mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-15 17:43:59 +00:00
Fix encryption labels and lengths for SMB3.1.1
SMB3.1.1 is most secure and recent dialect. Fixup labels and lengths for sMB3.1.1 signing and encryption. Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org>
This commit is contained in:
parent
3e0cc09a3a
commit
06e2290844
@ -661,7 +661,9 @@ struct TCP_Server_Info {
|
||||
#endif
|
||||
unsigned int max_read;
|
||||
unsigned int max_write;
|
||||
__u8 preauth_hash[512];
|
||||
#ifdef CONFIG_CIFS_SMB311
|
||||
__u8 preauth_sha_hash[64]; /* save initital negprot hash */
|
||||
#endif /* 3.1.1 */
|
||||
struct delayed_work reconnect; /* reconnect workqueue job */
|
||||
struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
|
||||
unsigned long echo_interval;
|
||||
@ -849,7 +851,9 @@ struct cifs_ses {
|
||||
__u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];
|
||||
__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
|
||||
__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
|
||||
__u8 preauth_hash[512];
|
||||
#ifdef CONFIG_CIFS_SMB311
|
||||
__u8 preauth_sha_hash[64];
|
||||
#endif /* 3.1.1 */
|
||||
};
|
||||
|
||||
static inline bool
|
||||
|
@ -390,6 +390,7 @@ generate_smb30signingkey(struct cifs_ses *ses)
|
||||
return generate_smb3signingkey(ses, &triplet);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_CIFS_SMB311
|
||||
int
|
||||
generate_smb311signingkey(struct cifs_ses *ses)
|
||||
|
||||
@ -398,25 +399,26 @@ generate_smb311signingkey(struct cifs_ses *ses)
|
||||
struct derivation *d;
|
||||
|
||||
d = &triplet.signing;
|
||||
d->label.iov_base = "SMB2AESCMAC";
|
||||
d->label.iov_len = 12;
|
||||
d->context.iov_base = "SmbSign";
|
||||
d->context.iov_len = 8;
|
||||
d->label.iov_base = "SMBSigningKey";
|
||||
d->label.iov_len = 14;
|
||||
d->context.iov_base = ses->preauth_sha_hash;
|
||||
d->context.iov_len = 64;
|
||||
|
||||
d = &triplet.encryption;
|
||||
d->label.iov_base = "SMB2AESCCM";
|
||||
d->label.iov_len = 11;
|
||||
d->context.iov_base = "ServerIn ";
|
||||
d->context.iov_len = 10;
|
||||
d->label.iov_base = "SMBC2SCipherKey";
|
||||
d->label.iov_len = 16;
|
||||
d->context.iov_base = ses->preauth_sha_hash;
|
||||
d->context.iov_len = 64;
|
||||
|
||||
d = &triplet.decryption;
|
||||
d->label.iov_base = "SMB2AESCCM";
|
||||
d->label.iov_len = 11;
|
||||
d->context.iov_base = "ServerOut";
|
||||
d->context.iov_len = 10;
|
||||
d->label.iov_base = "SMBS2CCipherKey";
|
||||
d->label.iov_len = 16;
|
||||
d->context.iov_base = ses->preauth_sha_hash;
|
||||
d->context.iov_len = 64;
|
||||
|
||||
return generate_smb3signingkey(ses, &triplet);
|
||||
}
|
||||
#endif /* 311 */
|
||||
|
||||
int
|
||||
smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
|
||||
|
Loading…
x
Reference in New Issue
Block a user