[PATCH][SMB3.1.1] Add defines for new signing context

Aurélien Aptel aaptel at suse.com
Mon Oct 12 09:50:24 UTC 2020

Patch LGTM

Reviewed-by: Aurelien Aptel <aaptel at suse.com>

Stefan Metzmacher via samba-technical <samba-technical at lists.samba.org>
> This isn't in MS-SMB2 yet.
> Is this AES_128?

This is returned in latest Windows Server Insider builds but it's not
documented yet.


I've asked dochelp about it during the SDC plugfest and they gave me

    The new ContextType is:
    The Data field contains a list of signing algorithms.
    •    It adds a new negotiate context, which enables SMB to decouple signing algorithms from dialects. E.g. if both client and server supports it, a session may use HMAC-SHA256 with SMB 3.1.1.
    •    It adds the AES-GMAC algorithm.
    SigningAlgorithmCount (2 bytes): Count of signing algorithms
    SigningAlgorithms (variable): An array of SigningAlgorithmCount 16-bit integer IDs specifying the supported signing algorithms.
    The following IDs are assigned: 
    0 = HMAC-SHA256
    1 = AES-CMAC
    2 = AES-GMAC

I've been CCed in a Microsoft email thread later on and it seems to be
unclear why this was missed/wasn't documented. Maybe this is subject to
change so take with a grain of salt.

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba-technical mailing list