From patchwork Sun Apr 22 15:44:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 10355561 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 23B2860388 for ; Sun, 22 Apr 2018 15:45:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 122E62844B for ; Sun, 22 Apr 2018 15:45:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 064E52894C; Sun, 22 Apr 2018 15:45:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81FCA2844B for ; Sun, 22 Apr 2018 15:45:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754608AbeDVPpW (ORCPT ); Sun, 22 Apr 2018 11:45:22 -0400 Received: from mail-pf0-f177.google.com ([209.85.192.177]:42041 "EHLO mail-pf0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754269AbeDVPpU (ORCPT ); Sun, 22 Apr 2018 11:45:20 -0400 Received: by mail-pf0-f177.google.com with SMTP id o16so7199720pfk.9 for ; Sun, 22 Apr 2018 08:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Pz2C+BamdcY8rNMZ0cFiS0GXheE7bCG5em/WeCg2DIg=; b=n7eQJUso6GewOY9ahw5gl62HnMW/6tG9jnILoaS7o5VBefUhw5cdkBn/dpwkzJDUXS XuXUkk7kQnF+UY8A6kESpBypCCQoU4VXcJ15B0NMVen6HiZttK57xSnWUtm0hqpxplHQ NErk8m3db0/dD4XUXqM/T5RRmeO6DaxmxnkGPN6kZ1ZEVVCX4fMIB+FykskDcEMj7IuR DZUUzYUZ+DKNTQS40b2P6PW9NTz+H3RB9QviXg1KIKJjZfAfNQY96euGBsZyAPTvFIRt yLRTqSgtGQ9d8Is+MKkz+xx8osI8f8KO9zIIV5Upnwf2DUGwoyhJV1FJGiHgU2wHLaab YjIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Pz2C+BamdcY8rNMZ0cFiS0GXheE7bCG5em/WeCg2DIg=; b=Yl92jVpE3kHdDTI7RlGC5FJwffuehfBot5f+iu03p4ABjw+2djHFAXZV0m2boQXsWa zFLsa5GU+1pLSemEzu7jP4o5yclbf2oTQIXzO27pT2aAspsvMPRqnex0KOH5GS11q9Rq QvFyuPUSuowQV9Hmb+MKev+bJSgk3Ti0Bu0gelNYxCYEshFU7Z0T+IUx9lVxEwd0svYD +avU7jT1qik+sRa1379Q4RqYClYw5NjVCNeH1cX/cvU6tnn/jNNoLQjx5oV+4XEDYTI0 32XF8QmLvkvlyRch+WwO2VCOvSIBSuV1gcbabdttU5leZYWWZW5WgJIw3qr3QqriH+cB xotw== X-Gm-Message-State: ALQs6tBJ+vB7RACeDIG4jVHv4wGFuJPPN/bMb1vyOqzJNEy8qAL0fcRn 2kZSl3J8kxzTDMLk3wTZ7T9hE/StRZDKO6KQI5Djr41H X-Google-Smtp-Source: AIpwx4+8NQVoF+eIRZ9dDZitUrlIt7/kz9w4EpXFGh90UpxC0uIcJMyPN5qsio/nZPJa+EDXMOfhsxomXiIP4R+E9fs= X-Received: by 10.99.2.199 with SMTP id 190mr14855380pgc.11.1524411919735; Sun, 22 Apr 2018 08:45:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.152.97 with HTTP; Sun, 22 Apr 2018 08:44:59 -0700 (PDT) In-Reply-To: References: From: Steve French Date: Sun, 22 Apr 2018 10:44:59 -0500 Message-ID: Subject: Re: encrypt the tcon itself if seal requested on mount and set encryption support for 3.11 properly To: Pavel Shilovsky , CIFS , samba-technical Cc: Jeremy Allison Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Needed to add one additional minor change for Samba (samba server doesn't allow the two byte pad at the end of the negotiate context that was the result of removing one of the ciphers and returned an error on SMB311 negprot I need to add: sfrench@Ubuntu-17-Virtual-Ma On Sat, Apr 21, 2018 at 12:04 PM, Steve French wrote: > Any extra testing would be appreciated of this - I tried to Windows > 2016 with and without encrypted share and also to Samba 4.7 > > On Fri, Apr 20, 2018 at 11:55 PM, Steve French wrote: >> On Fri, Apr 20, 2018 at 7:14 PM, Pavel Shilovsky wrote: >>> Looks good. Please also fix the encryption negotiate context: >> >> Fixed. Disabled AES-128GCM. See attached. >> >> Seems to work ok to Windows 3.11 now, and SMB3 tconx is also now >> encrypted if "seal" chosen on mount - tried it to Windows 2016 and to >> Samba 4.7 >> >> Main remaining problem that I see is smb3.11 reconnect (it looks like >> we are clearing the hash - but must be missing something) >> -- >> Thanks, >> >> Steve > > > > -- > Thanks, > > Steve diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 6093e5142b2b..d28f358022c5 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -297,7 +297,7 @@ struct smb2_encryption_neg_context { __le16 DataLength; __le32 Reserved; __le16 CipherCount; /* AES-128-GCM and AES-128-CCM */ - __le16 Ciphers[2]; /* Ciphers[0] since only one used now */ + __le16 Ciphers[1]; /* Ciphers[0] since only one used now */ } __packed; struct smb2_negotiate_rsp {