Commit 63ca5656 authored by Steve French's avatar Steve French
Browse files

smb3.1.1: set gcm256 when requested 



update smb encryption code to set 32 byte key length and to
set gcm256 when requested on mount.

Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent fd08f2db

fs/cifs/smb2glob.h

+1 −0
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ 
#define SMB2_HMACSHA256_SIZE (32)

#define SMB2_CMACAES_SIZE (16)

#define SMB3_SIGNKEY_SIZE (16)

#define SMB3_GCM256_CRYPTKEY_SIZE (32)



/* Maximum buffer size value we can send with 1 credit */

#define SMB2_MAX_BUFFER_SIZE 65536

fs/cifs/smb2ops.c

+10 −3
Original line number Diff line number Diff line
@@ -3820,7 +3820,8 @@ fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len, 
	tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;

	tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);

	tr_hdr->Flags = cpu_to_le16(0x01);

	if (cipher_type == SMB2_ENCRYPTION_AES128_GCM)

	if ((cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||

	    (cipher_type == SMB2_ENCRYPTION_AES256_GCM))

		get_random_bytes(&tr_hdr->Nonce, SMB3_AES_GCM_NONCE);

	else

		get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
@@ -3954,7 +3955,12 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, 


	tfm = enc ? server->secmech.ccmaesencrypt :

						server->secmech.ccmaesdecrypt;



	if (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)

		rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);

	else

		rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE);



	if (rc) {

		cifs_server_dbg(VFS, "%s: Failed to set aead key %d\n", __func__, rc);

		return rc;
@@ -3992,7 +3998,8 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, 
		goto free_sg;

	}



	if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)

	if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||

	    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))

		memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);

	else {

		iv[0] = 3;

fs/cifs/smb2pdu.h

+1 −0
Original line number Diff line number Diff line
@@ -352,6 +352,7 @@ struct smb2_preauth_neg_context { 
/* Encryption Algorithms Ciphers */

#define SMB2_ENCRYPTION_AES128_CCM	cpu_to_le16(0x0001)

#define SMB2_ENCRYPTION_AES128_GCM	cpu_to_le16(0x0002)

/* we currently do not request AES256_CCM since presumably GCM faster */

#define SMB2_ENCRYPTION_AES256_CCM      cpu_to_le16(0x0003)

#define SMB2_ENCRYPTION_AES256_GCM      cpu_to_le16(0x0004)

fs/cifs/smb2transport.c

+5 −3
Original line number Diff line number Diff line
@@ -849,12 +849,13 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 
	struct crypto_aead *tfm;



	if (!server->secmech.ccmaesencrypt) {

		if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)

		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||

		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))

			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);

		else

			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);

		if (IS_ERR(tfm)) {

			cifs_server_dbg(VFS, "%s: Failed to alloc encrypt aead\n",

			cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",

				 __func__);

			return PTR_ERR(tfm);

		}
@@ -862,7 +863,8 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 
	}



	if (!server->secmech.ccmaesdecrypt) {

		if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)

		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||

		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))

			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);

		else

			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);

CRA Git | Maintained and supported by SUSTech CRA and CCSE