korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix encryption labels and lengths for SMB3.1.1

Browse Source 
SMB3.1.1 is most secure and recent dialect. Fixup labels and lengths
for sMB3.1.1 signing and encryption.

Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
This commit is contained in:
Steve French 2017-09-25 20:11:58 -05:00
parent 3e0cc09a3a
commit 06e2290844
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fs/cifs/cifsglob.h
View File

@ -661,7 +661,9 @@ struct TCP_Server_Info {
#endif
unsigned int max_read;
unsigned int max_write;
__u8 preauth_hash[512];
#ifdef CONFIG_CIFS_SMB311
__u8 preauth_sha_hash[64]; /* save initital negprot hash */
#endif /* 3.1.1 */
struct delayed_work reconnect; /* reconnect workqueue job */
struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
unsigned long echo_interval;
@ -849,7 +851,9 @@ struct cifs_ses {
__u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];
__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
__u8 preauth_hash[512];
#ifdef CONFIG_CIFS_SMB311
__u8 preauth_sha_hash[64];
#endif /* 3.1.1 */
};
static inline bool

26
fs/cifs/smb2transport.c
View File

@ -390,6 +390,7 @@ generate_smb30signingkey(struct cifs_ses *ses)
return generate_smb3signingkey(ses, &triplet);
}
#ifdef CONFIG_CIFS_SMB311
int
generate_smb311signingkey(struct cifs_ses *ses)
@ -398,25 +399,26 @@ generate_smb311signingkey(struct cifs_ses *ses)
struct derivation *d;
d = &triplet.signing;
d->label.iov_base = "SMB2AESCMAC";
d->label.iov_len = 12;
d->context.iov_base = "SmbSign";
d->context.iov_len = 8;
d->label.iov_base = "SMBSigningKey";
d->label.iov_len = 14;
d->context.iov_base = ses->preauth_sha_hash;
d->context.iov_len = 64;
d = &triplet.encryption;
d->label.iov_base = "SMB2AESCCM";
d->label.iov_len = 11;
d->context.iov_base = "ServerIn ";
d->context.iov_len = 10;
d->label.iov_base = "SMBC2SCipherKey";
d->label.iov_len = 16;
d->context.iov_base = ses->preauth_sha_hash;
d->context.iov_len = 64;
d = &triplet.decryption;
d->label.iov_base = "SMB2AESCCM";
d->label.iov_len = 11;
d->context.iov_base = "ServerOut";
d->context.iov_len = 10;
d->label.iov_base = "SMBS2CCipherKey";
d->label.iov_len = 16;
d->context.iov_base = ses->preauth_sha_hash;
d->context.iov_len = 64;
return generate_smb3signingkey(ses, &triplet);
}
#endif /* 311 */
int
smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)