aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsglob.h
diff options
context:
space:
mode:
authorSteve French <smfrench@gmail.com>2013-06-27 00:45:05 -0400
committerSteve French <smfrench@gmail.com>2013-06-27 00:45:05 -0400
commit429b46f4fdaf9c9007b7c0fc371b94e40c3764b2 (patch)
tree7643a60439f4e81159e6327539a0983270e38331 /fs/cifs/cifsglob.h
parentf87ab88b4065a9ef00620224c4fafadc201a430c (diff)
[CIFS] SMB3 Signing enablement
SMB3 uses a much faster method of signing (which is also better in other ways), AES-CMAC. With the kernel now supporting AES-CMAC since last release, we are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1, but not SMB3 and SMB3.1 can sign) - and we need this also for checking secure negotation and also per-share encryption (two other new SMB3 features which we need to implement). This patch needs some work in a few areas - for example we need to move signing for SMB2/SMB3 from per-socket to per-user (we may be able to use the "nosharesock" mount option in the interim for the multiuser case), and Shirish found a bug in the earlier authentication overhaul (setting signing flags properly) - but those can be done in followon patches. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifsglob.h')
-rw-r--r--fs/cifs/cifsglob.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 9a1e37aad3b8..2d0f524ebeee 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -125,9 +125,11 @@ struct cifs_secmech {
125 struct crypto_shash *hmacmd5; /* hmac-md5 hash function */ 125 struct crypto_shash *hmacmd5; /* hmac-md5 hash function */
126 struct crypto_shash *md5; /* md5 hash function */ 126 struct crypto_shash *md5; /* md5 hash function */
127 struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */ 127 struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */
128 struct crypto_shash *cmacaes; /* block-cipher based MAC function */
128 struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */ 129 struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */
129 struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ 130 struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */
130 struct sdesc *sdeschmacsha256; /* ctxt to generate smb2 signature */ 131 struct sdesc *sdeschmacsha256; /* ctxt to generate smb2 signature */
132 struct sdesc *sdesccmacaes; /* ctxt to generate smb3 signature */
131}; 133};
132 134
133/* per smb session structure/fields */ 135/* per smb session structure/fields */
@@ -538,6 +540,7 @@ struct TCP_Server_Info {
538 int timeAdj; /* Adjust for difference in server time zone in sec */ 540 int timeAdj; /* Adjust for difference in server time zone in sec */
539 __u64 CurrentMid; /* multiplex id - rotating counter */ 541 __u64 CurrentMid; /* multiplex id - rotating counter */
540 char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */ 542 char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */
543 char smb3signingkey[SMB3_SIGN_KEY_SIZE]; /* for signing smb3 packets */
541 /* 16th byte of RFC1001 workstation name is always null */ 544 /* 16th byte of RFC1001 workstation name is always null */
542 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; 545 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
543 __u32 sequence_number; /* for signing, protected by srv_mutex */ 546 __u32 sequence_number; /* for signing, protected by srv_mutex */