From patchwork Thu Oct 15 06:21:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 11838649 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A89DEC433E7 for ; Thu, 15 Oct 2020 06:22:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3696F218AC for ; Thu, 15 Oct 2020 06:22:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Sg5p+paV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728714AbgJOGWG (ORCPT ); Thu, 15 Oct 2020 02:22:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728702AbgJOGWG (ORCPT ); Thu, 15 Oct 2020 02:22:06 -0400 Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34AD9C061755 for ; Wed, 14 Oct 2020 23:22:06 -0700 (PDT) Received: by mail-lf1-x12f.google.com with SMTP id j30so2228379lfp.4 for ; Wed, 14 Oct 2020 23:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Ypncl8j2PtTcD+6wNyDeRV5b9ikC9VJdGfjElSvdssw=; b=Sg5p+paVp5VapYRKKp2oTdciFmOEYJ/AJDWkz9czLqrppsLGylQIVt1RwcwCApVATY jV5Ii56D9bo07+MFQKoU6FFNNOvtkB2BSoJgpXSmWflkOB7h5t8txcJuVfiqLJ84fdG5 2r1CQdWAT6nZTRs0FG+82eNvQkJJ6GdDwTfR/8OzkVd0NL4+TG0/bQ+BiqA808L+MrIu UfagkqXAZguaXnJtpN5K34OM+8MBzInnyUYlzohnJFZQ32hfLB2i9ajo7X8nak11oe5c anKLZajRjLWaYjNlw/gFYX/OIw40bUuziBMcglyc5jN1LXG9BxCvd/3wORzJyRhLIxIw 8rpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ypncl8j2PtTcD+6wNyDeRV5b9ikC9VJdGfjElSvdssw=; b=VOBo8O37xJlJ/j6MFGEaQnRbVq8YiTp5yoCKI38eDHrWu/9GCvcbLeuAwmvu5T6VP6 6yYTVOjbKx3iJWGCVowMUu3k2+CpSQIiNcDYEZn+sqAn86+jeC7iqm3E6NjvUgr5GeRM Ir11SnjY7vsLf6cNzvBIeDW9NA2rQpnhm/O/uV/04Isr86aq61ByyGGLwCIipkdTku60 fjm++n0OrW1ox5klFaN6DgiklgZPaff/4UWGastFRoymwRxW6RNMlRIbzXENIdECM3Vc EcqouNU/Rr5ni/StHF61gHwGM+sBescY+/mZH+KF6oLDU1bXqeQV08C/y0/TU0iVx+jl AaZQ== X-Gm-Message-State: AOAM531zmNKP3us38YRtqvVygCOeX+EPK7rzj0f18L7AkvL0Mkg7ZgQ0 XWVL5V0M9ItxsU3fzXGD6WRzgaFGgqOYtllWPWw8MjjYuNxm8g== X-Google-Smtp-Source: ABdhPJxZnH35gKbf3hEdDtvxpE8CC/qORkwKR2GDN4A/YL6btO5r2m9S98vFZ+hhGZXS8VJJoZOGfCRLqYlgxrW8YrE= X-Received: by 2002:a19:c112:: with SMTP id r18mr516245lff.208.1602742923584; Wed, 14 Oct 2020 23:22:03 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Thu, 15 Oct 2020 01:21:52 -0500 Message-ID: Subject: Add support for GCM256 encryption To: CIFS Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Patch series attached that adds support for GCM256 encryption. It also clarifies errors returned and warnings on mounts where gcm256 is required but not supported. To control this two global parms for the cifs.ko module are introduced (/sys/module/cifs/parameters/enable_gcm_256 and /sys/module/cifs/parameters/require_gcm_256 which are both disabled by default to reduce the risk of any regressions to servers which do not support gcm256 (a mount option e.g. "seal=gcm256" also can be introduced after we have had a chance to test against a wider variety of servers) When /sys/module/cifs/parameters/enable_gcm_256 is set then we add gcm256 to the list of ciphers we request during protocol negotiation (gcm128 preferred, then gcm256, then lowest in the list is ccm128 since it is slower). When /sys/module/cifs/parameters/require_gcm_256 is set then we only request gcm256 and fail if the server does not support it during protocol negotiation. One additional change is going to be needed (to set the session key to the correct size). From 671d6f325f958b6123ee467a3e00fa134cf9195f Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 11 Sep 2020 16:19:28 -0500 Subject: [PATCH 1/5] smb3.1.1: add new module load parm require_gcm_256 Add new module load parameter require_gcm_256. If set, then only request AES-256-GCM (strongest encryption type). Reviewed-by: Ronnie Sahlberg Signed-off-by: Steve French --- fs/cifs/cifsfs.c | 4 ++++ fs/cifs/cifsglob.h | 1 + fs/cifs/smb2pdu.c | 14 ++++++++++---- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 0fb99d25e8a8..462dbbd17c5f 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -71,6 +71,7 @@ bool enable_oplocks = true; bool linuxExtEnabled = true; bool lookupCacheEnabled = true; bool disable_legacy_dialects; /* false by default */ +bool require_gcm_256; /* false by default */ unsigned int global_secflags = CIFSSEC_DEF; /* unsigned int ntlmv2_support = 0; */ unsigned int sign_CIFS_PDUs = 1; @@ -104,6 +105,9 @@ MODULE_PARM_DESC(slow_rsp_threshold, "Amount of time (in seconds) to wait " module_param(enable_oplocks, bool, 0644); MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1"); +module_param(require_gcm_256, bool, 0644); +MODULE_PARM_DESC(require_gcm_256, "Require strongest (256 bit) GCM encryption. Default: n/N/0"); + module_param(disable_legacy_dialects, bool, 0644); MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be " "helpful to restrict the ability to " diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 5a491afafacc..ec21af833749 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -1956,6 +1956,7 @@ extern bool lookupCacheEnabled; extern unsigned int global_secflags; /* if on, session setup sent with more secure ntlmssp2 challenge/resp */ extern unsigned int sign_CIFS_PDUs; /* enable smb packet signing */ +extern bool require_gcm_256; /* require use of strongest signing (aes-gcm-256) */ extern bool linuxExtEnabled;/*enable Linux/Unix CIFS extensions*/ extern unsigned int CIFSMaxBufSize; /* max size not including hdr */ extern unsigned int cifs_min_rcv; /* min size of big ntwrk buf pool */ diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 96c172d94fba..fcae1e3dfcc5 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -449,10 +449,16 @@ static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) { pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; - pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + two ciphers */ - pneg_ctxt->CipherCount = cpu_to_le16(2); - pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; - pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; + if (require_gcm_256) { + pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */ + pneg_ctxt->CipherCount = cpu_to_le16(1); + pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM; + } else { + pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */ + pneg_ctxt->CipherCount = cpu_to_le16(2); + pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; + pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; + } } static unsigned int -- 2.25.1