Hi, This patch series introduce the support for AES-GMAC signing for SMB 3.1.1, when the negotiate signing context is successfully negotiated. This is an implementation of the MS-SMB2 spec, section 3.1.4.1 "Signing An Outgoing Message". AES-GMAC uses AES-128-GCM (kernel crypto algorithm "gcm(aes)" from the gcm module) as its base. AES-GCM, an authenticated encryption algorithm, takes 4 inputs for encryption: 1. a secret key 2. an initialization vector (IV), or nonce 3. the plaintext data (the message to be encrypted) 4. an extra buffer called Additional Authenticated data (AAD), or sometimes Associated Data (AD) Superficially describing it, it encrypts the plaintext using the key and then uses the nonce to generate an authentication tag (our signature, in this context). It then produces 2 outputs; the encrypted data, along with its computed authentication tag. The AAD buffer is left intact. Because of this design, AES-GCM can be used to "encrypt" an empty plaintext buffer, and still run its authentication generation algorithm over the AAD buffer (which is set to our SMB2 message), making it practically a MAC algorithm. Compared to AES-CMAC, AES-GMAC has shown (*) to be much faster because its internal authentication algorithm can be paralellized by taking advantage of especialized, optimized CPU instructions (on certain supported platforms). With these patches, I hope cifs.ko can get a performance improvemente when AES-GMAC is used for message signing. Patch 1/3: add the core functions to perform AES-GMAC signing (see commit message for more details) Patch 2/3: set the "enable_negotiate_signing" module param as deprecated, making cifs.ko always try to negotiate AES-GMAC first, but use AES-CMAC if fail Patch 3/3: show the signing algorithm name being used in DebugData To do/discuss: - serious benchmark and comparison (vs AES-CMAC) on cifs.ko workloads (*) - complete removal of "enable_negotiate_signing" module param - RDMA/SMB Direct; I have no experience with it, nor an RDMA-capable setup - bugs? Any kind of feedback is welcome. Cheers, Enzo Matsumiya (3): cifs: introduce AES-GMAC signing support for SMB 3.1.1 cifs: deprecate 'enable_negotiate_signing' module param cifs: show signing algorithm name in DebugData fs/cifs/cifs_debug.c | 7 +- fs/cifs/cifsencrypt.c | 5 + fs/cifs/cifsfs.c | 8 +- fs/cifs/cifsglob.h | 12 +- fs/cifs/sess.c | 2 + fs/cifs/smb2glob.h | 10 + fs/cifs/smb2misc.c | 6 + fs/cifs/smb2ops.c | 484 +++++++++++++++++++++++++++++++++------- fs/cifs/smb2pdu.c | 97 ++++++-- fs/cifs/smb2proto.h | 7 +- fs/cifs/smb2transport.c | 87 ++++++-- 11 files changed, 592 insertions(+), 133 deletions(-) -- 2.35.3
