diff mbox series

ksmbd: fix wrong signingkey creation when encryption is AES256

Message ID 20230228235624.5451-1-linkinjeon@kernel.org (mailing list archive)
State New, archived
Headers show
Series ksmbd: fix wrong signingkey creation when encryption is AES256 | expand

Commit Message

Namjae Jeon Feb. 28, 2023, 11:56 p.m. UTC 
MacOS and Win11 support AES256 encrytion and it is included in the cipher
array of encryption context. Especially on macOS, The most preferred
cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that
support AES256 encryption. MacOS send disconnect request after receiving
final session setup response from ksmbd. Because final session setup is
signed with signing key was generated incorrectly.
For signging key, 'L' value should be initialized to 128 if key size is
16bytes.

Reported-by: Miao Lihua <441884205@qq.com>
Tested-by: Miao Lihua <441884205@qq.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ksmbd/auth.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Steve French March 1, 2023, 3:57 a.m. UTC | #1 
FYI - Linux client also supports AES GCM 256 encryption.  It is
enabled by default and can be set to required with:

MODULE_PARM_DESC(require_gcm_256, "Require strongest (256 bit) GCM
encryption. Default: n/N/0");

On Tue, Feb 28, 2023 at 5:57 PM Namjae Jeon <linkinjeon@kernel.org> wrote:
>
> MacOS and Win11 support AES256 encrytion and it is included in the cipher
> array of encryption context. Especially on macOS, The most preferred
> cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that
> support AES256 encryption. MacOS send disconnect request after receiving
> final session setup response from ksmbd. Because final session setup is
> signed with signing key was generated incorrectly.
> For signging key, 'L' value should be initialized to 128 if key size is
> 16bytes.
>
> Reported-by: Miao Lihua <441884205@qq.com>
> Tested-by: Miao Lihua <441884205@qq.com>
> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
> ---
>  fs/ksmbd/auth.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c
> index 6e61b5bc7d86..cead696b656a 100644
> --- a/fs/ksmbd/auth.c
> +++ b/fs/ksmbd/auth.c
> @@ -727,8 +727,9 @@ static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
>                 goto smb3signkey_ret;
>         }
>
> -       if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
> -           conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
> +       if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
> +           (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
> +            conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
>                 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
>         else
>                 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
> --
> 2.25.1
>
diff mbox series

Patch

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c
index 6e61b5bc7d86..cead696b656a 100644
--- a/fs/ksmbd/auth.c
+++ b/fs/ksmbd/auth.c
@@ -727,8 +727,9 @@  static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
 		goto smb3signkey_ret;
 	}
 
-	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
-	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
+	if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
+	    (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
+	     conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
 	else
 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);