From patchwork Fri Feb 16 18:19:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Aur=C3=A9lien_Aptel?= X-Patchwork-Id: 874608 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zjhHx0Bcyz9s72 for ; Sat, 17 Feb 2018 05:19:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750940AbeBPSTk (ORCPT ); Fri, 16 Feb 2018 13:19:40 -0500 Received: from smtp.nue.novell.com ([195.135.221.5]:43812 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750830AbeBPSTj (ORCPT ); Fri, 16 Feb 2018 13:19:39 -0500 Received: from localhost (charybdis-ext.suse.de [195.135.221.2]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Fri, 16 Feb 2018 19:19:35 +0100 From: Aurelien Aptel To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, Aurelien Aptel Subject: [PATCH v1 0/3] SMB3.11 preauth integrity Date: Fri, 16 Feb 2018 19:19:26 +0100 Message-Id: <20180216181929.21383-1-aaptel@suse.com> X-Mailer: git-send-email 2.12.3 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Hi, This patchset implements pre-authentification signing in which is mandatory in SMB3.11 (packet signing never worked for 3.11 in cifs.ko before this). The main difference is that the signing key is derived from hashing previous requests and responses. This was partially implemented by Steve some time ago (the preauth hash buffers were already in the server and session structures). The mechanism is well described in the SMB3.11 presentation given at SDC 2015 (slides are availaible here [1]). Since this requires a new hashing alg (SHA512) I've tried to clean up some of the crypto code by refactoring shash & sdesc memory management in separate functions. Much more readable now :) 1: https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf Aurelien Aptel (3): CIFS: refactor crypto shash/sdesc allocation&free CIFS: add sha512 secmech CIFS: implement v3.11 preauth integrity fs/cifs/Kconfig | 1 + fs/cifs/cifsencrypt.c | 85 +++++++------------------------------------ fs/cifs/cifsfs.c | 1 + fs/cifs/cifsglob.h | 7 +++- fs/cifs/cifsproto.h | 5 +++ fs/cifs/link.c | 27 +++----------- fs/cifs/misc.c | 54 +++++++++++++++++++++++++++ fs/cifs/smb2misc.c | 64 ++++++++++++++++++++++++++++++++ fs/cifs/smb2pdu.c | 25 +++++++++++++ fs/cifs/smb2pdu.h | 1 + fs/cifs/smb2proto.h | 5 +++ fs/cifs/smb2transport.c | 97 +++++++++++++++++++++---------------------------- fs/cifs/smbencrypt.c | 27 +++----------- fs/cifs/transport.c | 17 +++++++++ 14 files changed, 245 insertions(+), 171 deletions(-) Reviewed-by: Ronnie Sahlberg