Fix encryption labels and lengths for SMB3.1.1

commit 06e2290844fa408d3295ac03a1647f0798518ebe upstream.

SMB3.1.1 is most secure and recent dialect. Fixup labels and lengths
for sMB3.1.1 signing and encryption.

Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 03b6eae0ae28f056e20f5278a1f62174d2f4d88f..ab69d895d1e9fa987fbe0e8bc84b9f064c17ce21 100644 (file)
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -661,7 +661,9 @@ struct TCP_Server_Info {
 #endif
        unsigned int    max_read;
        unsigned int    max_write;
-       __u8            preauth_hash[512];
+#ifdef CONFIG_CIFS_SMB311
+       __u8    preauth_sha_hash[64]; /* save initital negprot hash */
+#endif /* 3.1.1 */
        struct delayed_work reconnect; /* reconnect workqueue job */
        struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
        unsigned long echo_interval;
@@ -849,7 +851,9 @@ struct cifs_ses {
        __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];
        __u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
        __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
-       __u8 preauth_hash[512];
+#ifdef CONFIG_CIFS_SMB311
+       __u8 preauth_sha_hash[64];
+#endif /* 3.1.1 */
 };
 
 static inline bool

diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 67367cf1f8cd2391359ff041836f0ae34a2091f4..99493946e2f9abcf02673bf685238b0313da4180 100644 (file)
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -390,6 +390,7 @@ generate_smb30signingkey(struct cifs_ses *ses)
        return generate_smb3signingkey(ses, &triplet);
 }
 
+#ifdef CONFIG_CIFS_SMB311
 int
 generate_smb311signingkey(struct cifs_ses *ses)
 
@@ -398,25 +399,26 @@ generate_smb311signingkey(struct cifs_ses *ses)
        struct derivation *d;
 
        d = &triplet.signing;
-       d->label.iov_base = "SMB2AESCMAC";
-       d->label.iov_len = 12;
-       d->context.iov_base = "SmbSign";
-       d->context.iov_len = 8;
+       d->label.iov_base = "SMBSigningKey";
+       d->label.iov_len = 14;
+       d->context.iov_base = ses->preauth_sha_hash;
+       d->context.iov_len = 64;
 
        d = &triplet.encryption;
-       d->label.iov_base = "SMB2AESCCM";
-       d->label.iov_len = 11;
-       d->context.iov_base = "ServerIn ";
-       d->context.iov_len = 10;
+       d->label.iov_base = "SMBC2SCipherKey";
+       d->label.iov_len = 16;
+       d->context.iov_base = ses->preauth_sha_hash;
+       d->context.iov_len = 64;
 
        d = &triplet.decryption;
-       d->label.iov_base = "SMB2AESCCM";
-       d->label.iov_len = 11;
-       d->context.iov_base = "ServerOut";
-       d->context.iov_len = 10;
+       d->label.iov_base = "SMBS2CCipherKey";
+       d->label.iov_len = 16;
+       d->context.iov_base = ses->preauth_sha_hash;
+       d->context.iov_len = 64;
 
        return generate_smb3signingkey(ses, &triplet);
 }
+#endif /* 311 */
 
 int
 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)