On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
Patch LGTM
Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>
Stefan Metzmacher via samba-technical <samba-technical@xxxxxxxxxxxxxxx>
This isn't in MS-SMB2 yet.
Is this AES_128?
This is returned in latest Windows Server Insider builds but it's not
documented yet.
https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
I've asked dochelp about it during the SDC plugfest and they gave me
this:
The new ContextType is:
SMB2_SIGNING_CAPABILITIES 0x0008
The Data field contains a list of signing algorithms.
• It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
• It adds the AES-GMAC algorithm.
SigningAlgorithmCount (2 bytes): Count of signing algorithms
SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
The following IDs are assigned:
0 = HMAC-SHA256
1 = AES-CMAC
2 = AES-GMAC
I've been CCed in a Microsoft email thread later on and it seems to be
unclear why this was missed/wasn't documented. Maybe this is subject to
change so take with a grain of salt.
Just curious if you've heard back on this. Insider builds will sometimes
support things that don't make it to the release. Even Preview docs can
change. However, AES_GMAC has been on the radar since 2015 (*) so
perhaps the time has come!
I'd suggest wrapping this context and the integrity algs in some kind of
conditional, in case this is delayed...
Tom.
(*) slide 29+
https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
