[PATCH][SMB3.1.1] Add defines for new signing context

[PATCH][SMB3.1.1] Add defines for new signing context

[Steve French]

[-- Attachment #1: Type: text/plain, Size: 1221 bytes --]

Add defines for the three supported signing algorithms

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/smb2pdu.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 4dfb51dd7065..5932fc0dc62c 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -323,6 +323,7 @@ struct smb2_negotiate_req {
 #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5)
 #define SMB2_TRANSPORT_CAPABILITIES cpu_to_le16(6)
 #define SMB2_RDMA_TRANSFORM_CAPABILITIES cpu_to_le16(7)
+#define SMB2_SIGNING_CAPABILITIES cpu_to_le16(8)
 #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100)

 struct smb2_neg_context {
@@ -416,6 +417,19 @@ struct smb2_rdma_transform_capabilities_context {
  __le16 RDMATransformIds[1];
 } __packed;

+/* Signing algorithms */
+#define SIGNING_ALG_HMAC_SHA256 0
+#define SIGNING_ALG_AES_CMAC 1
+#define SIGNING_ALG_AES_GMAC 2
+
+struct smb2_signing_capabilities {
+ __le16 ContextType; /* 8 */
+ __le16 DataLength;
+ __u32 Reserved;
+ __le16 SigningAlgorithmCount;
+ __le16 SigningAlgorithms[];
+} __packed;
+
 #define POSIX_CTXT_DATA_LEN 16
 struct smb2_posix_neg_context {
  __le16 ContextType; /* 0x100 */
-- 
Thanks,

Steve

[-- Attachment #2: 0001-SMB3.1.1-add-defines-for-new-signing-negotiate-conte.patch --]
[-- Type: text/x-patch, Size: 1446 bytes --]

From e913b52c8903ff4488ab587ca2e475608e405b24 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Sat, 10 Oct 2020 20:11:47 -0500
Subject: [PATCH] SMB3.1.1: add defines for new signing negotiate context

Currently there are three supported signing algorithms

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/smb2pdu.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 4dfb51dd7065..5932fc0dc62c 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -323,6 +323,7 @@ struct smb2_negotiate_req {
 #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID	cpu_to_le16(5)
 #define SMB2_TRANSPORT_CAPABILITIES		cpu_to_le16(6)
 #define SMB2_RDMA_TRANSFORM_CAPABILITIES	cpu_to_le16(7)
+#define SMB2_SIGNING_CAPABILITIES		cpu_to_le16(8)
 #define SMB2_POSIX_EXTENSIONS_AVAILABLE		cpu_to_le16(0x100)
 
 struct smb2_neg_context {
@@ -416,6 +417,19 @@ struct smb2_rdma_transform_capabilities_context {
 	__le16	RDMATransformIds[1];
 } __packed;
 
+/* Signing algorithms */
+#define SIGNING_ALG_HMAC_SHA256	0
+#define SIGNING_ALG_AES_CMAC	1
+#define SIGNING_ALG_AES_GMAC	2
+
+struct smb2_signing_capabilities {
+	__le16	ContextType; /* 8 */
+	__le16	DataLength;
+	__u32	Reserved;
+	__le16	SigningAlgorithmCount;
+	__le16	SigningAlgorithms[];
+} __packed;
+
 #define POSIX_CTXT_DATA_LEN	16
 struct smb2_posix_neg_context {
 	__le16	ContextType; /* 0x100 */
-- 
2.25.1

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Stefan Metzmacher]

[-- Attachment #1.1: Type: text/plain, Size: 1127 bytes --]

Am 11.10.20 um 03:25 schrieb Steve French via samba-technical:
> Add defines for the three supported signing algorithms
> 
> Signed-off-by: Steve French <stfrench@microsoft.com>
> ---
>  fs/cifs/smb2pdu.h | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
> index 4dfb51dd7065..5932fc0dc62c 100644
> --- a/fs/cifs/smb2pdu.h
> +++ b/fs/cifs/smb2pdu.h
> @@ -323,6 +323,7 @@ struct smb2_negotiate_req {
>  #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5)
>  #define SMB2_TRANSPORT_CAPABILITIES cpu_to_le16(6)
>  #define SMB2_RDMA_TRANSFORM_CAPABILITIES cpu_to_le16(7)
> +#define SMB2_SIGNING_CAPABILITIES cpu_to_le16(8)
>  #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100)
> 
>  struct smb2_neg_context {
> @@ -416,6 +417,19 @@ struct smb2_rdma_transform_capabilities_context {
>   __le16 RDMATransformIds[1];
>  } __packed;
> 
> +/* Signing algorithms */
> +#define SIGNING_ALG_HMAC_SHA256 0
> +#define SIGNING_ALG_AES_CMAC 1
> +#define SIGNING_ALG_AES_GMAC 2

This isn't in MS-SMB2 yet.

Is this AES_128?

metze



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Aurélien Aptel]

Patch LGTM

Reviewed-by: Aurelien Aptel <aaptel@suse.com>

Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
> This isn't in MS-SMB2 yet.
>
> Is this AES_128?

This is returned in latest Windows Server Insider builds but it's not
documented yet.

https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver

I've asked dochelp about it during the SDC plugfest and they gave me
this:

    The new ContextType is:
    SMB2_SIGNING_CAPABILITIES 0x0008
    The Data field contains a list of signing algorithms.
    •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
    •    It adds the AES-GMAC algorithm.
     
    SigningAlgorithmCount (2 bytes): Count of signing algorithms
    SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
     
    The following IDs are assigned: 
    0 = HMAC-SHA256
    1 = AES-CMAC
    2 = AES-GMAC


I've been CCed in a Microsoft email thread later on and it seems to be
unclear why this was missed/wasn't documented. Maybe this is subject to
change so take with a grain of salt.

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Tom Talpey]

On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
> Patch LGTM
> 
> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> 
> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
>> This isn't in MS-SMB2 yet.
>>
>> Is this AES_128?
> 
> This is returned in latest Windows Server Insider builds but it's not
> documented yet.
> 
> https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
> 
> I've asked dochelp about it during the SDC plugfest and they gave me
> this:
> 
>      The new ContextType is:
>      SMB2_SIGNING_CAPABILITIES 0x0008
>      The Data field contains a list of signing algorithms.
>      •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
>      •    It adds the AES-GMAC algorithm.
>       
>      SigningAlgorithmCount (2 bytes): Count of signing algorithms
>      SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
>       
>      The following IDs are assigned:
>      0 = HMAC-SHA256
>      1 = AES-CMAC
>      2 = AES-GMAC
> 
> 
> I've been CCed in a Microsoft email thread later on and it seems to be
> unclear why this was missed/wasn't documented. Maybe this is subject to
> change so take with a grain of salt.

Just curious if you've heard back on this. Insider builds will sometimes
support things that don't make it to the release. Even Preview docs can
change. However, AES_GMAC has been on the radar since 2015 (*) so
perhaps the time has come!

I'd suggest wrapping this context and the integrity algs in some kind of
conditional, in case this is delayed...

Tom.

(*) slide 29+ 
https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Steve French]

> suggest wrapping this context and the integrity algs in some kind of conditional

I have a couple patches to send the context (which I haven't merged
yet, because, similar to what you suggested, I wanted to make sure
they were disabled by default).

Tentative plan was to have them disabled by default, and sending the
new context can be enabled for testing by a module parameter (e.g.
"echo 1 >  /sys/modules/cifs/parameters/enable_signing_context"  or
some similar config variable name)

On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote:
>
> On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
> > Patch LGTM
> >
> > Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> >
> > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
> >> This isn't in MS-SMB2 yet.
> >>
> >> Is this AES_128?
> >
> > This is returned in latest Windows Server Insider builds but it's not
> > documented yet.
> >
> > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
> >
> > I've asked dochelp about it during the SDC plugfest and they gave me
> > this:
> >
> >      The new ContextType is:
> >      SMB2_SIGNING_CAPABILITIES 0x0008
> >      The Data field contains a list of signing algorithms.
> >      •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
> >      •    It adds the AES-GMAC algorithm.
> >
> >      SigningAlgorithmCount (2 bytes): Count of signing algorithms
> >      SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
> >
> >      The following IDs are assigned:
> >      0 = HMAC-SHA256
> >      1 = AES-CMAC
> >      2 = AES-GMAC
> >
> >
> > I've been CCed in a Microsoft email thread later on and it seems to be
> > unclear why this was missed/wasn't documented. Maybe this is subject to
> > change so take with a grain of salt.
>
> Just curious if you've heard back on this. Insider builds will sometimes
> support things that don't make it to the release. Even Preview docs can
> change. However, AES_GMAC has been on the radar since 2015 (*) so
> perhaps the time has come!
>
> I'd suggest wrapping this context and the integrity algs in some kind of
> conditional, in case this is delayed...
>
> Tom.
>
> (*) slide 29+
> https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf



-- 
Thanks,

Steve

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Steve French]

[-- Attachment #1: Type: text/plain, Size: 3243 bytes --]

Here is a patch to add a module load parm that is turned off by
default to allow users to enable it for experimentation

# ls /sys/module/cifs/parameters/
CIFSMaxBufSize    cifs_min_small           enable_oplocks
cifs_max_pending  disable_legacy_dialects  enable_signing_negcontext
cifs_min_rcv      enable_gcm_256           require_gcm_256

# cat /sys/module/cifs/parameters/enable_signing_negcontext
N

On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote:
>
> > suggest wrapping this context and the integrity algs in some kind of conditional
>
> I have a couple patches to send the context (which I haven't merged
> yet, because, similar to what you suggested, I wanted to make sure
> they were disabled by default).
>
> Tentative plan was to have them disabled by default, and sending the
> new context can be enabled for testing by a module parameter (e.g.
> "echo 1 >  /sys/modules/cifs/parameters/enable_signing_context"  or
> some similar config variable name)
>
> On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote:
> >
> > On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
> > > Patch LGTM
> > >
> > > Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> > >
> > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
> > >> This isn't in MS-SMB2 yet.
> > >>
> > >> Is this AES_128?
> > >
> > > This is returned in latest Windows Server Insider builds but it's not
> > > documented yet.
> > >
> > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
> > >
> > > I've asked dochelp about it during the SDC plugfest and they gave me
> > > this:
> > >
> > >      The new ContextType is:
> > >      SMB2_SIGNING_CAPABILITIES 0x0008
> > >      The Data field contains a list of signing algorithms.
> > >      •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
> > >      •    It adds the AES-GMAC algorithm.
> > >
> > >      SigningAlgorithmCount (2 bytes): Count of signing algorithms
> > >      SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
> > >
> > >      The following IDs are assigned:
> > >      0 = HMAC-SHA256
> > >      1 = AES-CMAC
> > >      2 = AES-GMAC
> > >
> > >
> > > I've been CCed in a Microsoft email thread later on and it seems to be
> > > unclear why this was missed/wasn't documented. Maybe this is subject to
> > > change so take with a grain of salt.
> >
> > Just curious if you've heard back on this. Insider builds will sometimes
> > support things that don't make it to the release. Even Preview docs can
> > change. However, AES_GMAC has been on the radar since 2015 (*) so
> > perhaps the time has come!
> >
> > I'd suggest wrapping this context and the integrity algs in some kind of
> > conditional, in case this is delayed...
> >
> > Tom.
> >
> > (*) slide 29+
> > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
>
>
>
> --
> Thanks,
>
> Steve



-- 
Thanks,

Steve

[-- Attachment #2: 0001-SMB3.1.1-add-new-module-load-parm-enable_signing_neg.patch --]
[-- Type: text/x-patch, Size: 2460 bytes --]

From 9af724f1e55f3b3ee84de501176e8b5950156573 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Fri, 16 Oct 2020 00:42:36 -0500
Subject: [PATCH] SMB3.1.1: add new module load parm enable_signing_negcontext

Add new module load parameter enable_signing_negcontext. If set
(it is disabled by default and experimental) then send the new
signing negotiate context to allow the server and client to
negotiate which each other the preferred signing algorithm.

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/cifsfs.c   | 4 ++++
 fs/cifs/cifsglob.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 472cb7777e3e..ca41ad292d05 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -71,6 +71,7 @@ bool enable_oplocks = true;
 bool linuxExtEnabled = true;
 bool lookupCacheEnabled = true;
 bool disable_legacy_dialects; /* false by default */
+bool enable_signing_negcontext; /* false by default, experimental */
 bool enable_gcm_256;  /* false by default, change when more servers support it */
 bool require_gcm_256; /* false by default */
 unsigned int global_secflags = CIFSSEC_DEF;
@@ -106,6 +107,9 @@ MODULE_PARM_DESC(slow_rsp_threshold, "Amount of time (in seconds) to wait "
 module_param(enable_oplocks, bool, 0644);
 MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1");
 
+module_param(enable_signing_negcontext, bool, 0644);
+MODULE_PARM_DESC(enable_signing_negcontext, "Enable experimental negotiation of packet signing algorithm. Default: n/N/0");
+
 module_param(enable_gcm_256, bool, 0644);
 MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encryption. Default: n/N/0");
 
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index a1a1a16acb38..544dc06cad57 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -1956,6 +1956,7 @@ extern bool lookupCacheEnabled;
 extern unsigned int global_secflags;	/* if on, session setup sent
 				with more secure ntlmssp2 challenge/resp */
 extern unsigned int sign_CIFS_PDUs;  /* enable smb packet signing */
+extern bool enable_signing_negcontext; /* allow experimental negotiate of signing algorithms */
 extern bool enable_gcm_256; /* allow optional negotiate of strongest signing (aes-gcm-256) */
 extern bool require_gcm_256; /* require use of strongest signing (aes-gcm-256) */
 extern bool linuxExtEnabled;/*enable Linux/Unix CIFS extensions*/
-- 
2.25.1

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[ronnie sahlberg]

Looks good, but I think Tom's point is we should not put this in
upstream until the feature is officially launched.
In  wireshark, we can add these things immediately since any capture
files with these parameters will continue to exist forever.
See wireshark still supports pre-RFS versions of iSCSI.
But for cifs.ko we might want to wait sending to Linus until it is
officially released in a consumer version of windows.

Lets just look at SMB2.PDF and all the bitfields/flags that specify a
feature with description and then the comment that it is not used,
clients should set it to 0 and servers must ignore the flag. Things
can change until official release.



On Fri, Oct 16, 2020 at 3:50 PM Steve French via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Here is a patch to add a module load parm that is turned off by
> default to allow users to enable it for experimentation
>
> # ls /sys/module/cifs/parameters/
> CIFSMaxBufSize    cifs_min_small           enable_oplocks
> cifs_max_pending  disable_legacy_dialects  enable_signing_negcontext
> cifs_min_rcv      enable_gcm_256           require_gcm_256
>
> # cat /sys/module/cifs/parameters/enable_signing_negcontext
> N
>
> On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote:
> >
> > > suggest wrapping this context and the integrity algs in some kind of conditional
> >
> > I have a couple patches to send the context (which I haven't merged
> > yet, because, similar to what you suggested, I wanted to make sure
> > they were disabled by default).
> >
> > Tentative plan was to have them disabled by default, and sending the
> > new context can be enabled for testing by a module parameter (e.g.
> > "echo 1 >  /sys/modules/cifs/parameters/enable_signing_context"  or
> > some similar config variable name)
> >
> > On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote:
> > >
> > > On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
> > > > Patch LGTM
> > > >
> > > > Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> > > >
> > > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
> > > >> This isn't in MS-SMB2 yet.
> > > >>
> > > >> Is this AES_128?
> > > >
> > > > This is returned in latest Windows Server Insider builds but it's not
> > > > documented yet.
> > > >
> > > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
> > > >
> > > > I've asked dochelp about it during the SDC plugfest and they gave me
> > > > this:
> > > >
> > > >      The new ContextType is:
> > > >      SMB2_SIGNING_CAPABILITIES 0x0008
> > > >      The Data field contains a list of signing algorithms.
> > > >      •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
> > > >      •    It adds the AES-GMAC algorithm.
> > > >
> > > >      SigningAlgorithmCount (2 bytes): Count of signing algorithms
> > > >      SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
> > > >
> > > >      The following IDs are assigned:
> > > >      0 = HMAC-SHA256
> > > >      1 = AES-CMAC
> > > >      2 = AES-GMAC
> > > >
> > > >
> > > > I've been CCed in a Microsoft email thread later on and it seems to be
> > > > unclear why this was missed/wasn't documented. Maybe this is subject to
> > > > change so take with a grain of salt.
> > >
> > > Just curious if you've heard back on this. Insider builds will sometimes
> > > support things that don't make it to the release. Even Preview docs can
> > > change. However, AES_GMAC has been on the radar since 2015 (*) so
> > > perhaps the time has come!
> > >
> > > I'd suggest wrapping this context and the integrity algs in some kind of
> > > conditional, in case this is delayed...
> > >
> > > Tom.
> > >
> > > (*) slide 29+
> > > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
> >
> >
> >
> > --
> > Thanks,
> >
> > Steve
>
>
>
> --
> Thanks,
>
> Steve

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Tom Talpey]

Indeed yes, my point is that until/unless Microsoft indicates
the new signing context is committed to the protocol, it's
premature to bake it into Linux, or anywhere else. Speaking
from experience, things have been changed or removed at some
very late dates, in fact.

While I have the floor, and just a personal opinion, I feel
there is a huge and confusing proliferation of module options
and mount flags creeping into cifs.ko over time here. Is this
really a good idea?

Tom.

On 10/16/2020 2:11 AM, ronnie sahlberg wrote:
> Looks good, but I think Tom's point is we should not put this in
> upstream until the feature is officially launched.
> In  wireshark, we can add these things immediately since any capture
> files with these parameters will continue to exist forever.
> See wireshark still supports pre-RFS versions of iSCSI.
> But for cifs.ko we might want to wait sending to Linus until it is
> officially released in a consumer version of windows.
> 
> Lets just look at SMB2.PDF and all the bitfields/flags that specify a
> feature with description and then the comment that it is not used,
> clients should set it to 0 and servers must ignore the flag. Things
> can change until official release.
> 
> 
> 
> On Fri, Oct 16, 2020 at 3:50 PM Steve French via samba-technical
> <samba-technical@lists.samba.org> wrote:
>>
>> Here is a patch to add a module load parm that is turned off by
>> default to allow users to enable it for experimentation
>>
>> # ls /sys/module/cifs/parameters/
>> CIFSMaxBufSize    cifs_min_small           enable_oplocks
>> cifs_max_pending  disable_legacy_dialects  enable_signing_negcontext
>> cifs_min_rcv      enable_gcm_256           require_gcm_256
>>
>> # cat /sys/module/cifs/parameters/enable_signing_negcontext
>> N
>>
>> On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote:
>>>
>>>> suggest wrapping this context and the integrity algs in some kind of conditional
>>>
>>> I have a couple patches to send the context (which I haven't merged
>>> yet, because, similar to what you suggested, I wanted to make sure
>>> they were disabled by default).
>>>
>>> Tentative plan was to have them disabled by default, and sending the
>>> new context can be enabled for testing by a module parameter (e.g.
>>> "echo 1 >  /sys/modules/cifs/parameters/enable_signing_context"  or
>>> some similar config variable name)
>>>
>>> On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote:
>>>>
>>>> On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
>>>>> Patch LGTM
>>>>>
>>>>> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
>>>>>
>>>>> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
>>>>>> This isn't in MS-SMB2 yet.
>>>>>>
>>>>>> Is this AES_128?
>>>>>
>>>>> This is returned in latest Windows Server Insider builds but it's not
>>>>> documented yet.
>>>>>
>>>>> https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
>>>>>
>>>>> I've asked dochelp about it during the SDC plugfest and they gave me
>>>>> this:
>>>>>
>>>>>       The new ContextType is:
>>>>>       SMB2_SIGNING_CAPABILITIES 0x0008
>>>>>       The Data field contains a list of signing algorithms.
>>>>>       •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
>>>>>       •    It adds the AES-GMAC algorithm.
>>>>>
>>>>>       SigningAlgorithmCount (2 bytes): Count of signing algorithms
>>>>>       SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
>>>>>
>>>>>       The following IDs are assigned:
>>>>>       0 = HMAC-SHA256
>>>>>       1 = AES-CMAC
>>>>>       2 = AES-GMAC
>>>>>
>>>>>
>>>>> I've been CCed in a Microsoft email thread later on and it seems to be
>>>>> unclear why this was missed/wasn't documented. Maybe this is subject to
>>>>> change so take with a grain of salt.
>>>>
>>>> Just curious if you've heard back on this. Insider builds will sometimes
>>>> support things that don't make it to the release. Even Preview docs can
>>>> change. However, AES_GMAC has been on the radar since 2015 (*) so
>>>> perhaps the time has come!
>>>>
>>>> I'd suggest wrapping this context and the integrity algs in some kind of
>>>> conditional, in case this is delayed...
>>>>
>>>> Tom.
>>>>
>>>> (*) slide 29+
>>>> https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
>>>
>>>
>>>
>>> --
>>> Thanks,
>>>
>>> Steve
>>
>>
>>
>> --
>> Thanks,
>>
>> Steve
> 
> 

Re: [PATCH][SMB3.1.1] Add defines for new signing context

[Stefan Metzmacher]

[-- Attachment #1.1: Type: text/plain, Size: 2249 bytes --]

Am 15.10.20 um 20:15 schrieb Tom Talpey:
> On 10/12/2020 5:50 AM, Aurélien Aptel wrote:
>> Patch LGTM
>>
>> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
>>
>> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org>
>>> This isn't in MS-SMB2 yet.
>>>
>>> Is this AES_128?
>>
>> This is returned in latest Windows Server Insider builds but it's not
>> documented yet.
>>
>> https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
>>
>> I've asked dochelp about it during the SDC plugfest and they gave me
>> this:
>>
>>      The new ContextType is:
>>      SMB2_SIGNING_CAPABILITIES 0x0008
>>      The Data field contains a list of signing algorithms.
>>      •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use
>> HMAC-SHA256 with SMB 3.1.1.
>>      •    It adds the AES-GMAC algorithm.
>>            SigningAlgorithmCount (2 bytes): Count of signing algorithms
>>      SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
>>            The following IDs are assigned:
>>      0 = HMAC-SHA256
>>      1 = AES-CMAC
>>      2 = AES-GMAC
>>
>>
>> I've been CCed in a Microsoft email thread later on and it seems to be
>> unclear why this was missed/wasn't documented. Maybe this is subject to
>> change so take with a grain of salt.
> 
> Just curious if you've heard back on this. Insider builds will sometimes
> support things that don't make it to the release. Even Preview docs can
> change. However, AES_GMAC has been on the radar since 2015 (*) so
> perhaps the time has come!
> 
> I'd suggest wrapping this context and the integrity algs in some kind of
> conditional, in case this is delayed...

Does anyone know how the nonce/iv is constructed for GMAC?
I see a Windows server returning a signed final session setup
(which is a plain SMB2 response without any TRANSFORM-like header).


Also is using AES-128-GCM only with auth_data and no plain/cipher-text the correct way to implement GMAC?

metze


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]