found another typo in patch 5 ccm instead of gcm - fixing it now
On Thu, Oct 15, 2020 at 11:33 AM Steve French <smfrench@xxxxxxxxx> wrote:
>
> Good point. Updated patches attached. Also added a one line comment
> to smb2pdu.h mentioning why we don't request AES_256_CCM
>
>
> On Thu, Oct 15, 2020 at 3:49 AM Aurélien Aptel <aaptel@xxxxxxxx> wrote:
> >
> > Hi Steve,
> >
> > Patch 2:
> >
> > > From 3897b440fd14dfc7b2ad2b0a922302ea7705b5d9 Mon Sep 17 00:00:00 2001
> > > From: Steve French <stfrench@xxxxxxxxxxxxx>
> > > Date: Wed, 14 Oct 2020 20:24:09 -0500
> > > Subject: [PATCH 2/5] smb3.1.1: add new module load parm enable_gcm_256
> > > --- a/fs/cifs/smb2pdu.h
> > > +++ b/fs/cifs/smb2pdu.h
> > > @@ -361,8 +361,9 @@ struct smb2_encryption_neg_context {
> > > __le16 ContextType; /* 2 */
> > > __le16 DataLength;
> > > __le32 Reserved;
> > > - __le16 CipherCount; /* AES-128-GCM and AES-128-CCM */
> > > - __le16 Ciphers[2];
> > > + /* CipherCount usally 2, but can be 3 when AES256-GCM enabled */
> > > + __le16 CipherCount; /* AES128-GCM and AES128-CCM by defalt */
> >
> > Typo defalt => default
> >
> > > + __le16 Ciphers[3];
> > > } __packed;
> > >
> > > /* See MS-SMB2 2.2.3.1.3 */
> > > --
> > > 2.25.1
> > >
> >
> > Patch 5:
> >
> > > From 314d7476e404c37acb77c3f9ecc142122e7afbfd Mon Sep 17 00:00:00 2001
> > > From: Steve French <stfrench@xxxxxxxxxxxxx>
> > > Date: Fri, 11 Sep 2020 16:47:09 -0500
> > > Subject: [PATCH 5/5] smb3.1.1: set gcm256 when requested
> > >
> > > update code to set 32 byte key length and to set gcm256 when requested
> > > on mount.
> > >
> > > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > > ---
> > > fs/cifs/smb2glob.h | 1 +
> > > fs/cifs/smb2ops.c | 20 ++++++++++++--------
> > > fs/cifs/smb2transport.c | 16 ++++++++--------
> > > 3 files changed, 21 insertions(+), 16 deletions(-)
> > >
> > > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> > > index dd1edabec328..d8e74954d101 100644
> > > --- a/fs/cifs/smb2ops.c
> > > +++ b/fs/cifs/smb2ops.c
> > > @@ -3954,7 +3954,12 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst,
> > >
> > > tfm = enc ? server->secmech.ccmaesencrypt :
> > > server->secmech.ccmaesdecrypt;
> > > - rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE);
> > > +
> > > + if (require_gcm_256)
> > > + rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
> >
> > Shouldn't the check be on server->cipher_type?
> >
> > > + else
> > > + rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE);
> > > +
> > > if (rc) {
> > > cifs_server_dbg(VFS, "%s: Failed to set aead key %d\n", __func__, rc);
> > > return rc;
> >
> > --
> > Aurélien Aptel / SUSE Labs Samba Team
> > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
> > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
>
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
