From patchwork Sun May 2 21:00:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1472898 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FYJS72czdz9sW4; Mon, 3 May 2021 07:01:27 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ldJDN-0005C0-EF; Sun, 02 May 2021 21:01:21 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ldJDA-0004zc-3B for kernel-team@lists.ubuntu.com; Sun, 02 May 2021 21:01:08 +0000 Received: from mail-pg1-f197.google.com ([209.85.215.197]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ldJD8-0005So-SO for kernel-team@lists.ubuntu.com; Sun, 02 May 2021 21:01:07 +0000 Received: by mail-pg1-f197.google.com with SMTP id l35-20020a635b630000b029020f1edbc5dfso2135119pgm.22 for ; Sun, 02 May 2021 14:01:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=sxszmpH0gP0EwYOjRcV2dFoeGAfo1DIC+ipSlOY3lwM=; b=KAw7wHUr+AFRJhPePcTgwrl7WFAsurQNR8XgjYtAqO5LsIOP7ET932iisDPt0RQwnG qWPY35ILpJPNlW+0Uv+Gegnj4gtZ46ilu8pGBdTGatPE8yryVVUWv3VLoxBpvZ96aLih EYz0oAl3xc21JEYGe7RicGdpBnaIfcG0Pf3Byx9tc6egklx/zI6COUNDKdqC+O16oRuv D8n3qJie0tlybdqTWu8RrOX/sgaKKDl9ejXir8bRCxOPn3B2/C8pTcRC/8YEUMR57r3r uRrsVaziv2uflQG5Up0/5jgqvtMyFrQPeI/LgZUG1X0sGEkzjfPMvdkdwH/b4OcBCeV6 G4CQ== X-Gm-Message-State: AOAM533xiwQrVJZNq+MZRODrozi91viJeDlgAPsykQfOLdEQHAT7lOLy WnIyAg0nTZWKz3EtLFTZImE3cjnHsz3OrLtQA4wgeVlsRd7sw/NEyhpl2rdzhERB+hGq7HKKN0J tcS43mYTRx44umA6t/uPZIB7vOSjqAjC/GY2S8u7Wog== X-Received: by 2002:a17:90b:2390:: with SMTP id mr16mr10719847pjb.133.1619989265072; Sun, 02 May 2021 14:01:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxNI56BqTuXxT/u1t5GZljhdxsFHmlXXyeReta4GveQkEKw4mC9QubIEoEGGp0dm3UJDV7tVA== X-Received: by 2002:a17:90b:2390:: with SMTP id mr16mr10719830pjb.133.1619989264875; Sun, 02 May 2021 14:01:04 -0700 (PDT) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id y3sm7344209pjr.40.2021.05.02.14.01.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 May 2021 14:01:04 -0700 (PDT) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [Groovy][PATCH 4/7] smb3.1.1: print warning if server does not support requested encryption type Date: Sun, 2 May 2021 15:00:37 -0600 Message-Id: <20210502210040.18628-12-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210502210040.18628-1-tim.gardner@canonical.com> References: <20210502210040.18628-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Steve French BugLink: https://bugs.launchpad.net/bugs/1921916 If server does not support AES-256-GCM and it was required on mount, print warning message. Also log and return a different error message (EOPNOTSUPP) when encryption mechanism is not supported vs the case when an unknown unrequested encryption mechanism could be returned (EINVAL). Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky (cherry picked from commit 511ac89e591ab9affce17a8be4c45f6c2bb837f0) Signed-off-by: Tim Gardner --- fs/cifs/smb2pdu.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 33491227cf85..5141294c99b3 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -724,8 +724,19 @@ static int decode_encrypt_ctx(struct TCP_Server_Info *server, return -EINVAL; } cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0])); - if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && - (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM)) { + if (require_gcm_256) { + if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) { + cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n"); + return -EOPNOTSUPP; + } + } else if (ctxt->Ciphers[0] == 0) { + /* e.g. if server only supported AES256_CCM (very unlikely) */ + cifs_dbg(VFS, "Server does not support requested encryption types\n"); + return -EOPNOTSUPP; + } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && + (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) && + (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) { + /* server returned a cipher we didn't ask for */ pr_warn_once("Invalid SMB3.11 cipher returned\n"); return -EINVAL; }