Project

General

Profile

Actions

Bug #13154

open

SMB should use single shot scatter/gather encryption/decryption

Added by Garrett D'Amore 11 months ago. Updated 6 months ago.

Status:
In Progress
Priority:
Normal
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

At present the SMB protocol uses partial encryption operations when encrypting or decrypting. This should be converted to use single operation scatter/gather encryption.

The reason for this is two fold:

1. The code for AES-GCM makes a very unfortunate assumption that no results are returned until the Final step. This holds true for our software KCF provider, but it does not hold true for other providers, necessarily. This creates a possible problem for hardware providers.

2. The above behavior also results in the AES GCM provider making an extra copy of the data (so it can retain the results from decryption).

We have done the work here at RackTop, and will be posting a PR soon.

Actions #1

Updated by Electric Monk 11 months ago

  • Gerrit CR set to 938
Actions #2

Updated by Alexander Stetsenko 11 months ago

  • Status changed from New to In Progress
  • % Done changed from 70 to 80
Actions #3

Updated by Gordon Ross 6 months ago

  • Category changed from filesystems (not ZFS) to cifs - CIFS server and client
Actions

Also available in: Atom PDF