); + len -= sizeof(mctx->block); + } + + memcpy(mctx->block, data, len); +} + +static void md4_final(struct md4_ctx *mctx, u8 *out) +{ + const unsigned int offset = mctx->byte_count & 0x3f; + char *p = (char *)mctx->block + offset; + int padding = 56 - (offset + 1); + + *p++ = 0x80; + if (padding < 0) { + memset(p, 0x00, padding + sizeof (u64)); + md4_transform_helper(mctx); + p = (char *)mctx->block; + padding = 56; + } + + memset(p, 0, padding); + mctx->block[14] = mctx->byte_count << 3; + mctx->block[15] = mctx->byte_count >> 29; + le32_to_cpu_array(mctx->block, (sizeof(mctx->block) - + sizeof(u64)) / sizeof(u32)); + md4_transform(mctx->hash, mctx->block); + cpu_to_le32_array(mctx->hash, ARRAY_SIZE(mctx->hash)); + memcpy(out, mctx->hash, sizeof(mctx->hash)); + memset(mctx, 0, sizeof(*mctx)); +} + static void str_to_key(unsigned char *str, unsigned char *key) { @@ -108,31 +279,14 @@ E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24) int mdfour(unsigned char *md4_hash, unsigned char *link_str, int link_len) { - int rc; - struct crypto_shash *md4 = NULL; - struct sdesc *sdescmd4 = NULL; + struct md4_ctx md4; - rc = cifs_alloc_hash("md4", &md4, &sdescmd4); - if (rc) - goto mdfour_err; - - rc = crypto_shash_init(&sdescmd4->shash); - if (rc) { - cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__); - goto mdfour_err; - } - rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len); - if (rc) { - cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__); - goto mdfour_err; - } - rc = crypto_shash_final(&sdescmd4->shash, md4_hash); - if (rc) - cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__); + md4_init(&md4); + md4_update(&md4, link_str, link_len); + md4_final(&md4, md4_hash); -mdfour_err: - cifs_free_hash(&md4, &sdescmd4); - return rc; + memzero_explicit(&md4, sizeof(md4)); + return 0; } /* -- 2.20.1