{"id":2224815,"url":"http://patchwork.ozlabs.org/api/patches/2224815/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260418221311.67583-2-ebiggers@kernel.org/","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260418221311.67583-2-ebiggers@kernel.org>","list_archive_url":null,"date":"2026-04-18T22:13:08","name":"[v2,1/4] smb: client: Use AES-CMAC library for SMB3 signature calculation","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"c57eb8af5aef0988fedfae85373a7a9b9123ac93","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260418221311.67583-2-ebiggers@kernel.org/mbox/","series":[{"id":500471,"url":"http://patchwork.ozlabs.org/api/series/500471/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=500471","date":"2026-04-18T22:13:07","name":"smb: client: Use AES-CMAC library","version":2,"mbox":"http://patchwork.ozlabs.org/series/500471/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224815/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224815/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=dPG2NKF2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10903-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"dPG2NKF2\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fymHq6zWlz1yGs\n\tfor ; Sun, 19 Apr 2026 08:14:15 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 0DE2D301F9B7\n\tfor ; Sat, 18 Apr 2026 22:13:39 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 0EF2D346FA6;\n\tSat, 18 Apr 2026 22:13:38 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id DD8A7346A07;\n\tSat, 18 Apr 2026 22:13:37 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 6339FC2BCB4;\n\tSat, 18 Apr 2026 22:13:37 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776550417; cv=none;\n b=ItIl9v59lKf8qJk2pYiD8VopytvPkDQ+EUNsqb5qmY9lqgDnxXIZYcUIEp0x/y9b9v5vpVIhBp/offdDrjPfZkcCz3GIZl5mNPPA7oRzs11w7s6KH1AlWWxy/NzjnNUYEZXXLmNgzTcfVKVQbPTW3TnuABa1dOk9Kr5yXIIYqlg=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776550417; c=relaxed/simple;\n\tbh=waPxGS4ymJDY+x+TK7tcOvGyddpnwah8yt2ZpfyHgA8=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=SmXKMsh3P7yKtzT+WQJJXu/abNpUbZipRF85670OTMJuTzopL9QJJYV1f917ktr1oJX+lWE4NnWpEYXRR1CMNNxQzqW329kURqMPbodTatgZxiQ/6vvQVpuMJSAceWi2fw6NtPVQfTWO6wuvSJyNtZQCEv7u9FIv4H6R5VSQPGw=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=dPG2NKF2; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776550417;\n\tbh=waPxGS4ymJDY+x+TK7tcOvGyddpnwah8yt2ZpfyHgA8=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=dPG2NKF28m/Yrg6E7dZuZ6LoOL9j9Q4hFjaG22y3ZQwdh2nvCDoM1SXuBoJh2hb1Y\n\t VFpWKY/JwTdWiksVmwCjBNjC8QBVcvq6j6SN0OpwKKiUK0unou/A/Y53MAv9hOOZj6\n\t m08VPI3iEnH1J108CXep2KgytDiF+LJZo0ew+x/pzYOJz/roL6hi3WnEHz90AbsZb9\n\t HnaMxRoxJtOFjiM1lIVkWowTxUNzTb4lz1lBav6YflrQkI/we6LO7ojSU/soxPGaRk\n\t trqdNJYiuLTZPGm8m8o1L9/LW/lkjertIKyLvI4ZN49ZWGJf1UXLTicUksBfYwJJ2f\n\t 2TmVfF4HRnLmQ==","From":"Eric Biggers ","To":"linux-cifs@vger.kernel.org,\n\tSteve French ","Cc":"linux-crypto@vger.kernel.org,\n\tsamba-technical@lists.samba.org,\n\tlinux-kernel@vger.kernel.org,\n\tArd Biesheuvel ,\n\tPaulo Alcantara ,\n\tRonnie Sahlberg ,\n\tShyam Prasad N ,\n\tTom Talpey ,\n\tBharath SM ,\n\tEric Biggers ","Subject":"[PATCH v2 1/4] smb: client: Use AES-CMAC library for SMB3 signature\n calculation","Date":"Sat, 18 Apr 2026 15:13:08 -0700","Message-ID":"<20260418221311.67583-2-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260418221311.67583-1-ebiggers@kernel.org>","References":"<20260418221311.67583-1-ebiggers@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Convert smb3_calc_signature() to use the AES-CMAC library instead of a\n\"cmac(aes)\" crypto_shash.\n\nThe result is simpler and faster code. With the library there's no need\nto allocate memory, no need to handle errors except for key preparation,\nand the AES-CMAC code is accessed directly without inefficient indirect\ncalls and other unnecessary API overhead.\n\nFor now a \"cmac(aes)\" crypto_shash is still being allocated in\n'struct cifs_secmech'. Later commits will remove that, simplifying the\ncode even further.\n\nReviewed-by: Ard Biesheuvel \nSigned-off-by: Eric Biggers \n---\n fs/smb/client/Kconfig | 1 +\n fs/smb/client/cifsencrypt.c | 60 ++++++++++++-----------------------\n fs/smb/client/cifsglob.h | 2 +-\n fs/smb/client/smb2transport.c | 41 +++++-------------------\n 4 files changed, 30 insertions(+), 74 deletions(-)","diff":"diff --git a/fs/smb/client/Kconfig b/fs/smb/client/Kconfig\nindex 63831242fddfb..029bbe595d5fa 100644\n--- a/fs/smb/client/Kconfig\n+++ b/fs/smb/client/Kconfig\n@@ -8,10 +8,11 @@ config CIFS\n \tselect CRYPTO_CMAC\n \tselect CRYPTO_AEAD2\n \tselect CRYPTO_CCM\n \tselect CRYPTO_GCM\n \tselect CRYPTO_AES\n+\tselect CRYPTO_LIB_AES_CBC_MACS\n \tselect CRYPTO_LIB_ARC4\n \tselect CRYPTO_LIB_MD5\n \tselect CRYPTO_LIB_SHA256\n \tselect CRYPTO_LIB_SHA512\n \tselect KEYS\ndiff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c\nindex 3d731f3af235f..d092bca2df62d 100644\n--- a/fs/smb/client/cifsencrypt.c\n+++ b/fs/smb/client/cifsencrypt.c\n@@ -20,66 +20,49 @@\n #include \n #include \n #include \n #include \n #include \n+#include \n #include \n #include \n #include \n \n-static int cifs_sig_update(struct cifs_calc_sig_ctx *ctx,\n-\t\t\t const u8 *data, size_t len)\n+static size_t cifs_sig_step(void *iter_base, size_t progress, size_t len,\n+\t\t\t void *priv, void *priv2)\n {\n-\tif (ctx->md5) {\n-\t\tmd5_update(ctx->md5, data, len);\n-\t\treturn 0;\n-\t}\n-\tif (ctx->hmac) {\n-\t\thmac_sha256_update(ctx->hmac, data, len);\n-\t\treturn 0;\n-\t}\n-\treturn crypto_shash_update(ctx->shash, data, len);\n+\tstruct cifs_calc_sig_ctx *ctx = priv;\n+\n+\tif (ctx->md5)\n+\t\tmd5_update(ctx->md5, iter_base, len);\n+\telse if (ctx->hmac)\n+\t\thmac_sha256_update(ctx->hmac, iter_base, len);\n+\telse\n+\t\taes_cmac_update(ctx->cmac, iter_base, len);\n+\treturn 0; /* Return value is length *not* processed, i.e. 0. */\n }\n \n-static int cifs_sig_final(struct cifs_calc_sig_ctx *ctx, u8 *out)\n+static void cifs_sig_final(struct cifs_calc_sig_ctx *ctx, u8 *out)\n {\n-\tif (ctx->md5) {\n+\tif (ctx->md5)\n \t\tmd5_final(ctx->md5, out);\n-\t\treturn 0;\n-\t}\n-\tif (ctx->hmac) {\n+\telse if (ctx->hmac)\n \t\thmac_sha256_final(ctx->hmac, out);\n-\t\treturn 0;\n-\t}\n-\treturn crypto_shash_final(ctx->shash, out);\n-}\n-\n-static size_t cifs_sig_step(void *iter_base, size_t progress, size_t len,\n-\t\t\t void *priv, void *priv2)\n-{\n-\tstruct cifs_calc_sig_ctx *ctx = priv;\n-\tint ret, *pret = priv2;\n-\n-\tret = cifs_sig_update(ctx, iter_base, len);\n-\tif (ret < 0) {\n-\t\t*pret = ret;\n-\t\treturn len;\n-\t}\n-\treturn 0;\n+\telse\n+\t\taes_cmac_final(ctx->cmac, out);\n }\n \n /*\n * Pass the data from an iterator into a hash.\n */\n static int cifs_sig_iter(const struct iov_iter *iter, size_t maxsize,\n \t\t\t struct cifs_calc_sig_ctx *ctx)\n {\n \tstruct iov_iter tmp_iter = *iter;\n \tsize_t did;\n-\tint err;\n \n-\tdid = iterate_and_advance_kernel(&tmp_iter, maxsize, ctx, &err,\n+\tdid = iterate_and_advance_kernel(&tmp_iter, maxsize, ctx, NULL,\n \t\t\t\t\t cifs_sig_step);\n \tif (did != maxsize)\n \t\treturn smb_EIO2(smb_eio_trace_sig_iter, did, maxsize);\n \treturn 0;\n }\n@@ -106,15 +89,12 @@ int __cifs_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,\n \n \trc = cifs_sig_iter(&rqst->rq_iter, iov_iter_count(&rqst->rq_iter), ctx);\n \tif (rc < 0)\n \t\treturn rc;\n \n-\trc = cifs_sig_final(ctx, signature);\n-\tif (rc)\n-\t\tcifs_dbg(VFS, \"%s: Could not generate hash\\n\", __func__);\n-\n-\treturn rc;\n+\tcifs_sig_final(ctx, signature);\n+\treturn 0;\n }\n \n /* Build a proper attribute value/target info pairs blob.\n * Fill in netbios and dns domain name and workstation name\n * and client time (total five av pairs and + one end of fields indicator.\ndiff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h\nindex ccfde157d3bef..74265d055c265 100644\n--- a/fs/smb/client/cifsglob.h\n+++ b/fs/smb/client/cifsglob.h\n@@ -2322,11 +2322,11 @@ static inline void mid_execute_callback(struct TCP_Server_Info *server,\n \t FILE_SUPPORTS_REPARSE_POINTS))\n \n struct cifs_calc_sig_ctx {\n \tstruct md5_ctx *md5;\n \tstruct hmac_sha256_ctx *hmac;\n-\tstruct shash_desc *shash;\n+\tstruct aes_cmac_ctx *cmac;\n };\n \n #define CIFS_RECONN_DELAY_SECS\t30\n #define CIFS_MAX_RECONN_DELAY\t(4 * CIFS_RECONN_DELAY_SECS)\n \ndiff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c\nindex 81be2b226e264..b233e0cd91529 100644\n--- a/fs/smb/client/smb2transport.c\n+++ b/fs/smb/client/smb2transport.c\n@@ -17,10 +17,11 @@\n #include \n #include \n #include \n #include \n #include \n+#include \n #include \n #include \n #include \"cifsglob.h\"\n #include \"cifsproto.h\"\n #include \"smb2proto.h\"\n@@ -472,11 +473,12 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,\n {\n \tint rc;\n \tunsigned char smb3_signature[SMB2_CMACAES_SIZE];\n \tstruct kvec *iov = rqst->rq_iov;\n \tstruct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;\n-\tstruct shash_desc *shash = NULL;\n+\tstruct aes_cmac_key cmac_key;\n+\tstruct aes_cmac_ctx cmac_ctx;\n \tstruct smb_rqst drqst;\n \tu8 key[SMB3_SIGN_KEY_SIZE];\n \n \tif (server->vals->protocol_id <= SMB21_PROT_ID)\n \t\treturn smb2_calc_signature(rqst, server, allocate_crypto);\n@@ -485,67 +487,40 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,\n \tif (unlikely(rc)) {\n \t\tcifs_server_dbg(FYI, \"%s: Could not get signing key\\n\", __func__);\n \t\treturn rc;\n \t}\n \n-\tif (allocate_crypto) {\n-\t\trc = cifs_alloc_hash(\"cmac(aes)\", &shash);\n-\t\tif (rc)\n-\t\t\treturn rc;\n-\t} else {\n-\t\tshash = server->secmech.aes_cmac;\n-\t}\n-\n \tmemset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);\n \tmemset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);\n \n-\trc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE);\n+\trc = aes_cmac_preparekey(&cmac_key, key, SMB2_CMACAES_SIZE);\n \tif (rc) {\n \t\tcifs_server_dbg(VFS, \"%s: Could not set key for cmac aes\\n\", __func__);\n-\t\tgoto out;\n+\t\treturn rc;\n \t}\n \n-\t/*\n-\t * we already allocate aes_cmac when we init smb3 signing key,\n-\t * so unlike smb2 case we do not have to check here if secmech are\n-\t * initialized\n-\t */\n-\trc = crypto_shash_init(shash);\n-\tif (rc) {\n-\t\tcifs_server_dbg(VFS, \"%s: Could not init cmac aes\\n\", __func__);\n-\t\tgoto out;\n-\t}\n+\taes_cmac_init(&cmac_ctx, &cmac_key);\n \n \t/*\n \t * For SMB2+, __cifs_calc_signature() expects to sign only the actual\n \t * data, that is, iov[0] should not contain a rfc1002 length.\n \t *\n \t * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to\n \t * __cifs_calc_signature().\n \t */\n \tdrqst = *rqst;\n \tif (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {\n-\t\trc = crypto_shash_update(shash, iov[0].iov_base,\n-\t\t\t\t\t iov[0].iov_len);\n-\t\tif (rc) {\n-\t\t\tcifs_server_dbg(VFS, \"%s: Could not update with payload\\n\",\n-\t\t\t\t __func__);\n-\t\t\tgoto out;\n-\t\t}\n+\t\taes_cmac_update(&cmac_ctx, iov[0].iov_base, iov[0].iov_len);\n \t\tdrqst.rq_iov++;\n \t\tdrqst.rq_nvec--;\n \t}\n \n \trc = __cifs_calc_signature(\n \t\t&drqst, server, smb3_signature,\n-\t\t&(struct cifs_calc_sig_ctx){ .shash = shash });\n+\t\t&(struct cifs_calc_sig_ctx){ .cmac = &cmac_ctx });\n \tif (!rc)\n \t\tmemcpy(shdr->Signature, smb3_signature, SMB2_SIGNATURE_SIZE);\n-\n-out:\n-\tif (allocate_crypto)\n-\t\tcifs_free_hash(&shash);\n \treturn rc;\n }\n \n /* must be called with server->srv_mutex held */\n static int\n","prefixes":["v2","1/4"]}