From: "Aurélien Aptel" <aaptel@suse.com>
To: linux-cifs@vger.kernel.org
Cc: smfrench@gmail.com, metze@samba.org, Aurelien Aptel <aaptel@suse.com>
Subject: [PATCH v1 1/2] cifs: set server->cipher_type to AES-128-CCM for SMB3.0
Date: Fri, 21 May 2021 17:19:27 +0200 [thread overview]
Message-ID: <20210521151928.17730-2-aaptel@suse.com> (raw)
In-Reply-To: <20210521151928.17730-1-aaptel@suse.com>
From: Aurelien Aptel <aaptel@suse.com>
SMB3.0 doesn't have encryption negotiate context but simply uses
the SMB2_GLOBAL_CAP_ENCRYPTION flag.
When that flag is present in the neg response cifs.ko uses AES-128-CCM
which is the only cipher available in this context.
cipher_type was set to the server cipher only when parsing encryption
negotiate context (SMB3.1.1).
For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1
for AES-128-CCM.
Fix this by checking for SMB3.0 and encryption capability and setting
cipher_type appropriately.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
---
fs/cifs/smb2pdu.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 9f24eb88297a..c205f93e0a10 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -958,6 +958,13 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
/* Internal types */
server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
+ /*
+ * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
+ * Set the cipher type manually.
+ */
+ if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
+ server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
+
security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
(struct smb2_sync_hdr *)rsp);
/*
--
2.31.1
next prev parent reply other threads:[~2021-05-21 15:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 15:19 [PATCH v1 0/2] Change CIFS_FULL_KEY_DUMP ioctl to return variable size keys Aurélien Aptel
2021-05-21 15:19 ` Aurélien Aptel [this message]
2021-05-21 18:39 ` [PATCH v1 1/2] cifs: set server->cipher_type to AES-128-CCM for SMB3.0 Steve French
2021-05-28 8:37 ` Aurélien Aptel
2021-05-27 20:23 ` Steve French
2021-05-21 15:19 ` [PATCH v1 2/2] cifs: change format of CIFS_FULL_KEY_DUMP ioctl Aurélien Aptel
2021-05-21 19:47 ` Steve French
2021-05-21 15:42 ` [PATCH v1 0/2] Change CIFS_FULL_KEY_DUMP ioctl to return variable size keys Paulo Alcantara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521151928.17730-2-aaptel@suse.com \
--to=aaptel@suse.com \
--cc=linux-cifs@vger.kernel.org \
--cc=metze@samba.org \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.