Here is a patch to add a module load parm that is turned off by default to allow users to enable it for experimentation # ls /sys/module/cifs/parameters/ CIFSMaxBufSize cifs_min_small enable_oplocks cifs_max_pending disable_legacy_dialects enable_signing_negcontext cifs_min_rcv enable_gcm_256 require_gcm_256 # cat /sys/module/cifs/parameters/enable_signing_negcontext N On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@xxxxxxxxx> wrote: > > > suggest wrapping this context and the integrity algs in some kind of conditional > > I have a couple patches to send the context (which I haven't merged > yet, because, similar to what you suggested, I wanted to make sure > they were disabled by default). > > Tentative plan was to have them disabled by default, and sending the > new context can be enabled for testing by a module parameter (e.g. > "echo 1 > /sys/modules/cifs/parameters/enable_signing_context" or > some similar config variable name) > > On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@xxxxxxxxxx> wrote: > > > > On 10/12/2020 5:50 AM, Aurélien Aptel wrote: > > > Patch LGTM > > > > > > Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx> > > > > > > Stefan Metzmacher via samba-technical <samba-technical@xxxxxxxxxxxxxxx> > > >> This isn't in MS-SMB2 yet. > > >> > > >> Is this AES_128? > > > > > > This is returned in latest Windows Server Insider builds but it's not > > > documented yet. > > > > > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver > > > > > > I've asked dochelp about it during the SDC plugfest and they gave me > > > this: > > > > > > The new ContextType is: > > > SMB2_SIGNING_CAPABILITIES 0x0008 > > > The Data field contains a list of signing algorithms. > > > • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. > > > • It adds the AES-GMAC algorithm. > > > > > > SigningAlgorithmCount (2 bytes): Count of signing algorithms > > > SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. > > > > > > The following IDs are assigned: > > > 0 = HMAC-SHA256 > > > 1 = AES-CMAC > > > 2 = AES-GMAC > > > > > > > > > I've been CCed in a Microsoft email thread later on and it seems to be > > > unclear why this was missed/wasn't documented. Maybe this is subject to > > > change so take with a grain of salt. > > > > Just curious if you've heard back on this. Insider builds will sometimes > > support things that don't make it to the release. Even Preview docs can > > change. However, AES_GMAC has been on the radar since 2015 (*) so > > perhaps the time has come! > > > > I'd suggest wrapping this context and the integrity algs in some kind of > > conditional, in case this is delayed... > > > > Tom. > > > > (*) slide 29+ > > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf > > > > -- > Thanks, > > Steve -- Thanks, Steve
From 9af724f1e55f3b3ee84de501176e8b5950156573 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@xxxxxxxxxxxxx> Date: Fri, 16 Oct 2020 00:42:36 -0500 Subject: [PATCH] SMB3.1.1: add new module load parm enable_signing_negcontext Add new module load parameter enable_signing_negcontext. If set (it is disabled by default and experimental) then send the new signing negotiate context to allow the server and client to negotiate which each other the preferred signing algorithm. Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> --- fs/cifs/cifsfs.c | 4 ++++ fs/cifs/cifsglob.h | 1 + 2 files changed, 5 insertions(+) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 472cb7777e3e..ca41ad292d05 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -71,6 +71,7 @@ bool enable_oplocks = true; bool linuxExtEnabled = true; bool lookupCacheEnabled = true; bool disable_legacy_dialects; /* false by default */ +bool enable_signing_negcontext; /* false by default, experimental */ bool enable_gcm_256; /* false by default, change when more servers support it */ bool require_gcm_256; /* false by default */ unsigned int global_secflags = CIFSSEC_DEF; @@ -106,6 +107,9 @@ MODULE_PARM_DESC(slow_rsp_threshold, "Amount of time (in seconds) to wait " module_param(enable_oplocks, bool, 0644); MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1"); +module_param(enable_signing_negcontext, bool, 0644); +MODULE_PARM_DESC(enable_signing_negcontext, "Enable experimental negotiation of packet signing algorithm. Default: n/N/0"); + module_param(enable_gcm_256, bool, 0644); MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encryption. Default: n/N/0"); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index a1a1a16acb38..544dc06cad57 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -1956,6 +1956,7 @@ extern bool lookupCacheEnabled; extern unsigned int global_secflags; /* if on, session setup sent with more secure ntlmssp2 challenge/resp */ extern unsigned int sign_CIFS_PDUs; /* enable smb packet signing */ +extern bool enable_signing_negcontext; /* allow experimental negotiate of signing algorithms */ extern bool enable_gcm_256; /* allow optional negotiate of strongest signing (aes-gcm-256) */ extern bool require_gcm_256; /* require use of strongest signing (aes-gcm-256) */ extern bool linuxExtEnabled;/*enable Linux/Unix CIFS extensions*/ -- 2.25.1
