Project

General

Profile

Actions
Copy link

Bug #13154

open

SMB should use single shot scatter/gather encryption/decryption

Added by Garrett D'Amore about 3 years ago. Updated almost 3 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
Alexander Stetsenko
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
938
External Bug:

Description

At present the SMB protocol uses partial encryption operations when encrypting or decrypting. This should be converted to use single operation scatter/gather encryption.

The reason for this is two fold:

1. The code for AES-GCM makes a very unfortunate assumption that no results are returned until the Final step. This holds true for our software KCF provider, but it does not hold true for other providers, necessarily. This creates a possible problem for hardware providers.

2. The above behavior also results in the AES GCM provider making an extra copy of the data (so it can retain the results from decryption).

We have done the work here at RackTop, and will be posting a PR soon.

Actions
Copy link
 #1

Updated by Electric Monk about 3 years ago

  • Gerrit CR set to 938
Actions
Copy link
 #2

Updated by Alexander Stetsenko about 3 years ago

  • Status changed from New to In Progress
  • % Done changed from 70 to 80
Actions
Copy link
 #3

Updated by Gordon Ross almost 3 years ago

  • Category changed from filesystems (not ZFS) to cifs - CIFS server and client
Actions
Copy link

Also available in: Atom PDF