From: Pavel Shilovsky <pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>
To: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH 00/15] SMB3 encryption support
Date: Tue, 6 Dec 2016 14:02:23 -0800 [thread overview]
Message-ID: <1481061758-52020-1-git-send-email-pshilov@microsoft.com> (raw)
This patchset adds encryption support when SMB3 version of the protocol and higher is negotiated.
The encryption is done through the kernel crypto API (CCM(AES)).
The patchset has been successfully tested by xfstests and cthon test suites with encrypted file shares on Samba.
Patches are split into several groups:
1) #1-#4: prepare transport infractructure to be able to send SMB3 transform header;
this is done primarily by separating RFC1001 length and SMB2 header into different iovs.
2) #5-#6: simplify SMB2 header processing and cleaning up a read codepath.
3) #7-#9: encrypt outcoming packets by transforming them before sending.
4) #10-#14: decrypt incoming packets and pass ordinary SMB2 messages for further usual processing.
5) #15: allow to use "seal" mount option to request the encryption on a share.
Pavel Shilovsky (15):
CIFS: Separate SMB2 header structure
CIFS: Make SendReceive2() takes resp iov
CIFS: Make send_cancel take rqst as argument
CIFS: Send RFC1001 length in a separate iov
CIFS: Separate SMB2 sync header processing
CIFS: Separate RFC1001 length processing for SMB2 read
CIFS: Add capability to transform requests before sending
CIFS: Enable encryption during session setup phase
CIFS: Encrypt SMB3 requests before sending
CIFS: Add transform header handling callbacks
CIFS: Add mid handle callback
CIFS: Add copy into pages callback for a read operation
CIFS: Decrypt and process small encrypted packets
CIFS: Add capability to decrypt big read responses
CIFS: Allow to switch on encryption with seal mount option
fs/cifs/cifsencrypt.c | 51 ++--
fs/cifs/cifsglob.h | 28 ++-
fs/cifs/cifsproto.h | 13 +-
fs/cifs/cifssmb.c | 135 +++++-----
fs/cifs/connect.c | 71 ++++--
fs/cifs/file.c | 52 +++-
fs/cifs/sess.c | 27 +-
fs/cifs/smb1ops.c | 4 +-
fs/cifs/smb2glob.h | 5 +
fs/cifs/smb2maperror.c | 5 +-
fs/cifs/smb2misc.c | 61 ++---
fs/cifs/smb2ops.c | 651 +++++++++++++++++++++++++++++++++++++++++++++++-
fs/cifs/smb2pdu.c | 575 +++++++++++++++++++++++++++---------------
fs/cifs/smb2pdu.h | 27 +-
fs/cifs/smb2proto.h | 5 +
fs/cifs/smb2transport.c | 132 ++++++----
fs/cifs/transport.c | 171 ++++++++-----
17 files changed, 1540 insertions(+), 473 deletions(-)
--
2.7.4
next reply other threads:[~2016-12-06 22:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-06 22:02 Pavel Shilovsky [this message]
[not found] ` <1481061758-52020-1-git-send-email-pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>
2016-12-06 22:02 ` [PATCH 01/15] CIFS: Separate SMB2 header structure Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 02/15] CIFS: Make SendReceive2() takes resp iov Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 03/15] CIFS: Make send_cancel take rqst as argument Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 04/15] CIFS: Send RFC1001 length in a separate iov Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 05/15] CIFS: Separate SMB2 sync header processing Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 06/15] CIFS: Separate RFC1001 length processing for SMB2 read Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 07/15] CIFS: Add capability to transform requests before sending Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 08/15] CIFS: Enable encryption during session setup phase Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 09/15] CIFS: Encrypt SMB3 requests before sending Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 10/15] CIFS: Add transform header handling callbacks Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 11/15] CIFS: Add mid handle callback Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 12/15] CIFS: Add copy into pages callback for a read operation Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 13/15] CIFS: Decrypt and process small encrypted packets Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 14/15] CIFS: Add capability to decrypt big read responses Pavel Shilovsky
2016-12-06 22:02 ` [PATCH 15/15] CIFS: Allow to switch on encryption with seal mount option Pavel Shilovsky
2017-01-11 16:55 ` [PATCH 00/15] SMB3 encryption support David Mulder
2017-02-01 20:05 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481061758-52020-1-git-send-email-pshilov@microsoft.com \
--to=pshilov-0li6otcxbfhby3ivrkzq2a@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox