[PATCH][SMB3.1.1] Add defines for new signing context
Aurélien Aptel
aaptel at suse.com
Mon Oct 12 09:50:24 UTC 2020
Patch LGTM
Reviewed-by: Aurelien Aptel <aaptel at suse.com>
Stefan Metzmacher via samba-technical <samba-technical at lists.samba.org>
> This isn't in MS-SMB2 yet.
>
> Is this AES_128?
This is returned in latest Windows Server Insider builds but it's not
documented yet.
https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
I've asked dochelp about it during the SDC plugfest and they gave me
this:
The new ContextType is:
SMB2_SIGNING_CAPABILITIES 0x0008
The Data field contains a list of signing algorithms.
• It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
• It adds the AES-GMAC algorithm.
SigningAlgorithmCount (2 bytes): Count of signing algorithms
SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
The following IDs are assigned:
0 = HMAC-SHA256
1 = AES-CMAC
2 = AES-GMAC
I've been CCed in a Microsoft email thread later on and it seems to be
unclear why this was missed/wasn't documented. Maybe this is subject to
change so take with a grain of salt.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
More information about the samba-technical
mailing list