On Thu, 21 Oct 2010 14:25:17 -0500 shirishpargaon...@gmail.com wrote: > From: Shirish Pargaonkar <shirishpargaon...@gmail.com> > > > Use kernel crypto sync hash apis insetead of cifs crypto functions. > The calls typically corrospond one to one except that insead of > key init, setkey is used. > > Use crypto apis to generate smb signagtures also. > Use hmac-md5 to genereate ntlmv2 hash, ntlmv2 response, and HMAC (CR1 of > ntlmv2 auth blob. > User crypto apis to genereate signature and to verify signature. > md5 hash is used to calculate signature. > Use secondary key to calculate signature in case of ntlmssp. > > For ntlmv2 within ntlmssp, during signature calculation, only 16 bytes key > (a nonce) stored within session key is used. during smb signature calculation. > For ntlm and ntlmv2 without extended security, 16 bytes key > as well as entire response (24 bytes in case of ntlm and variable length > in case of ntlmv2) is used for smb signature calculation. > For kerberos, there is no distinction between key and response. > > > Signed-off-by: Shirish Pargaonkar <shirishpargaon...@gmail.com>
Looks fine overall. Again, my expertise in the crypto/NTLMSSP area is limited, so I'll just give an ack here. Acked-by: Jeff Layton <jlay...@redhat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
