Hi metze, On 09/29, Stefan Metzmacher wrote:
Hi Enzo,+/* + * This function implements AES-GMAC signing for SMB2 messages as described in MS-SMB2 + * specification. This algorithm is only supported on SMB 3.1.1. + * + * Note: even though Microsoft mentions RFC4543 in MS-SMB2, the mechanism used_must_ be the "raw" + * AES-128-GCM ("gcm(aes)"); RFC4543 is designed for IPsec and trying to use "rfc4543(gcm(aes)))" + * will fail the signature computation. + * + * MS-SMB2 3.1.4.1 + */ +int +smb311_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, bool verify) +{Can you please add aes_gmac to the function name?
Sure. Should I also change smb2_calc_signature to smb2_calc_shash or something similar, since it fits now for SMB[2.x,3.0.x]?
+ union { + struct { + /* for MessageId (8 bytes) */ + __le64 mid; + /* for role (client or server) and if SMB2 CANCEL (4 bytes) */ + __le32 role; + }; + u8 buffer[12]; + } __packed nonce;Can you use SMB3_AES_GCM_NONCE instead of '12'?
I was going to submit a follow up series replacing the defines we use with the crypto ones to clarify meanings, e.g. SMB3_AES_GCM_NONCE made me wonder at first sight if it was different from GCM_AES_IV_SIZE. But sure I can change it for the time being.
metze
Cheers, Enzo
