diff options
author | Steve French <smfrench@gmail.com> | 2013-06-27 00:45:05 -0400 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2013-06-27 00:45:05 -0400 |
commit | 429b46f4fdaf9c9007b7c0fc371b94e40c3764b2 (patch) | |
tree | 7643a60439f4e81159e6327539a0983270e38331 /fs/cifs/cifsglob.h | |
parent | f87ab88b4065a9ef00620224c4fafadc201a430c (diff) |
[CIFS] SMB3 Signing enablement
SMB3 uses a much faster method of signing (which is also better in other ways),
AES-CMAC. With the kernel now supporting AES-CMAC since last release, we
are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1,
but not SMB3 and SMB3.1 can sign) - and we need this also for checking
secure negotation and also per-share encryption (two other new SMB3 features
which we need to implement).
This patch needs some work in a few areas - for example we need to
move signing for SMB2/SMB3 from per-socket to per-user (we may be able to
use the "nosharesock" mount option in the interim for the multiuser case),
and Shirish found a bug in the earlier authentication overhaul
(setting signing flags properly) - but those can be done in followon
patches.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifsglob.h')
-rw-r--r-- | fs/cifs/cifsglob.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 9a1e37aad3b8..2d0f524ebeee 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -125,9 +125,11 @@ struct cifs_secmech { | |||
125 | struct crypto_shash *hmacmd5; /* hmac-md5 hash function */ | 125 | struct crypto_shash *hmacmd5; /* hmac-md5 hash function */ |
126 | struct crypto_shash *md5; /* md5 hash function */ | 126 | struct crypto_shash *md5; /* md5 hash function */ |
127 | struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */ | 127 | struct crypto_shash *hmacsha256; /* hmac-sha256 hash function */ |
128 | struct crypto_shash *cmacaes; /* block-cipher based MAC function */ | ||
128 | struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */ | 129 | struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */ |
129 | struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ | 130 | struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ |
130 | struct sdesc *sdeschmacsha256; /* ctxt to generate smb2 signature */ | 131 | struct sdesc *sdeschmacsha256; /* ctxt to generate smb2 signature */ |
132 | struct sdesc *sdesccmacaes; /* ctxt to generate smb3 signature */ | ||
131 | }; | 133 | }; |
132 | 134 | ||
133 | /* per smb session structure/fields */ | 135 | /* per smb session structure/fields */ |
@@ -538,6 +540,7 @@ struct TCP_Server_Info { | |||
538 | int timeAdj; /* Adjust for difference in server time zone in sec */ | 540 | int timeAdj; /* Adjust for difference in server time zone in sec */ |
539 | __u64 CurrentMid; /* multiplex id - rotating counter */ | 541 | __u64 CurrentMid; /* multiplex id - rotating counter */ |
540 | char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */ | 542 | char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */ |
543 | char smb3signingkey[SMB3_SIGN_KEY_SIZE]; /* for signing smb3 packets */ | ||
541 | /* 16th byte of RFC1001 workstation name is always null */ | 544 | /* 16th byte of RFC1001 workstation name is always null */ |
542 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; | 545 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; |
543 | __u32 sequence_number; /* for signing, protected by srv_mutex */ | 546 | __u32 sequence_number; /* for signing, protected by srv_mutex */ |