| Message ID | CAH2r5mtwBHTk-Xoeuo+RbgNwiNw-cWTAhdy1YG5y+vXnNDSv4w@mail.gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [SMB3.1.1] Add defines for new signing context | expand |
Am 11.10.20 um 03:25 schrieb Steve French via samba-technical: > Add defines for the three supported signing algorithms > > Signed-off-by: Steve French <stfrench@microsoft.com> > --- > fs/cifs/smb2pdu.h | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h > index 4dfb51dd7065..5932fc0dc62c 100644 > --- a/fs/cifs/smb2pdu.h > +++ b/fs/cifs/smb2pdu.h > @@ -323,6 +323,7 @@ struct smb2_negotiate_req { > #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5) > #define SMB2_TRANSPORT_CAPABILITIES cpu_to_le16(6) > #define SMB2_RDMA_TRANSFORM_CAPABILITIES cpu_to_le16(7) > +#define SMB2_SIGNING_CAPABILITIES cpu_to_le16(8) > #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) > > struct smb2_neg_context { > @@ -416,6 +417,19 @@ struct smb2_rdma_transform_capabilities_context { > __le16 RDMATransformIds[1]; > } __packed; > > +/* Signing algorithms */ > +#define SIGNING_ALG_HMAC_SHA256 0 > +#define SIGNING_ALG_AES_CMAC 1 > +#define SIGNING_ALG_AES_GMAC 2 This isn't in MS-SMB2 yet. Is this AES_128? metze
Patch LGTM Reviewed-by: Aurelien Aptel <aaptel@suse.com> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> > This isn't in MS-SMB2 yet. > > Is this AES_128? This is returned in latest Windows Server Insider builds but it's not documented yet. https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver I've asked dochelp about it during the SDC plugfest and they gave me this: The new ContextType is: SMB2_SIGNING_CAPABILITIES 0x0008 The Data field contains a list of signing algorithms. • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. • It adds the AES-GMAC algorithm. SigningAlgorithmCount (2 bytes): Count of signing algorithms SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. The following IDs are assigned: 0 = HMAC-SHA256 1 = AES-CMAC 2 = AES-GMAC I've been CCed in a Microsoft email thread later on and it seems to be unclear why this was missed/wasn't documented. Maybe this is subject to change so take with a grain of salt. Cheers,
On 10/12/2020 5:50 AM, Aurélien Aptel wrote: > Patch LGTM > > Reviewed-by: Aurelien Aptel <aaptel@suse.com> > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> >> This isn't in MS-SMB2 yet. >> >> Is this AES_128? > > This is returned in latest Windows Server Insider builds but it's not > documented yet. > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver > > I've asked dochelp about it during the SDC plugfest and they gave me > this: > > The new ContextType is: > SMB2_SIGNING_CAPABILITIES 0x0008 > The Data field contains a list of signing algorithms. > • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. > • It adds the AES-GMAC algorithm. > > SigningAlgorithmCount (2 bytes): Count of signing algorithms > SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. > > The following IDs are assigned: > 0 = HMAC-SHA256 > 1 = AES-CMAC > 2 = AES-GMAC > > > I've been CCed in a Microsoft email thread later on and it seems to be > unclear why this was missed/wasn't documented. Maybe this is subject to > change so take with a grain of salt. Just curious if you've heard back on this. Insider builds will sometimes support things that don't make it to the release. Even Preview docs can change. However, AES_GMAC has been on the radar since 2015 (*) so perhaps the time has come! I'd suggest wrapping this context and the integrity algs in some kind of conditional, in case this is delayed... Tom. (*) slide 29+ https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
> suggest wrapping this context and the integrity algs in some kind of conditional I have a couple patches to send the context (which I haven't merged yet, because, similar to what you suggested, I wanted to make sure they were disabled by default). Tentative plan was to have them disabled by default, and sending the new context can be enabled for testing by a module parameter (e.g. "echo 1 > /sys/modules/cifs/parameters/enable_signing_context" or some similar config variable name) On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote: > > On 10/12/2020 5:50 AM, Aurélien Aptel wrote: > > Patch LGTM > > > > Reviewed-by: Aurelien Aptel <aaptel@suse.com> > > > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> > >> This isn't in MS-SMB2 yet. > >> > >> Is this AES_128? > > > > This is returned in latest Windows Server Insider builds but it's not > > documented yet. > > > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver > > > > I've asked dochelp about it during the SDC plugfest and they gave me > > this: > > > > The new ContextType is: > > SMB2_SIGNING_CAPABILITIES 0x0008 > > The Data field contains a list of signing algorithms. > > • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. > > • It adds the AES-GMAC algorithm. > > > > SigningAlgorithmCount (2 bytes): Count of signing algorithms > > SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. > > > > The following IDs are assigned: > > 0 = HMAC-SHA256 > > 1 = AES-CMAC > > 2 = AES-GMAC > > > > > > I've been CCed in a Microsoft email thread later on and it seems to be > > unclear why this was missed/wasn't documented. Maybe this is subject to > > change so take with a grain of salt. > > Just curious if you've heard back on this. Insider builds will sometimes > support things that don't make it to the release. Even Preview docs can > change. However, AES_GMAC has been on the radar since 2015 (*) so > perhaps the time has come! > > I'd suggest wrapping this context and the integrity algs in some kind of > conditional, in case this is delayed... > > Tom. > > (*) slide 29+ > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf
Here is a patch to add a module load parm that is turned off by default to allow users to enable it for experimentation # ls /sys/module/cifs/parameters/ CIFSMaxBufSize cifs_min_small enable_oplocks cifs_max_pending disable_legacy_dialects enable_signing_negcontext cifs_min_rcv enable_gcm_256 require_gcm_256 # cat /sys/module/cifs/parameters/enable_signing_negcontext N On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote: > > > suggest wrapping this context and the integrity algs in some kind of conditional > > I have a couple patches to send the context (which I haven't merged > yet, because, similar to what you suggested, I wanted to make sure > they were disabled by default). > > Tentative plan was to have them disabled by default, and sending the > new context can be enabled for testing by a module parameter (e.g. > "echo 1 > /sys/modules/cifs/parameters/enable_signing_context" or > some similar config variable name) > > On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote: > > > > On 10/12/2020 5:50 AM, Aurélien Aptel wrote: > > > Patch LGTM > > > > > > Reviewed-by: Aurelien Aptel <aaptel@suse.com> > > > > > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> > > >> This isn't in MS-SMB2 yet. > > >> > > >> Is this AES_128? > > > > > > This is returned in latest Windows Server Insider builds but it's not > > > documented yet. > > > > > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver > > > > > > I've asked dochelp about it during the SDC plugfest and they gave me > > > this: > > > > > > The new ContextType is: > > > SMB2_SIGNING_CAPABILITIES 0x0008 > > > The Data field contains a list of signing algorithms. > > > • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. > > > • It adds the AES-GMAC algorithm. > > > > > > SigningAlgorithmCount (2 bytes): Count of signing algorithms > > > SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. > > > > > > The following IDs are assigned: > > > 0 = HMAC-SHA256 > > > 1 = AES-CMAC > > > 2 = AES-GMAC > > > > > > > > > I've been CCed in a Microsoft email thread later on and it seems to be > > > unclear why this was missed/wasn't documented. Maybe this is subject to > > > change so take with a grain of salt. > > > > Just curious if you've heard back on this. Insider builds will sometimes > > support things that don't make it to the release. Even Preview docs can > > change. However, AES_GMAC has been on the radar since 2015 (*) so > > perhaps the time has come! > > > > I'd suggest wrapping this context and the integrity algs in some kind of > > conditional, in case this is delayed... > > > > Tom. > > > > (*) slide 29+ > > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf > > > > -- > Thanks, > > Steve
Looks good, but I think Tom's point is we should not put this in upstream until the feature is officially launched. In wireshark, we can add these things immediately since any capture files with these parameters will continue to exist forever. See wireshark still supports pre-RFS versions of iSCSI. But for cifs.ko we might want to wait sending to Linus until it is officially released in a consumer version of windows. Lets just look at SMB2.PDF and all the bitfields/flags that specify a feature with description and then the comment that it is not used, clients should set it to 0 and servers must ignore the flag. Things can change until official release. On Fri, Oct 16, 2020 at 3:50 PM Steve French via samba-technical <samba-technical@lists.samba.org> wrote: > > Here is a patch to add a module load parm that is turned off by > default to allow users to enable it for experimentation > > # ls /sys/module/cifs/parameters/ > CIFSMaxBufSize cifs_min_small enable_oplocks > cifs_max_pending disable_legacy_dialects enable_signing_negcontext > cifs_min_rcv enable_gcm_256 require_gcm_256 > > # cat /sys/module/cifs/parameters/enable_signing_negcontext > N > > On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote: > > > > > suggest wrapping this context and the integrity algs in some kind of conditional > > > > I have a couple patches to send the context (which I haven't merged > > yet, because, similar to what you suggested, I wanted to make sure > > they were disabled by default). > > > > Tentative plan was to have them disabled by default, and sending the > > new context can be enabled for testing by a module parameter (e.g. > > "echo 1 > /sys/modules/cifs/parameters/enable_signing_context" or > > some similar config variable name) > > > > On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote: > > > > > > On 10/12/2020 5:50 AM, Aurélien Aptel wrote: > > > > Patch LGTM > > > > > > > > Reviewed-by: Aurelien Aptel <aaptel@suse.com> > > > > > > > > Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> > > > >> This isn't in MS-SMB2 yet. > > > >> > > > >> Is this AES_128? > > > > > > > > This is returned in latest Windows Server Insider builds but it's not > > > > documented yet. > > > > > > > > https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver > > > > > > > > I've asked dochelp about it during the SDC plugfest and they gave me > > > > this: > > > > > > > > The new ContextType is: > > > > SMB2_SIGNING_CAPABILITIES 0x0008 > > > > The Data field contains a list of signing algorithms. > > > > • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. > > > > • It adds the AES-GMAC algorithm. > > > > > > > > SigningAlgorithmCount (2 bytes): Count of signing algorithms > > > > SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. > > > > > > > > The following IDs are assigned: > > > > 0 = HMAC-SHA256 > > > > 1 = AES-CMAC > > > > 2 = AES-GMAC > > > > > > > > > > > > I've been CCed in a Microsoft email thread later on and it seems to be > > > > unclear why this was missed/wasn't documented. Maybe this is subject to > > > > change so take with a grain of salt. > > > > > > Just curious if you've heard back on this. Insider builds will sometimes > > > support things that don't make it to the release. Even Preview docs can > > > change. However, AES_GMAC has been on the radar since 2015 (*) so > > > perhaps the time has come! > > > > > > I'd suggest wrapping this context and the integrity algs in some kind of > > > conditional, in case this is delayed... > > > > > > Tom. > > > > > > (*) slide 29+ > > > https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf > > > > > > > > -- > > Thanks, > > > > Steve > > > > -- > Thanks, > > Steve
Indeed yes, my point is that until/unless Microsoft indicates the new signing context is committed to the protocol, it's premature to bake it into Linux, or anywhere else. Speaking from experience, things have been changed or removed at some very late dates, in fact. While I have the floor, and just a personal opinion, I feel there is a huge and confusing proliferation of module options and mount flags creeping into cifs.ko over time here. Is this really a good idea? Tom. On 10/16/2020 2:11 AM, ronnie sahlberg wrote: > Looks good, but I think Tom's point is we should not put this in > upstream until the feature is officially launched. > In wireshark, we can add these things immediately since any capture > files with these parameters will continue to exist forever. > See wireshark still supports pre-RFS versions of iSCSI. > But for cifs.ko we might want to wait sending to Linus until it is > officially released in a consumer version of windows. > > Lets just look at SMB2.PDF and all the bitfields/flags that specify a > feature with description and then the comment that it is not used, > clients should set it to 0 and servers must ignore the flag. Things > can change until official release. > > > > On Fri, Oct 16, 2020 at 3:50 PM Steve French via samba-technical > <samba-technical@lists.samba.org> wrote: >> >> Here is a patch to add a module load parm that is turned off by >> default to allow users to enable it for experimentation >> >> # ls /sys/module/cifs/parameters/ >> CIFSMaxBufSize cifs_min_small enable_oplocks >> cifs_max_pending disable_legacy_dialects enable_signing_negcontext >> cifs_min_rcv enable_gcm_256 require_gcm_256 >> >> # cat /sys/module/cifs/parameters/enable_signing_negcontext >> N >> >> On Thu, Oct 15, 2020 at 11:50 PM Steve French <smfrench@gmail.com> wrote: >>> >>>> suggest wrapping this context and the integrity algs in some kind of conditional >>> >>> I have a couple patches to send the context (which I haven't merged >>> yet, because, similar to what you suggested, I wanted to make sure >>> they were disabled by default). >>> >>> Tentative plan was to have them disabled by default, and sending the >>> new context can be enabled for testing by a module parameter (e.g. >>> "echo 1 > /sys/modules/cifs/parameters/enable_signing_context" or >>> some similar config variable name) >>> >>> On Thu, Oct 15, 2020 at 1:15 PM Tom Talpey <tom@talpey.com> wrote: >>>> >>>> On 10/12/2020 5:50 AM, Aurélien Aptel wrote: >>>>> Patch LGTM >>>>> >>>>> Reviewed-by: Aurelien Aptel <aaptel@suse.com> >>>>> >>>>> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> >>>>>> This isn't in MS-SMB2 yet. >>>>>> >>>>>> Is this AES_128? >>>>> >>>>> This is returned in latest Windows Server Insider builds but it's not >>>>> documented yet. >>>>> >>>>> https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver >>>>> >>>>> I've asked dochelp about it during the SDC plugfest and they gave me >>>>> this: >>>>> >>>>> The new ContextType is: >>>>> SMB2_SIGNING_CAPABILITIES 0x0008 >>>>> The Data field contains a list of signing algorithms. >>>>> • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1. >>>>> • It adds the AES-GMAC algorithm. >>>>> >>>>> SigningAlgorithmCount (2 bytes): Count of signing algorithms >>>>> SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. >>>>> >>>>> The following IDs are assigned: >>>>> 0 = HMAC-SHA256 >>>>> 1 = AES-CMAC >>>>> 2 = AES-GMAC >>>>> >>>>> >>>>> I've been CCed in a Microsoft email thread later on and it seems to be >>>>> unclear why this was missed/wasn't documented. Maybe this is subject to >>>>> change so take with a grain of salt. >>>> >>>> Just curious if you've heard back on this. Insider builds will sometimes >>>> support things that don't make it to the release. Even Preview docs can >>>> change. However, AES_GMAC has been on the radar since 2015 (*) so >>>> perhaps the time has come! >>>> >>>> I'd suggest wrapping this context and the integrity algs in some kind of >>>> conditional, in case this is delayed... >>>> >>>> Tom. >>>> >>>> (*) slide 29+ >>>> https://www.snia.org/sites/default/files/SDC15_presentations/smb/GregKramer_%20SMB_3-1-1_rev.pdf >>> >>> >>> >>> -- >>> Thanks, >>> >>> Steve >> >> >> >> -- >> Thanks, >> >> Steve > >
Am 15.10.20 um 20:15 schrieb Tom Talpey: > On 10/12/2020 5:50 AM, Aurélien Aptel wrote: >> Patch LGTM >> >> Reviewed-by: Aurelien Aptel <aaptel@suse.com> >> >> Stefan Metzmacher via samba-technical <samba-technical@lists.samba.org> >>> This isn't in MS-SMB2 yet. >>> >>> Is this AES_128? >> >> This is returned in latest Windows Server Insider builds but it's not >> documented yet. >> >> https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver >> >> I've asked dochelp about it during the SDC plugfest and they gave me >> this: >> >> The new ContextType is: >> SMB2_SIGNING_CAPABILITIES 0x0008 >> The Data field contains a list of signing algorithms. >> • It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use >> HMAC-SHA256 with SMB 3.1.1. >> • It adds the AES-GMAC algorithm. >> SigningAlgorithmCount (2 bytes): Count of signing algorithms >> SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms. >> The following IDs are assigned: >> 0 = HMAC-SHA256 >> 1 = AES-CMAC >> 2 = AES-GMAC >> >> >> I've been CCed in a Microsoft email thread later on and it seems to be >> unclear why this was missed/wasn't documented. Maybe this is subject to >> change so take with a grain of salt. > > Just curious if you've heard back on this. Insider builds will sometimes > support things that don't make it to the release. Even Preview docs can > change. However, AES_GMAC has been on the radar since 2015 (*) so > perhaps the time has come! > > I'd suggest wrapping this context and the integrity algs in some kind of > conditional, in case this is delayed... Does anyone know how the nonce/iv is constructed for GMAC? I see a Windows server returning a signed final session setup (which is a plain SMB2 response without any TRANSFORM-like header). Also is using AES-128-GCM only with auth_data and no plain/cipher-text the correct way to implement GMAC? metze
From e913b52c8903ff4488ab587ca2e475608e405b24 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@microsoft.com> Date: Sat, 10 Oct 2020 20:11:47 -0500 Subject: [PATCH] SMB3.1.1: add defines for new signing negotiate context Currently there are three supported signing algorithms Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/smb2pdu.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 4dfb51dd7065..5932fc0dc62c 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -323,6 +323,7 @@ struct smb2_negotiate_req { #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5) #define SMB2_TRANSPORT_CAPABILITIES cpu_to_le16(6) #define SMB2_RDMA_TRANSFORM_CAPABILITIES cpu_to_le16(7) +#define SMB2_SIGNING_CAPABILITIES cpu_to_le16(8) #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) struct smb2_neg_context { @@ -416,6 +417,19 @@ struct smb2_rdma_transform_capabilities_context { __le16 RDMATransformIds[1]; } __packed; +/* Signing algorithms */ +#define SIGNING_ALG_HMAC_SHA256 0 +#define SIGNING_ALG_AES_CMAC 1 +#define SIGNING_ALG_AES_GMAC 2 + +struct smb2_signing_capabilities { + __le16 ContextType; /* 8 */ + __le16 DataLength; + __u32 Reserved; + __le16 SigningAlgorithmCount; + __le16 SigningAlgorithms[]; +} __packed; + #define POSIX_CTXT_DATA_LEN 16 struct smb2_posix_neg_context { __le16 ContextType; /* 0x100 */ -- 2.25.1
Add defines for the three supported signing algorithms Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/smb2pdu.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+)