Check SMB3 dialects against downgrade attacks

[karo-tx-linux.git] / fs / cifs / smb2pdu.h
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h

index 6183b1b7550f068a7f0628e7dab6e701e9ad0d2f..2022c542ea3aa65ddf15cf511ee652d3040b73a2 100644 (file)
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -122,6 +122,23 @@ struct smb2_pdu {
         __le16 StructureSize2; /* size of wct area (varies, request specific) */
  } __packed;
  
+struct smb2_transform_hdr {
+       __be32 smb2_buf_length; /* big endian on wire */
+                               /* length is only two or three bytes - with
+                                one or two byte type preceding it that MBZ */
+       __u8   ProtocolId[4];   /* 0xFD 'S' 'M' 'B' */
+       __u8   Signature[16];
+       __u8   Nonce[11];
+       __u8   Reserved[5];
+       __le32 OriginalMessageSize;
+       __u16  Reserved1;
+       __le16 EncryptionAlgorithm;
+       __u64  SessionId;
+} __packed;
+
+/* Encryption Algorithms */
+#define SMB2_ENCRYPTION_AES128_CCM     __constant_cpu_to_le16(0x0001)
+
  /*
   *     SMB2 flag definitions
   */
@@ -237,6 +254,7 @@ struct smb2_sess_setup_req {
  /* Currently defined SessionFlags */
  #define SMB2_SESSION_FLAG_IS_GUEST     0x0001
  #define SMB2_SESSION_FLAG_IS_NULL      0x0002
+#define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004
  struct smb2_sess_setup_rsp {
         struct smb2_hdr hdr;
         __le16 StructureSize; /* Must be 9 */
@@ -534,9 +552,16 @@ struct create_durable {
         } Data;
  } __packed;
  
+#define COPY_CHUNK_RES_KEY_SIZE        24
+struct resume_key_req {
+       char ResumeKey[COPY_CHUNK_RES_KEY_SIZE];
+       __le32  ContextLength;  /* MBZ */
+       char    Context[0];     /* ignored, Windows sets to 4 bytes of zero */
+} __packed;
+
  /* this goes in the ioctl buffer when doing a copychunk request */
  struct copychunk_ioctl {
-       char SourceKey[24];
+       char SourceKey[COPY_CHUNK_RES_KEY_SIZE];
         __le32 ChunkCount; /* we are only sending 1 */
         __le32 Reserved;
         /* array will only be one chunk long for us */
@@ -546,13 +571,25 @@ struct copychunk_ioctl {
         __u32 Reserved2;
  } __packed;
  
-/* Response and Request are the same format */
-struct validate_negotiate_info {
+struct copychunk_ioctl_rsp {
+       __le32 ChunksWritten;
+       __le32 ChunkBytesWritten;
+       __le32 TotalBytesWritten;
+} __packed;
+
+struct validate_negotiate_info_req {
         __le32 Capabilities;
         __u8   Guid[SMB2_CLIENT_GUID_SIZE];
         __le16 SecurityMode;
         __le16 DialectCount;
-       __le16 Dialect[1];
+       __le16 Dialects[1]; /* dialect (someday maybe list) client asked for */
+} __packed;
+
+struct validate_negotiate_info_rsp {
+       __le32 Capabilities;
+       __u8   Guid[SMB2_CLIENT_GUID_SIZE];
+       __le16 SecurityMode;
+       __le16 Dialect; /* Dialect in use for the connection */
  } __packed;
  
  #define RSS_CAPABLE    0x00000001