1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002, 2011
5 * Etersoft, 2012
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 *
10 */
11
12 #include <linux/fs.h>
13 #include <linux/list.h>
14 #include <linux/wait.h>
15 #include <linux/net.h>
16 #include <linux/delay.h>
17 #include <linux/uaccess.h>
18 #include <asm/processor.h>
19 #include <linux/mempool.h>
20 #include <linux/highmem.h>
21 #include <crypto/aead.h>
22 #include <crypto/aes-cbc-macs.h>
23 #include <crypto/sha2.h>
24 #include <crypto/utils.h>
25 #include "cifsglob.h"
26 #include "cifsproto.h"
27 #include "smb2proto.h"
28 #include "cifs_debug.h"
29 #include "../common/smb2status.h"
30 #include "smb2glob.h"
31
32 static
smb3_get_sign_key(__u64 ses_id,struct TCP_Server_Info * server,u8 * key)33 int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
34 {
35 struct cifs_chan *chan;
36 struct TCP_Server_Info *pserver;
37 struct cifs_ses *ses = NULL;
38 int i;
39 int rc = 0;
40 bool is_binding = false;
41
42 spin_lock(&cifs_tcp_ses_lock);
43
44 /* If server is a channel, select the primary channel */
45 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
46
47 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
48 if (ses->Suid == ses_id)
49 goto found;
50 }
51 trace_smb3_ses_not_found(ses_id);
52 cifs_server_dbg(FYI, "%s: Could not find session 0x%llx\n",
53 __func__, ses_id);
54 rc = -ENOENT;
55 goto out;
56
57 found:
58 spin_lock(&ses->ses_lock);
59 spin_lock(&ses->chan_lock);
60
61 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
62 ses->ses_status == SES_GOOD);
63 if (is_binding) {
64 /*
65 * If we are in the process of binding a new channel
66 * to an existing session, use the master connection
67 * session key
68 */
69 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
70 spin_unlock(&ses->chan_lock);
71 spin_unlock(&ses->ses_lock);
72 goto out;
73 }
74
75 /*
76 * Otherwise, use the channel key.
77 */
78
79 for (i = 0; i < ses->chan_count; i++) {
80 chan = ses->chans + i;
81 if (chan->server == server) {
82 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
83 spin_unlock(&ses->chan_lock);
84 spin_unlock(&ses->ses_lock);
85 goto out;
86 }
87 }
88 spin_unlock(&ses->chan_lock);
89 spin_unlock(&ses->ses_lock);
90
91 cifs_dbg(VFS,
92 "%s: Could not find channel signing key for session 0x%llx\n",
93 __func__, ses_id);
94 rc = -ENOENT;
95
96 out:
97 spin_unlock(&cifs_tcp_ses_lock);
98 return rc;
99 }
100
101 static struct cifs_ses *
smb2_find_smb_ses_unlocked(struct TCP_Server_Info * server,__u64 ses_id)102 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
103 {
104 struct TCP_Server_Info *pserver;
105 struct cifs_ses *ses;
106
107 /* If server is a channel, select the primary channel */
108 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
109
110 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
111 if (ses->Suid != ses_id)
112 continue;
113
114 spin_lock(&ses->ses_lock);
115 if (ses->ses_status == SES_EXITING) {
116 spin_unlock(&ses->ses_lock);
117 continue;
118 }
119 cifs_smb_ses_inc_refcount(ses);
120 spin_unlock(&ses->ses_lock);
121 return ses;
122 }
123
124 return NULL;
125 }
126
smb2_get_sign_key(struct TCP_Server_Info * server,__u64 ses_id,u8 * key)127 static int smb2_get_sign_key(struct TCP_Server_Info *server,
128 __u64 ses_id, u8 *key)
129 {
130 struct cifs_ses *ses;
131 int rc = -ENOENT;
132
133 if (SERVER_IS_CHAN(server))
134 server = server->primary_server;
135
136 spin_lock(&cifs_tcp_ses_lock);
137 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
138 if (ses->Suid != ses_id)
139 continue;
140
141 rc = 0;
142 spin_lock(&ses->ses_lock);
143 switch (ses->ses_status) {
144 case SES_EXITING: /* SMB2_LOGOFF */
145 case SES_GOOD:
146 if (likely(ses->auth_key.response)) {
147 memcpy(key, ses->auth_key.response,
148 SMB2_NTLMV2_SESSKEY_SIZE);
149 } else {
150 rc = smb_EIO(smb_eio_trace_no_auth_key);
151 }
152 break;
153 default:
154 rc = -EAGAIN;
155 break;
156 }
157 spin_unlock(&ses->ses_lock);
158 break;
159 }
160 spin_unlock(&cifs_tcp_ses_lock);
161 return rc;
162 }
163
164 static struct cifs_tcon *
smb2_find_smb_sess_tcon_unlocked(struct cifs_ses * ses,__u32 tid)165 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
166 {
167 struct cifs_tcon *tcon;
168
169 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
170 if (tcon->tid != tid)
171 continue;
172 ++tcon->tc_count;
173 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count,
174 netfs_trace_tcon_ref_get_find_sess_tcon);
175 return tcon;
176 }
177
178 return NULL;
179 }
180
181 /*
182 * Obtain tcon corresponding to the tid in the given
183 * cifs_ses
184 */
185
186 struct cifs_tcon *
smb2_find_smb_tcon(struct TCP_Server_Info * server,__u64 ses_id,__u32 tid)187 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
188 {
189 struct cifs_ses *ses;
190 struct cifs_tcon *tcon;
191
192 spin_lock(&cifs_tcp_ses_lock);
193 ses = smb2_find_smb_ses_unlocked(server, ses_id);
194 if (!ses) {
195 spin_unlock(&cifs_tcp_ses_lock);
196 return NULL;
197 }
198 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
199 spin_unlock(&cifs_tcp_ses_lock);
200 /* tcon already has a ref to ses, so we don't need ses anymore */
201 cifs_put_smb_ses(ses);
202
203 return tcon;
204 }
205
206 static int
smb2_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)207 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
208 {
209 int rc;
210 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
211 struct kvec *iov = rqst->rq_iov;
212 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
213 struct hmac_sha256_ctx hmac_ctx;
214 struct smb_rqst drqst;
215 __u64 sid = le64_to_cpu(shdr->SessionId);
216 u8 key[SMB2_NTLMV2_SESSKEY_SIZE];
217
218 rc = smb2_get_sign_key(server, sid, key);
219 if (unlikely(rc)) {
220 cifs_server_dbg(FYI, "%s: [sesid=0x%llx] couldn't find signing key: %d\n",
221 __func__, sid, rc);
222 return rc;
223 }
224
225 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
226 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
227
228 hmac_sha256_init_usingrawkey(&hmac_ctx, key, sizeof(key));
229
230 /*
231 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
232 * data, that is, iov[0] should not contain a rfc1002 length.
233 *
234 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
235 * __cifs_calc_signature().
236 */
237 drqst = *rqst;
238 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
239 hmac_sha256_update(&hmac_ctx, iov[0].iov_base, iov[0].iov_len);
240 drqst.rq_iov++;
241 drqst.rq_nvec--;
242 }
243
244 rc = __cifs_calc_signature(
245 &drqst, server, smb2_signature,
246 &(struct cifs_calc_sig_ctx){ .hmac = &hmac_ctx });
247 if (!rc)
248 memcpy(shdr->Signature, smb2_signature, SMB2_SIGNATURE_SIZE);
249
250 return rc;
251 }
252
generate_key(struct cifs_ses * ses,struct kvec label,struct kvec context,__u8 * key,unsigned int key_size,unsigned int full_key_size)253 static void generate_key(struct cifs_ses *ses, struct kvec label,
254 struct kvec context, __u8 *key, unsigned int key_size,
255 unsigned int full_key_size)
256 {
257 unsigned char zero = 0x0;
258 __u8 i[4] = {0, 0, 0, 1};
259 __u8 L128[4] = {0, 0, 0, 128};
260 __u8 L256[4] = {0, 0, 1, 0};
261 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
262 struct TCP_Server_Info *server = ses->server;
263 struct hmac_sha256_ctx hmac_ctx;
264
265 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
266 memset(key, 0x0, key_size);
267
268 hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response,
269 full_key_size);
270 hmac_sha256_update(&hmac_ctx, i, 4);
271 hmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len);
272 hmac_sha256_update(&hmac_ctx, &zero, 1);
273 hmac_sha256_update(&hmac_ctx, context.iov_base, context.iov_len);
274
275 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
276 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
277 hmac_sha256_update(&hmac_ctx, L256, 4);
278 } else {
279 hmac_sha256_update(&hmac_ctx, L128, 4);
280 }
281 hmac_sha256_final(&hmac_ctx, prfhash);
282
283 memcpy(key, prfhash, key_size);
284 }
285
286 struct derivation {
287 struct kvec label;
288 struct kvec context;
289 };
290
291 struct derivation_triplet {
292 struct derivation signing;
293 struct derivation encryption;
294 struct derivation decryption;
295 };
296
297 static int
generate_smb3signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server,const struct derivation_triplet * ptriplet)298 generate_smb3signingkey(struct cifs_ses *ses,
299 struct TCP_Server_Info *server,
300 const struct derivation_triplet *ptriplet)
301 {
302 unsigned int full_key_size = SMB2_NTLMV2_SESSKEY_SIZE;
303 bool is_binding = false;
304 int chan_index = 0;
305
306 spin_lock(&ses->ses_lock);
307 spin_lock(&ses->chan_lock);
308 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
309 ses->ses_status == SES_GOOD);
310
311 chan_index = cifs_ses_get_chan_index(ses, server);
312 if (chan_index == CIFS_INVAL_CHAN_INDEX) {
313 spin_unlock(&ses->chan_lock);
314 spin_unlock(&ses->ses_lock);
315
316 return -EINVAL;
317 }
318
319 spin_unlock(&ses->chan_lock);
320 spin_unlock(&ses->ses_lock);
321
322 /*
323 * All channels use the same encryption/decryption keys but
324 * they have their own signing key.
325 *
326 * When we generate the keys, check if it is for a new channel
327 * (binding) in which case we only need to generate a signing
328 * key and store it in the channel as to not overwrite the
329 * master connection signing key stored in the session
330 */
331
332 if (is_binding) {
333 generate_key(ses, ptriplet->signing.label,
334 ptriplet->signing.context,
335 ses->chans[chan_index].signkey, SMB3_SIGN_KEY_SIZE,
336 SMB2_NTLMV2_SESSKEY_SIZE);
337 } else {
338 generate_key(ses, ptriplet->signing.label,
339 ptriplet->signing.context, ses->smb3signingkey,
340 SMB3_SIGN_KEY_SIZE, SMB2_NTLMV2_SESSKEY_SIZE);
341
342 /*
343 * Per MS-SMB2 3.2.5.3.1, signing key always uses Session.SessionKey
344 * (first 16 bytes). Encryption/decryption keys use
345 * Session.FullSessionKey when dialect is 3.1.1 and cipher is
346 * AES-256-CCM or AES-256-GCM, otherwise Session.SessionKey.
347 */
348
349 if (server->dialect == SMB311_PROT_ID &&
350 (server->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
351 server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
352 full_key_size = ses->auth_key.len;
353
354 /* safe to access primary channel, since it will never go away */
355 spin_lock(&ses->chan_lock);
356 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey,
357 SMB3_SIGN_KEY_SIZE);
358 spin_unlock(&ses->chan_lock);
359
360 generate_key(ses, ptriplet->encryption.label,
361 ptriplet->encryption.context,
362 ses->smb3encryptionkey, SMB3_ENC_DEC_KEY_SIZE,
363 full_key_size);
364
365 generate_key(ses, ptriplet->decryption.label,
366 ptriplet->decryption.context,
367 ses->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE,
368 full_key_size);
369 }
370
371 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
372 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
373 /*
374 * The session id is opaque in terms of endianness, so we can't
375 * print it as a long long. we dump it as we got it on the wire
376 */
377 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
378 &ses->Suid);
379 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type);
380 cifs_dbg(VFS, "Session Key %*ph\n",
381 (int)ses->auth_key.len, ses->auth_key.response);
382 cifs_dbg(VFS, "Signing Key %*ph\n",
383 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
384 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
385 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
386 cifs_dbg(VFS, "ServerIn Key %*ph\n",
387 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
388 cifs_dbg(VFS, "ServerOut Key %*ph\n",
389 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
390 } else {
391 cifs_dbg(VFS, "ServerIn Key %*ph\n",
392 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
393 cifs_dbg(VFS, "ServerOut Key %*ph\n",
394 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
395 }
396 #endif
397 return 0;
398 }
399
400 int
generate_smb30signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server)401 generate_smb30signingkey(struct cifs_ses *ses,
402 struct TCP_Server_Info *server)
403
404 {
405 struct derivation_triplet triplet;
406 struct derivation *d;
407
408 d = &triplet.signing;
409 d->label.iov_base = "SMB2AESCMAC";
410 d->label.iov_len = 12;
411 d->context.iov_base = "SmbSign";
412 d->context.iov_len = 8;
413
414 d = &triplet.encryption;
415 d->label.iov_base = "SMB2AESCCM";
416 d->label.iov_len = 11;
417 d->context.iov_base = "ServerIn ";
418 d->context.iov_len = 10;
419
420 d = &triplet.decryption;
421 d->label.iov_base = "SMB2AESCCM";
422 d->label.iov_len = 11;
423 d->context.iov_base = "ServerOut";
424 d->context.iov_len = 10;
425
426 return generate_smb3signingkey(ses, server, &triplet);
427 }
428
429 int
generate_smb311signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server)430 generate_smb311signingkey(struct cifs_ses *ses,
431 struct TCP_Server_Info *server)
432
433 {
434 struct derivation_triplet triplet;
435 struct derivation *d;
436
437 d = &triplet.signing;
438 d->label.iov_base = "SMBSigningKey";
439 d->label.iov_len = 14;
440 d->context.iov_base = ses->preauth_sha_hash;
441 d->context.iov_len = 64;
442
443 d = &triplet.encryption;
444 d->label.iov_base = "SMBC2SCipherKey";
445 d->label.iov_len = 16;
446 d->context.iov_base = ses->preauth_sha_hash;
447 d->context.iov_len = 64;
448
449 d = &triplet.decryption;
450 d->label.iov_base = "SMBS2CCipherKey";
451 d->label.iov_len = 16;
452 d->context.iov_base = ses->preauth_sha_hash;
453 d->context.iov_len = 64;
454
455 return generate_smb3signingkey(ses, server, &triplet);
456 }
457
458 static int
smb3_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)459 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
460 {
461 int rc;
462 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
463 struct kvec *iov = rqst->rq_iov;
464 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
465 struct aes_cmac_key cmac_key;
466 struct aes_cmac_ctx cmac_ctx;
467 struct smb_rqst drqst;
468 u8 key[SMB3_SIGN_KEY_SIZE];
469
470 if (server->vals->protocol_id <= SMB21_PROT_ID)
471 return smb2_calc_signature(rqst, server);
472
473 rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
474 if (unlikely(rc)) {
475 cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__);
476 return rc;
477 }
478
479 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
480 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
481
482 rc = aes_cmac_preparekey(&cmac_key, key, SMB2_CMACAES_SIZE);
483 if (rc) {
484 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
485 return rc;
486 }
487
488 aes_cmac_init(&cmac_ctx, &cmac_key);
489
490 /*
491 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
492 * data, that is, iov[0] should not contain a rfc1002 length.
493 *
494 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
495 * __cifs_calc_signature().
496 */
497 drqst = *rqst;
498 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
499 aes_cmac_update(&cmac_ctx, iov[0].iov_base, iov[0].iov_len);
500 drqst.rq_iov++;
501 drqst.rq_nvec--;
502 }
503
504 rc = __cifs_calc_signature(
505 &drqst, server, smb3_signature,
506 &(struct cifs_calc_sig_ctx){ .cmac = &cmac_ctx });
507 if (!rc)
508 memcpy(shdr->Signature, smb3_signature, SMB2_SIGNATURE_SIZE);
509 return rc;
510 }
511
512 /* must be called with server->srv_mutex held */
513 static int
smb2_sign_rqst(struct smb_rqst * rqst,struct TCP_Server_Info * server)514 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
515 {
516 struct smb2_hdr *shdr;
517 struct smb2_sess_setup_req *ssr;
518 bool is_binding;
519 bool is_signed;
520
521 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
522 ssr = (struct smb2_sess_setup_req *)shdr;
523
524 is_binding = shdr->Command == SMB2_SESSION_SETUP &&
525 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
526 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
527
528 if (!is_signed)
529 return 0;
530 spin_lock(&server->srv_lock);
531 if (server->ops->need_neg &&
532 server->ops->need_neg(server)) {
533 spin_unlock(&server->srv_lock);
534 return 0;
535 }
536 spin_unlock(&server->srv_lock);
537 if (!is_binding && !server->session_estab) {
538 strscpy(shdr->Signature, "BSRSPYL");
539 return 0;
540 }
541
542 return smb3_calc_signature(rqst, server);
543 }
544
545 int
smb2_verify_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)546 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
547 {
548 unsigned int rc;
549 char server_response_sig[SMB2_SIGNATURE_SIZE];
550 struct smb2_hdr *shdr =
551 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
552
553 if ((shdr->Command == SMB2_NEGOTIATE) ||
554 (shdr->Command == SMB2_SESSION_SETUP) ||
555 (shdr->Command == SMB2_OPLOCK_BREAK) ||
556 server->ignore_signature ||
557 (!server->session_estab))
558 return 0;
559
560 /*
561 * BB what if signatures are supposed to be on for session but
562 * server does not send one? BB
563 */
564
565 /* Do not need to verify session setups with signature "BSRSPYL " */
566 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
567 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
568 shdr->Command);
569
570 /*
571 * Save off the original signature so we can modify the smb and check
572 * our calculated signature against what the server sent.
573 */
574 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
575
576 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
577
578 rc = smb3_calc_signature(rqst, server);
579
580 if (rc)
581 return rc;
582
583 if (crypto_memneq(server_response_sig, shdr->Signature,
584 SMB2_SIGNATURE_SIZE)) {
585 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
586 shdr->Command, shdr->MessageId);
587 return -EACCES;
588 } else
589 return 0;
590 }
591
592 /*
593 * Set message id for the request. Should be called after wait_for_free_request
594 * and when srv_mutex is held.
595 */
596 static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info * server,struct smb2_hdr * shdr)597 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
598 struct smb2_hdr *shdr)
599 {
600 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
601
602 shdr->MessageId = get_next_mid64(server);
603 /* skip message numbers according to CreditCharge field */
604 for (i = 1; i < num; i++)
605 get_next_mid(server);
606 }
607
608 static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr * shdr,struct TCP_Server_Info * server)609 smb2_mid_entry_alloc(const struct smb2_hdr *shdr,
610 struct TCP_Server_Info *server)
611 {
612 struct mid_q_entry *temp;
613 unsigned int credits = le16_to_cpu(shdr->CreditCharge);
614
615 if (server == NULL) {
616 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
617 return NULL;
618 }
619
620 temp = mempool_alloc(&cifs_mid_pool, GFP_NOFS);
621 memset(temp, 0, sizeof(struct mid_q_entry));
622 refcount_set(&temp->refcount, 1);
623 spin_lock_init(&temp->mid_lock);
624 temp->mid = le64_to_cpu(shdr->MessageId);
625 temp->credits = credits > 0 ? credits : 1;
626 temp->pid = current->pid;
627 temp->command = shdr->Command; /* Always LE */
628 temp->when_alloc = jiffies;
629
630 /*
631 * The default is for the mid to be synchronous, so the
632 * default callback just wakes up the current task.
633 */
634 get_task_struct(current);
635 temp->creator = current;
636 temp->callback = cifs_wake_up_task;
637 temp->callback_data = current;
638
639 atomic_inc(&mid_count);
640 temp->mid_state = MID_REQUEST_ALLOCATED;
641 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId),
642 le64_to_cpu(shdr->SessionId),
643 le16_to_cpu(shdr->Command), temp->mid);
644 return temp;
645 }
646
647 static int
smb2_get_mid_entry(struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb2_hdr * shdr,struct mid_q_entry ** mid)648 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
649 struct smb2_hdr *shdr, struct mid_q_entry **mid)
650 {
651 switch (READ_ONCE(server->tcpStatus)) {
652 case CifsExiting:
653 return -ENOENT;
654 case CifsNeedReconnect:
655 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
656 return -EAGAIN;
657 case CifsNeedNegotiate:
658 if (shdr->Command != SMB2_NEGOTIATE)
659 return -EAGAIN;
660 break;
661 default:
662 break;
663 }
664
665 switch (READ_ONCE(ses->ses_status)) {
666 case SES_NEW:
667 if (shdr->Command != SMB2_SESSION_SETUP &&
668 shdr->Command != SMB2_NEGOTIATE)
669 return -EAGAIN;
670 /* else ok - we are setting up session */
671 break;
672 case SES_EXITING:
673 if (shdr->Command != SMB2_LOGOFF)
674 return -EAGAIN;
675 /* else ok - we are shutting down the session */
676 break;
677 default:
678 break;
679 }
680
681 *mid = smb2_mid_entry_alloc(shdr, server);
682 if (*mid == NULL)
683 return -ENOMEM;
684 spin_lock(&server->mid_queue_lock);
685 list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
686 spin_unlock(&server->mid_queue_lock);
687
688 return 0;
689 }
690
691 int
smb2_check_receive(struct mid_q_entry * mid,struct TCP_Server_Info * server,bool log_error)692 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
693 bool log_error)
694 {
695 unsigned int len = mid->resp_buf_size;
696 struct kvec iov[1];
697 struct smb_rqst rqst = { .rq_iov = iov,
698 .rq_nvec = 1 };
699
700 iov[0].iov_base = (char *)mid->resp_buf;
701 iov[0].iov_len = len;
702
703 dump_smb(mid->resp_buf, min_t(u32, 80, len));
704 /* convert the length into a more usable form */
705 if (len > 24 && server->sign && !mid->decrypted) {
706 int rc;
707
708 rc = smb2_verify_signature(&rqst, server);
709 if (rc)
710 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
711 rc);
712 }
713
714 return map_smb2_to_linux_error(mid->resp_buf, log_error);
715 }
716
717 struct mid_q_entry *
smb2_setup_request(struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb_rqst * rqst)718 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
719 struct smb_rqst *rqst)
720 {
721 int rc;
722 struct smb2_hdr *shdr =
723 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
724 struct mid_q_entry *mid;
725
726 smb2_seq_num_into_buf(server, shdr);
727
728 rc = smb2_get_mid_entry(ses, server, shdr, &mid);
729 if (rc) {
730 revert_current_mid_from_hdr(server, shdr);
731 return ERR_PTR(rc);
732 }
733
734 rc = smb2_sign_rqst(rqst, server);
735 if (rc) {
736 revert_current_mid_from_hdr(server, shdr);
737 delete_mid(server, mid);
738 return ERR_PTR(rc);
739 }
740
741 return mid;
742 }
743
744 struct mid_q_entry *
smb2_setup_async_request(struct TCP_Server_Info * server,struct smb_rqst * rqst)745 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
746 {
747 int rc;
748 struct smb2_hdr *shdr =
749 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
750 struct mid_q_entry *mid;
751
752 spin_lock(&server->srv_lock);
753 if (server->tcpStatus == CifsNeedNegotiate &&
754 shdr->Command != SMB2_NEGOTIATE) {
755 spin_unlock(&server->srv_lock);
756 return ERR_PTR(-EAGAIN);
757 }
758 spin_unlock(&server->srv_lock);
759
760 smb2_seq_num_into_buf(server, shdr);
761
762 mid = smb2_mid_entry_alloc(shdr, server);
763 if (mid == NULL) {
764 revert_current_mid_from_hdr(server, shdr);
765 return ERR_PTR(-ENOMEM);
766 }
767
768 rc = smb2_sign_rqst(rqst, server);
769 if (rc) {
770 revert_current_mid_from_hdr(server, shdr);
771 release_mid(server, mid);
772 return ERR_PTR(rc);
773 }
774
775 return mid;
776 }
777
778 int
smb3_crypto_aead_allocate(struct TCP_Server_Info * server)779 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
780 {
781 struct crypto_aead *tfm;
782
783 if (!server->secmech.enc) {
784 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
785 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
786 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
787 else
788 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
789 if (IS_ERR(tfm)) {
790 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
791 __func__);
792 return PTR_ERR(tfm);
793 }
794 server->secmech.enc = tfm;
795 }
796
797 if (!server->secmech.dec) {
798 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
799 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
800 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
801 else
802 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
803 if (IS_ERR(tfm)) {
804 crypto_free_aead(server->secmech.enc);
805 server->secmech.enc = NULL;
806 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
807 __func__);
808 return PTR_ERR(tfm);
809 }
810 server->secmech.dec = tfm;
811 }
812
813 return 0;
814 }
815