Project

General

Profile

Bug #13154

SMB should use single shot scatter/gather encryption/decryption

Added by Garrett D'Amore 8 days ago. Updated 6 days ago.

Status:
In Progress
Priority:
Normal
Category:
filesystems (not ZFS)
Start date:
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

At present the SMB protocol uses partial encryption operations when encrypting or decrypting. This should be converted to use single operation scatter/gather encryption.

The reason for this is two fold:

1. The code for AES-GCM makes a very unfortunate assumption that no results are returned until the Final step. This holds true for our software KCF provider, but it does not hold true for other providers, necessarily. This creates a possible problem for hardware providers.

2. The above behavior also results in the AES GCM provider making an extra copy of the data (so it can retain the results from decryption).

We have done the work here at RackTop, and will be posting a PR soon.

History

#1

Updated by Electric Monk 8 days ago

  • Gerrit CR set to 938
#2

Updated by Alexander Stetsenko 6 days ago

  • Status changed from New to In Progress
  • % Done changed from 70 to 80

Also available in: Atom PDF