From: David Mulder <dmulder-IBi9RG/b67k@public.gmane.org>
To: Pavel Shilovsky <pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 00/15] SMB3 encryption support
Date: Wed, 11 Jan 2017 09:55:46 -0700 [thread overview]
Message-ID: <1484153746.25835.5.camel@suse.com> (raw)
In-Reply-To: <1481061758-52020-1-git-send-email-pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>
I've tested these patches using xfstests, with Steve French's cifs
group patches: https://patchwork.kernel.org/patch/8844821/
Some tests fail on a vanilla kernel master (expected), and other then
those tests, the others pass with Pavel's smb3 encryption patches
applied to Steve French's for-next branch.
On Tue, 2016-12-06 at 14:02 -0800, Pavel Shilovsky wrote:
> This patchset adds encryption support when SMB3 version of the
> protocol and higher is negotiated.
> The encryption is done through the kernel crypto API (CCM(AES)).
>
> The patchset has been successfully tested by xfstests and cthon test
> suites with encrypted file shares on Samba.
>
> Patches are split into several groups:
> 1) #1-#4: prepare transport infractructure to be able to send SMB3
> transform header;
> this is done primarily by separating RFC1001 length and SMB2 header
> into different iovs.
> 2) #5-#6: simplify SMB2 header processing and cleaning up a read
> codepath.
> 3) #7-#9: encrypt outcoming packets by transforming them before
> sending.
> 4) #10-#14: decrypt incoming packets and pass ordinary SMB2 messages
> for further usual processing.
> 5) #15: allow to use "seal" mount option to request the encryption
> on a share.
>
> Pavel Shilovsky (15):
> CIFS: Separate SMB2 header structure
> CIFS: Make SendReceive2() takes resp iov
> CIFS: Make send_cancel take rqst as argument
> CIFS: Send RFC1001 length in a separate iov
> CIFS: Separate SMB2 sync header processing
> CIFS: Separate RFC1001 length processing for SMB2 read
> CIFS: Add capability to transform requests before sending
> CIFS: Enable encryption during session setup phase
> CIFS: Encrypt SMB3 requests before sending
> CIFS: Add transform header handling callbacks
> CIFS: Add mid handle callback
> CIFS: Add copy into pages callback for a read operation
> CIFS: Decrypt and process small encrypted packets
> CIFS: Add capability to decrypt big read responses
> CIFS: Allow to switch on encryption with seal mount option
>
> fs/cifs/cifsencrypt.c | 51 ++--
> fs/cifs/cifsglob.h | 28 ++-
> fs/cifs/cifsproto.h | 13 +-
> fs/cifs/cifssmb.c | 135 +++++-----
> fs/cifs/connect.c | 71 ++++--
> fs/cifs/file.c | 52 +++-
> fs/cifs/sess.c | 27 +-
> fs/cifs/smb1ops.c | 4 +-
> fs/cifs/smb2glob.h | 5 +
> fs/cifs/smb2maperror.c | 5 +-
> fs/cifs/smb2misc.c | 61 ++---
> fs/cifs/smb2ops.c | 651
> +++++++++++++++++++++++++++++++++++++++++++++++-
> fs/cifs/smb2pdu.c | 575 +++++++++++++++++++++++++++-----------
> ----
> fs/cifs/smb2pdu.h | 27 +-
> fs/cifs/smb2proto.h | 5 +
> fs/cifs/smb2transport.c | 132 ++++++----
> fs/cifs/transport.c | 171 ++++++++-----
> 17 files changed, 1540 insertions(+), 473 deletions(-)
>
next prev parent reply other threads:[~2017-01-11 16:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-06 22:02 [PATCH 00/15] SMB3 encryption support Pavel Shilovsky
[not found] ` <1481061758-52020-1-git-send-email-pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>
2016-12-06 22:02 ` [PATCH 01/15] CIFS: Separate SMB2 header structure Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 02/15] CIFS: Make SendReceive2() takes resp iov Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 03/15] CIFS: Make send_cancel take rqst as argument Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 04/15] CIFS: Send RFC1001 length in a separate iov Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 05/15] CIFS: Separate SMB2 sync header processing Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 06/15] CIFS: Separate RFC1001 length processing for SMB2 read Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 07/15] CIFS: Add capability to transform requests before sending Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 08/15] CIFS: Enable encryption during session setup phase Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 09/15] CIFS: Encrypt SMB3 requests before sending Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 10/15] CIFS: Add transform header handling callbacks Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 11/15] CIFS: Add mid handle callback Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 12/15] CIFS: Add copy into pages callback for a read operation Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 13/15] CIFS: Decrypt and process small encrypted packets Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 14/15] CIFS: Add capability to decrypt big read responses Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 15/15] CIFS: Allow to switch on encryption with seal mount option Pavel Shilovsky
2017-01-11 16:55 ` David Mulder [this message]
2017-02-01 20:05 ` [PATCH 00/15] SMB3 encryption support Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484153746.25835.5.camel@suse.com \
--to=dmulder-ibi9rg/b67k@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.