[{"id":3678231,"web_url":"http://patchwork.ozlabs.org/comment/3678231/","msgid":"","list_archive_url":null,"date":"2026-04-16T15:03:19","subject":"Re: [PATCH] smb: client: use FullSessionKey for AES-256 encryption\n key derivation","submitter":{"id":86063,"url":"http://patchwork.ozlabs.org/api/people/86063/","name":"Bharath SM","email":"bharathsm.hsk@gmail.com"},"content":"On Thu, Apr 9, 2026 at 9:16 AM wrote:\n>\n> From: Piyush Sachdeva \n>\n> When Kerberos authentication is used with AES-256 encryption (AES-256-CCM\n> or AES-256-GCM), the SMB3 encryption and decryption keys must be derived\n> using the full session key (Session.FullSessionKey) rather than just the\n> first 16 bytes (Session.SessionKey).\n>\n> Per MS-SMB2 section 3.2.5.3.1, when Connection.Dialect is \"3.1.1\" and\n> Connection.CipherId is AES-256-CCM or AES-256-GCM, Session.FullSessionKey\n> must be set to the full cryptographic key from the GSS authentication\n> context. The encryption and decryption key derivation (SMBC2SCipherKey,\n> SMBS2CCipherKey) must use this FullSessionKey as the KDF input. The\n> signing key derivation continues to use Session.SessionKey (first 16\n> bytes) in all cases.\n>\n> Previously, generate_key() hardcoded SMB2_NTLMV2_SESSKEY_SIZE (16) as the\n> HMAC-SHA256 key input length for all derivations. When Kerberos with\n> AES-256 provides a 32-byte session key, the KDF for encryption/decryption\n> was using only the first 16 bytes, producing keys that did not match the\n> server's, causing mount failures with sec=krb5 and require_gcm_256=1.\n>\n> Add a `full_key_size` parameter to generate_key() and pass the appropriate\n> size from generate_smb3signingkey():\n> - Signing: always SMB2_NTLMV2_SESSKEY_SIZE (16 bytes)\n> - Encryption/Decryption: ses->auth_key.len when AES-256, otherwise 16\n>\n> Also fix cifs_dump_full_key() to report the actual session key length for\n> AES-256 instead of hardcoded CIFS_SESS_KEY_SIZE, so that userspace tools\n> like Wireshark receive the correct key for decryption.\n>\n> Signed-off-by: Piyush Sachdeva \n> Signed-off-by: Piyush Sachdeva \n> ---\n> fs/smb/client/ioctl.c | 2 +-\n> fs/smb/client/smb2transport.c | 32 +++++++++++++++++++++++++-------\n> 2 files changed, 26 insertions(+), 8 deletions(-)\n>\n> diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c\n> index 9afab3237e54..17408bb8ab65 100644\n> --- a/fs/smb/client/ioctl.c\n> +++ b/fs/smb/client/ioctl.c\n> @@ -296,7 +296,7 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug\n> break;\n> case SMB2_ENCRYPTION_AES256_CCM:\n> case SMB2_ENCRYPTION_AES256_GCM:\n> - out.session_key_length = CIFS_SESS_KEY_SIZE;\n> + out.session_key_length = ses->auth_key.len;\n> out.server_in_key_length = out.server_out_key_length = SMB3_GCM256_CRYPTKEY_SIZE;\n> break;\n> default:\n> diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c\n> index 81be2b226e26..57e515774b97 100644\n> --- a/fs/smb/client/smb2transport.c\n> +++ b/fs/smb/client/smb2transport.c\n> @@ -259,7 +259,8 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,\n> }\n>\n> static int generate_key(struct cifs_ses *ses, struct kvec label,\n> - struct kvec context, __u8 *key, unsigned int key_size)\n> + struct kvec context, __u8 *key, unsigned int key_size,\n> + unsigned int full_key_size)\n> {\n> unsigned char zero = 0x0;\n> __u8 i[4] = {0, 0, 0, 1};\n> @@ -280,7 +281,7 @@ static int generate_key(struct cifs_ses *ses, struct kvec label,\n> }\n>\n> hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response,\n> - SMB2_NTLMV2_SESSKEY_SIZE);\n> + full_key_size);\n> hmac_sha256_update(&hmac_ctx, i, 4);\n> hmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len);\n> hmac_sha256_update(&hmac_ctx, &zero, 1);\n> @@ -315,6 +316,7 @@ generate_smb3signingkey(struct cifs_ses *ses,\n> const struct derivation_triplet *ptriplet)\n> {\n> int rc;\n> + unsigned int full_key_size;\n> bool is_binding = false;\n> int chan_index = 0;\n>\n> @@ -344,18 +346,32 @@ generate_smb3signingkey(struct cifs_ses *ses,\n> * master connection signing key stored in the session\n> */\n>\n> + /*\n> + * Per MS-SMB2 3.2.5.3.1, signing key always uses Session.SessionKey\n> + * (first 16 bytes). Encryption/decryption keys use\n> + * Session.FullSessionKey when dialect is 3.1.1 and cipher is\n> + * AES-256-CCM or AES-256-GCM, otherwise Session.SessionKey.\n> + */\nIf this change is specific to 3.1.1 should we check for version as\nthis looks like a common function for SMB 3.?\n\n> if (is_binding) {\n> rc = generate_key(ses, ptriplet->signing.label,\n> ptriplet->signing.context,\n> ses->chans[chan_index].signkey,\n> - SMB3_SIGN_KEY_SIZE);\n> + SMB3_SIGN_KEY_SIZE,\n> + SMB2_NTLMV2_SESSKEY_SIZE);\n> if (rc)\n> return rc;\n> } else {\n> + if (server->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||\n> + server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)\n> + full_key_size = ses->auth_key.len;\nShould we validate the length passed by user space and make sure it is\nwithin limits.?\n\n> + else\n> + full_key_size = SMB2_NTLMV2_SESSKEY_SIZE;\nShould we move the above assignment down ? As this change is\nneeded only for encryption and decryption and not for signing.\n\n> rc = generate_key(ses, ptriplet->signing.label,\n> ptriplet->signing.context,\n> ses->smb3signingkey,\n> - SMB3_SIGN_KEY_SIZE);\n> + SMB3_SIGN_KEY_SIZE,\n> + SMB2_NTLMV2_SESSKEY_SIZE);\n> if (rc)\n> return rc;\n>\n> @@ -368,13 +384,15 @@ generate_smb3signingkey(struct cifs_ses *ses,\n> rc = generate_key(ses, ptriplet->encryption.label,\n> ptriplet->encryption.context,\n> ses->smb3encryptionkey,\n> - SMB3_ENC_DEC_KEY_SIZE);\n> + SMB3_ENC_DEC_KEY_SIZE,\n> + full_key_size);\n> if (rc)\n> return rc;\n> rc = generate_key(ses, ptriplet->decryption.label,\n> ptriplet->decryption.context,\n> ses->smb3decryptionkey,\n> - SMB3_ENC_DEC_KEY_SIZE);\n> + SMB3_ENC_DEC_KEY_SIZE,\n> + full_key_size);\n> if (rc)\n> return rc;\n> }\n> @@ -389,7 +407,7 @@ generate_smb3signingkey(struct cifs_ses *ses,\n> &ses->Suid);\n> cifs_dbg(VFS, \"Cipher type %d\\n\", server->cipher_type);\n> cifs_dbg(VFS, \"Session Key %*ph\\n\",\n> - SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);\n> + ses->auth_key.len, ses->auth_key.response);\n> cifs_dbg(VFS, \"Signing Key %*ph\\n\",\n> SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);\n> if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||\n> --\n\nOther than the above comments, Patch looks good to me.","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=IRUQeUKZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10859-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"IRUQeUKZ\"","smtp.subspace.kernel.org;\n arc=pass smtp.client-ip=74.125.224.49","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxLqv5gjYz1yG9\n\tfor ; Fri, 17 Apr 2026 01:03:39 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 6FF66301A409\n\tfor ; Thu, 16 Apr 2026 15:03:37 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id F39673A6EF6;\n\tThu, 16 Apr 2026 15:03:34 +0000 (UTC)","from mail-yx1-f49.google.com (mail-yx1-f49.google.com\n [74.125.224.49])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F12586331\n\tfor ; Thu, 16 Apr 2026 15:03:33 +0000 (UTC)","by mail-yx1-f49.google.com with SMTP id\n 956f58d0204a3-64937edbc9eso7195829d50.2\n for ;\n Thu, 16 Apr 2026 08:03:33 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776351814; cv=pass;\n b=RrctWW1NALMA2hSg0bUPfrgYTrvaMVt80UwMDr8MUWtyNKgBGTRoZ1NtJGmZybZ7evX5SoAnC5hs7PzWUWFN1oP5IkHJUu+DpVsawWzpUhqUADV8FtA/o0qqWLdg/i2VK6+wt+P95p4ml5P7tVMz5OuJMVqtKcR1TU/fg7ER+Aw=","i=1; a=rsa-sha256; t=1776351812; cv=none;\n d=google.com; s=arc-20240605;\n b=ZhQN2/8uINiYZmtQCJ+3jE3OcagBkpctHHKyW3cAPskAY+ak29QD0EZ3L/Qk2o0R7X\n +9vozfLh0kFjP8vDsx1BEpMf31/B0buPlwWJXxkuRpD9WUhQ22Wq8znWSVi2fyGGW2nw\n JK1Gg30VjxBXsZjfeMcJyWKmo4RFO2fBwZEVYC2hjbDDAI0BOZOzll8CUXBkAxKVceYi\n h0Ou15z3ORMSC3qe2IZTOKnI/zg2bF01e4kE/K9rTghiptqmVqieDnprVVIh4dLhRkMr\n OAUFsMWaW5NmZKZyBl2DCU3S12555+SFnDNn9cagIioGF4yPyX+k2+irFuaZ+thJGjKS\n 9ZgA=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776351814; c=relaxed/simple;\n\tbh=hZyhWcT9tvtnZJUNZ7xsg+zStBv5S5R1OxDf7D4WQs4=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=T27Nv9cdBYd2qrBqxmH+OEGyrQIXwp/WcGFhv8YiCfcgSFWAa/su8fQpVLpD3cZSmBvTakY2Jfn8r4jLsp7Xz1cwrPGSRkDGpzynuAy7mLbFX8xrRAx7qkiIiLT0xGBL9lZEZiBKJDV/NQQwOs2NqtJVEB+MI48K8IKQFK1pjf0=","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=1zSYVnFv7uz0zbvmx0pm+7ReHBA2roaOku3B1DGvVcc=;\n fh=lkGDxTMleeT1C6iampEzcCozXL6yyr6nXHnX4y1MWrU=;\n b=dfrtxakCKv5vBx97SmOmFZA9mhuJrs0KgWbgEqmVDNSoPAIHWobbELTJiL6wiJWGoc\n OIJpoW1wcIP0gFjw42MwrVAu0ibmseSZe/K9JP9OeQm33zYW3ydZ0lx4h1p2ocv52KXe\n 0bIozHh5sz+STZkARS/cI+lEQejxL2TrbmjuYdWevxlXFDb9eHCnXEtDQThRft7iZ7q2\n OnO1Wd0G+hL9u2dhWNSS6zfl0dLpFZLG7pu35aUXl35OI4xdkMetay3R/vIIFJoVzz9/\n GasK7fuhLfB9GxQm1vzk5QTKneRhos6AA8E/PgORVkdz31onzgLIJazf46y25Zi/L+AM\n uoCQ==;\n darn=vger.kernel.org"],"ARC-Authentication-Results":["i=2; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=IRUQeUKZ; arc=pass smtp.client-ip=74.125.224.49","i=1; mx.google.com; arc=none"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776351812; x=1776956612;\n darn=vger.kernel.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=1zSYVnFv7uz0zbvmx0pm+7ReHBA2roaOku3B1DGvVcc=;\n b=IRUQeUKZ9d0AO8KAGIi0GaCCe7Ksz36W3PS24Hd2SQG1sExSb437y1C0lcNaK9D9kz\n t9jwrNnuLov6AGwZwReUivFHFenYWdi5a4sVhVbJjUQ9OXrxtSGM29nw9Ln+HsxgApwH\n sH2GIF4LbwBEclWz/pQAX8oOgq1fJGVMft0+f/1cAkP2Vl8UV5W5O1JsRGyPwum5fkx+\n zr9Zc5+xv56Cj2LOPn39gcRzYXJJbilz3Td7UpkocWwQGExuSPvNX14s0GpQtCViSKf0\n MKx2uQJ/8u59AOm+5Wt23OA/aM/K9tevQk9s11Gbhu/grDOxnLYkB4wTw3BdfkeeLgc4\n Ir4w==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776351812; x=1776956612;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=1zSYVnFv7uz0zbvmx0pm+7ReHBA2roaOku3B1DGvVcc=;\n b=RYU5M2arjLETQtaHQWDBvmLBIMAQTOFuFfSgiwmcziecYE4TJF/BTvblcP3Jw8ec+0\n gaHtms2C1xWCmvPZMlUCBsgLbe7kPtaa/Pd+JHgEN+hz+5o9U1oCIrTHedl0iowsE6Ms\n Q4HhLwgBFige7KoVPRCD+Szqe4/CftTqkhmfSQSqzM2rlvcCXuadAFWrexF8bXkMV4g5\n hI7kvh5XU5hhsEVsQt/Q55XtvzKzcwZi9U80ULEhCP05bFIsm6DVVKGPsTp2v4BrJQbr\n WlZS0nPKxq2Yft28nDZDivAb0PRu3FBZxmdMYjtbbNLio5CqkfPRO73GBwfp0o//9XTO\n fFkQ==","X-Forwarded-Encrypted":"i=1;\n AFNElJ8UR0cs8QWnnV4JPZ6EOpr25Ovyiu4RDisttCbEiQjswKCGU59zk9OpRdJNw79UIfkmhUe9upxBREk7@vger.kernel.org","X-Gm-Message-State":"AOJu0YybUsAUfmibkD0XAATV4Nt130RVzuksDwyUBLkSLylOYV25CUUG\n\tDwBDvmV6lJbcegN8c1IwKSnHeO1M1++EAXXhk6i1OFYdG2WDGSk7cijGO2WaPpZGhrAnb6iQG2t\n\tl2qSO4Fof7WLCqBMsjYhLFcP2qULol14=","X-Gm-Gg":"AeBDieutgC/iMO44o6sAz/CiIQ+iROP2LbCJO2eC1whhRWSZl1fUwrABz9dvnJN1Ehv\n\tgPugVmVf+Po6wZTHSvVA5lh8X+EP1eplHfJ+PQZvVPovMOb9CLu+Jo67wGbt/DzY/qRAzs6CIZx\n\tcsCsy+Tfx9eeSwQyUXTVuWXODLIq+CTelCwHRXBmRFOkNwBpIKdKfhV0PvIVX1SOilSdTS+ePcu\n\t+RRx7m5mgohcpFkxfz3oxEM4U+/VxGWzDq/oS6sLRmTWGTrLPDqVHJmBjzPYwzHYurES4ItuxpZ\n\tQ8n8e/AWCJnd2hg=","X-Received":"by 2002:a05:690e:4092:b0:652:fcd5:a30c with SMTP id\n 956f58d0204a3-652fcd5a9f5mr2293646d50.60.1776351811608; Thu, 16 Apr 2026\n 08:03:31 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","References":"<20260409161538.3618-1-s.piyush1024@gmail.com>","In-Reply-To":"<20260409161538.3618-1-s.piyush1024@gmail.com>","From":"Bharath SM ","Date":"Thu, 16 Apr 2026 15:03:19 +0000","X-Gm-Features":"AQROBzClApj5L-yPN_mlNE2ZfvlUN8iDtL-Chc3BE-PVWf11tq3vtw1jkwNvS5k","Message-ID":"\n ","Subject":"Re: [PATCH] smb: client: use FullSessionKey for AES-256 encryption\n key derivation","To":"s.piyush1024@gmail.com","Cc":"sfrench@samba.org, linux-cifs@vger.kernel.org, sprasad@microsoft.com,\n\tbharathsm@microsoft.com, samba-technical@lists.samba.org,\n\tlinux-kernel@vger.kernel.org","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable"}}]