On Thu, 09 Sep 2010 16:20:41 +0530 Suresh Jayaraman <[email protected]> wrote:
> On 09/08/2010 10:14 AM, [email protected] wrote: > > From: Shirish Pargaonkar <[email protected]> > > > > > > Defining per smb connection structures, sdesc, ntlmssp_auth, cifs_secmech, > > and cphready. > > > > Fields tilen and tilbob are session specific. > > > > sdesc holds security descriptor, ntlmssp_auth holds secondary key which > > is a nonce that gets used as a key to generate signatures, > > ciphertext is genereated by rc4/arc4 encryption of secondary key using > > ntlmv2 session key and sent in the session key field of the type 3 message > > sent by the client during ntlmssp negotiation/exchange > > These are per session structures and secondary key and cipher text > > get calculated only once per smb connection, during first smb session setup > > for that smb connection. > > > > Field cphready is used to mark such that once secondary keys and ciphertext > > are calculated during very first smb session setup for a smb connection > > and ciphertext is sent to the server, the same does not happen during > > subsequent smb session setups/establishments. > > > > if key exchange is negotiated between client and server, hmacmd5 and md5 > > hold > > respective crypto function/algorithm. > > > > tilen and tiblob hold the length and blob that is target info or > > attribute value (av) pairs, which is part of the authentication blob. > > These are per smb session fields. > > > > Various defines are defined such as values used in AV pairs/Target Info > > pairs. > > And various key and hash sizes are also defined. > > > > The reason mac_key was changed to session key is, this structure does not > > hold > > message authentication code, it holds the session key (for ntlmv2, ntlmv1 > > etc.). > > mac is generated as a signature in cifs_calc* functions. > > > > wondering whether making mac_key => session_key change a separate patch > would help/make it simpler..? > +1 That would definitely help the signal to noise ratio. -- Jeff Layton <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
