smb3.1.1: set gcm256 when requested · tjh.dev/kernel@63ca565

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

smb3.1.1: set gcm256 when requested

update smb encryption code to set 32 byte key length and to
set gcm256 when requested on mount.

Signed-off-by: Steve French <stfrench@microsoft.com>

Steve French 5 years ago 63ca5656 fd08f2db

+17 -6

4 changed files

expand all

cifs

smb2glob.h

smb2ops.c

smb2pdu.h

smb2transport.c

fs/cifs/smb2glob.h

··· 58 58 #define SMB2_HMACSHA256_SIZE (32) 59 59 #define SMB2_CMACAES_SIZE (16) 60 60 #define SMB3_SIGNKEY_SIZE (16) 61 + #define SMB3_GCM256_CRYPTKEY_SIZE (32) 61 62 62 63 /* Maximum buffer size value we can send with 1 credit */ 63 64 #define SMB2_MAX_BUFFER_SIZE 65536

+10 -3

fs/cifs/smb2ops.c

··· 3820 3820 tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; 3821 3821 tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); 3822 3822 tr_hdr->Flags = cpu_to_le16(0x01); 3823 - if (cipher_type == SMB2_ENCRYPTION_AES128_GCM) 3823 + if ((cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 3824 + (cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 3824 3825 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_GCM_NONCE); 3825 3826 else 3826 3827 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE); ··· 3955 3954 3956 3955 tfm = enc ? server->secmech.ccmaesencrypt : 3957 3956 server->secmech.ccmaesdecrypt; 3958 - rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE); 3957 + 3958 + if (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM) 3959 + rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); 3960 + else 3961 + rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE); 3962 + 3959 3963 if (rc) { 3960 3964 cifs_server_dbg(VFS, "%s: Failed to set aead key %d\n", __func__, rc); 3961 3965 return rc; ··· 3998 3992 goto free_sg; 3999 3993 } 4000 3994 4001 - if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) 3995 + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 3996 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 4002 3997 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE); 4003 3998 else { 4004 3999 iv[0] = 3;

fs/cifs/smb2pdu.h

··· 352 352 /* Encryption Algorithms Ciphers */ 353 353 #define SMB2_ENCRYPTION_AES128_CCM cpu_to_le16(0x0001) 354 354 #define SMB2_ENCRYPTION_AES128_GCM cpu_to_le16(0x0002) 355 + /* we currently do not request AES256_CCM since presumably GCM faster */ 355 356 #define SMB2_ENCRYPTION_AES256_CCM cpu_to_le16(0x0003) 356 357 #define SMB2_ENCRYPTION_AES256_GCM cpu_to_le16(0x0004) 357 358

+5 -3

fs/cifs/smb2transport.c

··· 849 849 struct crypto_aead *tfm; 850 850 851 851 if (!server->secmech.ccmaesencrypt) { 852 - if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) 852 + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 853 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 853 854 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 854 855 else 855 856 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 856 857 if (IS_ERR(tfm)) { 857 - cifs_server_dbg(VFS, "%s: Failed to alloc encrypt aead\n", 858 + cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n", 858 859 __func__); 859 860 return PTR_ERR(tfm); 860 861 } ··· 863 862 } 864 863 865 864 if (!server->secmech.ccmaesdecrypt) { 866 - if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) 865 + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 866 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 867 867 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 868 868 else 869 869 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);