1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002, 2011
5 * Etersoft, 2012
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 *
10 */
11
12 #include <linux/fs.h>
13 #include <linux/list.h>
14 #include <linux/wait.h>
15 #include <linux/net.h>
16 #include <linux/delay.h>
17 #include <linux/uaccess.h>
18 #include <asm/processor.h>
19 #include <linux/mempool.h>
20 #include <linux/highmem.h>
21 #include <crypto/aead.h>
22 #include <crypto/aes-cbc-macs.h>
23 #include <crypto/sha2.h>
24 #include <crypto/utils.h>
25 #include "cifsglob.h"
26 #include "cifsproto.h"
27 #include "smb2proto.h"
28 #include "cifs_debug.h"
29 #include "../common/smb2status.h"
30 #include "smb2glob.h"
31
32 static
smb3_get_sign_key(__u64 ses_id,struct TCP_Server_Info * server,u8 * key)33 int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
34 {
35 struct cifs_chan *chan;
36 struct TCP_Server_Info *pserver;
37 struct cifs_ses *ses = NULL;
38 int i;
39 int rc = 0;
40 bool is_binding = false;
41
42 spin_lock(&cifs_tcp_ses_lock);
43
44 /* If server is a channel, select the primary channel */
45 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
46
47 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
48 if (ses->Suid == ses_id)
49 goto found;
50 }
51 trace_smb3_ses_not_found(ses_id);
52 cifs_server_dbg(FYI, "%s: Could not find session 0x%llx\n",
53 __func__, ses_id);
54 rc = -ENOENT;
55 goto out;
56
57 found:
58 spin_lock(&ses->ses_lock);
59 spin_lock(&ses->chan_lock);
60
61 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
62 ses->ses_status == SES_GOOD);
63 if (is_binding) {
64 /*
65 * If we are in the process of binding a new channel
66 * to an existing session, use the master connection
67 * session key
68 */
69 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
70 spin_unlock(&ses->chan_lock);
71 spin_unlock(&ses->ses_lock);
72 goto out;
73 }
74
75 /*
76 * Otherwise, use the channel key.
77 */
78
79 for (i = 0; i < ses->chan_count; i++) {
80 chan = ses->chans + i;
81 if (chan->server == server) {
82 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
83 spin_unlock(&ses->chan_lock);
84 spin_unlock(&ses->ses_lock);
85 goto out;
86 }
87 }
88 spin_unlock(&ses->chan_lock);
89 spin_unlock(&ses->ses_lock);
90
91 cifs_dbg(VFS,
92 "%s: Could not find channel signing key for session 0x%llx\n",
93 __func__, ses_id);
94 rc = -ENOENT;
95
96 out:
97 spin_unlock(&cifs_tcp_ses_lock);
98 return rc;
99 }
100
101 static struct cifs_ses *
smb2_find_smb_ses_unlocked(struct TCP_Server_Info * server,__u64 ses_id)102 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
103 {
104 struct TCP_Server_Info *pserver;
105 struct cifs_ses *ses;
106
107 /* If server is a channel, select the primary channel */
108 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
109
110 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
111 if (ses->Suid != ses_id)
112 continue;
113
114 spin_lock(&ses->ses_lock);
115 if (ses->ses_status == SES_EXITING) {
116 spin_unlock(&ses->ses_lock);
117 continue;
118 }
119 cifs_smb_ses_inc_refcount(ses);
120 spin_unlock(&ses->ses_lock);
121 return ses;
122 }
123
124 return NULL;
125 }
126
smb2_get_sign_key(struct TCP_Server_Info * server,__u64 ses_id,u8 * key)127 static int smb2_get_sign_key(struct TCP_Server_Info *server,
128 __u64 ses_id, u8 *key)
129 {
130 struct cifs_ses *ses;
131 int rc = -ENOENT;
132
133 if (SERVER_IS_CHAN(server))
134 server = server->primary_server;
135
136 spin_lock(&cifs_tcp_ses_lock);
137 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
138 if (ses->Suid != ses_id)
139 continue;
140
141 rc = 0;
142 spin_lock(&ses->ses_lock);
143 switch (ses->ses_status) {
144 case SES_EXITING: /* SMB2_LOGOFF */
145 case SES_GOOD:
146 if (likely(ses->auth_key.response)) {
147 memcpy(key, ses->auth_key.response,
148 SMB2_NTLMV2_SESSKEY_SIZE);
149 } else {
150 rc = smb_EIO(smb_eio_trace_no_auth_key);
151 }
152 break;
153 default:
154 rc = -EAGAIN;
155 break;
156 }
157 spin_unlock(&ses->ses_lock);
158 break;
159 }
160 spin_unlock(&cifs_tcp_ses_lock);
161 return rc;
162 }
163
164 static struct cifs_tcon *
smb2_find_smb_sess_tcon_unlocked(struct cifs_ses * ses,__u32 tid)165 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
166 {
167 struct cifs_tcon *tcon;
168
169 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
170 if (tcon->tid != tid)
171 continue;
172 spin_lock(&tcon->tc_lock);
173 ++tcon->tc_count;
174 spin_unlock(&tcon->tc_lock);
175 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count,
176 netfs_trace_tcon_ref_get_find_sess_tcon);
177 return tcon;
178 }
179
180 return NULL;
181 }
182
183 /*
184 * Obtain tcon corresponding to the tid in the given
185 * cifs_ses
186 */
187
188 struct cifs_tcon *
smb2_find_smb_tcon(struct TCP_Server_Info * server,__u64 ses_id,__u32 tid)189 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
190 {
191 struct cifs_ses *ses;
192 struct cifs_tcon *tcon;
193
194 spin_lock(&cifs_tcp_ses_lock);
195 ses = smb2_find_smb_ses_unlocked(server, ses_id);
196 if (!ses) {
197 spin_unlock(&cifs_tcp_ses_lock);
198 return NULL;
199 }
200 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
201 spin_unlock(&cifs_tcp_ses_lock);
202 /* tcon already has a ref to ses, so we don't need ses anymore */
203 cifs_put_smb_ses(ses);
204
205 return tcon;
206 }
207
208 static int
smb2_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)209 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
210 {
211 int rc;
212 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
213 struct kvec *iov = rqst->rq_iov;
214 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
215 struct hmac_sha256_ctx hmac_ctx;
216 struct smb_rqst drqst;
217 __u64 sid = le64_to_cpu(shdr->SessionId);
218 u8 key[SMB2_NTLMV2_SESSKEY_SIZE];
219
220 rc = smb2_get_sign_key(server, sid, key);
221 if (unlikely(rc)) {
222 cifs_server_dbg(FYI, "%s: [sesid=0x%llx] couldn't find signing key: %d\n",
223 __func__, sid, rc);
224 return rc;
225 }
226
227 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
228 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
229
230 hmac_sha256_init_usingrawkey(&hmac_ctx, key, sizeof(key));
231
232 /*
233 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
234 * data, that is, iov[0] should not contain a rfc1002 length.
235 *
236 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
237 * __cifs_calc_signature().
238 */
239 drqst = *rqst;
240 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
241 hmac_sha256_update(&hmac_ctx, iov[0].iov_base, iov[0].iov_len);
242 drqst.rq_iov++;
243 drqst.rq_nvec--;
244 }
245
246 rc = __cifs_calc_signature(
247 &drqst, server, smb2_signature,
248 &(struct cifs_calc_sig_ctx){ .hmac = &hmac_ctx });
249 if (!rc)
250 memcpy(shdr->Signature, smb2_signature, SMB2_SIGNATURE_SIZE);
251
252 return rc;
253 }
254
generate_key(struct cifs_ses * ses,struct kvec label,struct kvec context,__u8 * key,unsigned int key_size,unsigned int full_key_size)255 static void generate_key(struct cifs_ses *ses, struct kvec label,
256 struct kvec context, __u8 *key, unsigned int key_size,
257 unsigned int full_key_size)
258 {
259 unsigned char zero = 0x0;
260 __u8 i[4] = {0, 0, 0, 1};
261 __u8 L128[4] = {0, 0, 0, 128};
262 __u8 L256[4] = {0, 0, 1, 0};
263 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
264 struct TCP_Server_Info *server = ses->server;
265 struct hmac_sha256_ctx hmac_ctx;
266
267 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
268 memset(key, 0x0, key_size);
269
270 hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response,
271 full_key_size);
272 hmac_sha256_update(&hmac_ctx, i, 4);
273 hmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len);
274 hmac_sha256_update(&hmac_ctx, &zero, 1);
275 hmac_sha256_update(&hmac_ctx, context.iov_base, context.iov_len);
276
277 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
278 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
279 hmac_sha256_update(&hmac_ctx, L256, 4);
280 } else {
281 hmac_sha256_update(&hmac_ctx, L128, 4);
282 }
283 hmac_sha256_final(&hmac_ctx, prfhash);
284
285 memcpy(key, prfhash, key_size);
286 }
287
288 struct derivation {
289 struct kvec label;
290 struct kvec context;
291 };
292
293 struct derivation_triplet {
294 struct derivation signing;
295 struct derivation encryption;
296 struct derivation decryption;
297 };
298
299 static int
generate_smb3signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server,const struct derivation_triplet * ptriplet)300 generate_smb3signingkey(struct cifs_ses *ses,
301 struct TCP_Server_Info *server,
302 const struct derivation_triplet *ptriplet)
303 {
304 unsigned int full_key_size = SMB2_NTLMV2_SESSKEY_SIZE;
305 bool is_binding = false;
306 int chan_index = 0;
307
308 spin_lock(&ses->ses_lock);
309 spin_lock(&ses->chan_lock);
310 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
311 ses->ses_status == SES_GOOD);
312
313 chan_index = cifs_ses_get_chan_index(ses, server);
314 if (chan_index == CIFS_INVAL_CHAN_INDEX) {
315 spin_unlock(&ses->chan_lock);
316 spin_unlock(&ses->ses_lock);
317
318 return -EINVAL;
319 }
320
321 spin_unlock(&ses->chan_lock);
322 spin_unlock(&ses->ses_lock);
323
324 /*
325 * All channels use the same encryption/decryption keys but
326 * they have their own signing key.
327 *
328 * When we generate the keys, check if it is for a new channel
329 * (binding) in which case we only need to generate a signing
330 * key and store it in the channel as to not overwrite the
331 * master connection signing key stored in the session
332 */
333
334 if (is_binding) {
335 generate_key(ses, ptriplet->signing.label,
336 ptriplet->signing.context,
337 ses->chans[chan_index].signkey, SMB3_SIGN_KEY_SIZE,
338 SMB2_NTLMV2_SESSKEY_SIZE);
339 } else {
340 generate_key(ses, ptriplet->signing.label,
341 ptriplet->signing.context, ses->smb3signingkey,
342 SMB3_SIGN_KEY_SIZE, SMB2_NTLMV2_SESSKEY_SIZE);
343
344 /*
345 * Per MS-SMB2 3.2.5.3.1, signing key always uses Session.SessionKey
346 * (first 16 bytes). Encryption/decryption keys use
347 * Session.FullSessionKey when dialect is 3.1.1 and cipher is
348 * AES-256-CCM or AES-256-GCM, otherwise Session.SessionKey.
349 */
350
351 if (server->dialect == SMB311_PROT_ID &&
352 (server->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
353 server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
354 full_key_size = ses->auth_key.len;
355
356 /* safe to access primary channel, since it will never go away */
357 spin_lock(&ses->chan_lock);
358 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey,
359 SMB3_SIGN_KEY_SIZE);
360 spin_unlock(&ses->chan_lock);
361
362 generate_key(ses, ptriplet->encryption.label,
363 ptriplet->encryption.context,
364 ses->smb3encryptionkey, SMB3_ENC_DEC_KEY_SIZE,
365 full_key_size);
366
367 generate_key(ses, ptriplet->decryption.label,
368 ptriplet->decryption.context,
369 ses->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE,
370 full_key_size);
371 }
372
373 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
374 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
375 /*
376 * The session id is opaque in terms of endianness, so we can't
377 * print it as a long long. we dump it as we got it on the wire
378 */
379 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
380 &ses->Suid);
381 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type);
382 cifs_dbg(VFS, "Session Key %*ph\n",
383 (int)ses->auth_key.len, ses->auth_key.response);
384 cifs_dbg(VFS, "Signing Key %*ph\n",
385 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
386 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
387 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
388 cifs_dbg(VFS, "ServerIn Key %*ph\n",
389 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
390 cifs_dbg(VFS, "ServerOut Key %*ph\n",
391 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
392 } else {
393 cifs_dbg(VFS, "ServerIn Key %*ph\n",
394 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
395 cifs_dbg(VFS, "ServerOut Key %*ph\n",
396 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
397 }
398 #endif
399 return 0;
400 }
401
402 int
generate_smb30signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server)403 generate_smb30signingkey(struct cifs_ses *ses,
404 struct TCP_Server_Info *server)
405
406 {
407 struct derivation_triplet triplet;
408 struct derivation *d;
409
410 d = &triplet.signing;
411 d->label.iov_base = "SMB2AESCMAC";
412 d->label.iov_len = 12;
413 d->context.iov_base = "SmbSign";
414 d->context.iov_len = 8;
415
416 d = &triplet.encryption;
417 d->label.iov_base = "SMB2AESCCM";
418 d->label.iov_len = 11;
419 d->context.iov_base = "ServerIn ";
420 d->context.iov_len = 10;
421
422 d = &triplet.decryption;
423 d->label.iov_base = "SMB2AESCCM";
424 d->label.iov_len = 11;
425 d->context.iov_base = "ServerOut";
426 d->context.iov_len = 10;
427
428 return generate_smb3signingkey(ses, server, &triplet);
429 }
430
431 int
generate_smb311signingkey(struct cifs_ses * ses,struct TCP_Server_Info * server)432 generate_smb311signingkey(struct cifs_ses *ses,
433 struct TCP_Server_Info *server)
434
435 {
436 struct derivation_triplet triplet;
437 struct derivation *d;
438
439 d = &triplet.signing;
440 d->label.iov_base = "SMBSigningKey";
441 d->label.iov_len = 14;
442 d->context.iov_base = ses->preauth_sha_hash;
443 d->context.iov_len = 64;
444
445 d = &triplet.encryption;
446 d->label.iov_base = "SMBC2SCipherKey";
447 d->label.iov_len = 16;
448 d->context.iov_base = ses->preauth_sha_hash;
449 d->context.iov_len = 64;
450
451 d = &triplet.decryption;
452 d->label.iov_base = "SMBS2CCipherKey";
453 d->label.iov_len = 16;
454 d->context.iov_base = ses->preauth_sha_hash;
455 d->context.iov_len = 64;
456
457 return generate_smb3signingkey(ses, server, &triplet);
458 }
459
460 static int
smb3_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)461 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
462 {
463 int rc;
464 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
465 struct kvec *iov = rqst->rq_iov;
466 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
467 struct aes_cmac_key cmac_key;
468 struct aes_cmac_ctx cmac_ctx;
469 struct smb_rqst drqst;
470 u8 key[SMB3_SIGN_KEY_SIZE];
471
472 if (server->vals->protocol_id <= SMB21_PROT_ID)
473 return smb2_calc_signature(rqst, server);
474
475 rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
476 if (unlikely(rc)) {
477 cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__);
478 return rc;
479 }
480
481 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
482 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
483
484 rc = aes_cmac_preparekey(&cmac_key, key, SMB2_CMACAES_SIZE);
485 if (rc) {
486 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
487 return rc;
488 }
489
490 aes_cmac_init(&cmac_ctx, &cmac_key);
491
492 /*
493 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
494 * data, that is, iov[0] should not contain a rfc1002 length.
495 *
496 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
497 * __cifs_calc_signature().
498 */
499 drqst = *rqst;
500 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
501 aes_cmac_update(&cmac_ctx, iov[0].iov_base, iov[0].iov_len);
502 drqst.rq_iov++;
503 drqst.rq_nvec--;
504 }
505
506 rc = __cifs_calc_signature(
507 &drqst, server, smb3_signature,
508 &(struct cifs_calc_sig_ctx){ .cmac = &cmac_ctx });
509 if (!rc)
510 memcpy(shdr->Signature, smb3_signature, SMB2_SIGNATURE_SIZE);
511 return rc;
512 }
513
514 /* must be called with server->srv_mutex held */
515 static int
smb2_sign_rqst(struct smb_rqst * rqst,struct TCP_Server_Info * server)516 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
517 {
518 struct smb2_hdr *shdr;
519 struct smb2_sess_setup_req *ssr;
520 bool is_binding;
521 bool is_signed;
522
523 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
524 ssr = (struct smb2_sess_setup_req *)shdr;
525
526 is_binding = shdr->Command == SMB2_SESSION_SETUP &&
527 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
528 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
529
530 if (!is_signed)
531 return 0;
532 spin_lock(&server->srv_lock);
533 if (server->ops->need_neg &&
534 server->ops->need_neg(server)) {
535 spin_unlock(&server->srv_lock);
536 return 0;
537 }
538 spin_unlock(&server->srv_lock);
539 if (!is_binding && !server->session_estab) {
540 strscpy(shdr->Signature, "BSRSPYL");
541 return 0;
542 }
543
544 return smb3_calc_signature(rqst, server);
545 }
546
547 int
smb2_verify_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)548 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
549 {
550 unsigned int rc;
551 char server_response_sig[SMB2_SIGNATURE_SIZE];
552 struct smb2_hdr *shdr =
553 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
554
555 if ((shdr->Command == SMB2_NEGOTIATE) ||
556 (shdr->Command == SMB2_SESSION_SETUP) ||
557 (shdr->Command == SMB2_OPLOCK_BREAK) ||
558 server->ignore_signature ||
559 (!server->session_estab))
560 return 0;
561
562 /*
563 * BB what if signatures are supposed to be on for session but
564 * server does not send one? BB
565 */
566
567 /* Do not need to verify session setups with signature "BSRSPYL " */
568 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
569 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
570 shdr->Command);
571
572 /*
573 * Save off the original signature so we can modify the smb and check
574 * our calculated signature against what the server sent.
575 */
576 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
577
578 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
579
580 rc = smb3_calc_signature(rqst, server);
581
582 if (rc)
583 return rc;
584
585 if (crypto_memneq(server_response_sig, shdr->Signature,
586 SMB2_SIGNATURE_SIZE)) {
587 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
588 shdr->Command, shdr->MessageId);
589 return -EACCES;
590 } else
591 return 0;
592 }
593
594 /*
595 * Set message id for the request. Should be called after wait_for_free_request
596 * and when srv_mutex is held.
597 */
598 static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info * server,struct smb2_hdr * shdr)599 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
600 struct smb2_hdr *shdr)
601 {
602 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
603
604 shdr->MessageId = get_next_mid64(server);
605 /* skip message numbers according to CreditCharge field */
606 for (i = 1; i < num; i++)
607 get_next_mid(server);
608 }
609
610 static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr * shdr,struct TCP_Server_Info * server)611 smb2_mid_entry_alloc(const struct smb2_hdr *shdr,
612 struct TCP_Server_Info *server)
613 {
614 struct mid_q_entry *temp;
615 unsigned int credits = le16_to_cpu(shdr->CreditCharge);
616
617 if (server == NULL) {
618 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
619 return NULL;
620 }
621
622 temp = mempool_alloc(&cifs_mid_pool, GFP_NOFS);
623 memset(temp, 0, sizeof(struct mid_q_entry));
624 refcount_set(&temp->refcount, 1);
625 spin_lock_init(&temp->mid_lock);
626 temp->mid = le64_to_cpu(shdr->MessageId);
627 temp->credits = credits > 0 ? credits : 1;
628 temp->pid = current->pid;
629 temp->command = shdr->Command; /* Always LE */
630 temp->when_alloc = jiffies;
631
632 /*
633 * The default is for the mid to be synchronous, so the
634 * default callback just wakes up the current task.
635 */
636 get_task_struct(current);
637 temp->creator = current;
638 temp->callback = cifs_wake_up_task;
639 temp->callback_data = current;
640
641 atomic_inc(&mid_count);
642 temp->mid_state = MID_REQUEST_ALLOCATED;
643 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId),
644 le64_to_cpu(shdr->SessionId),
645 le16_to_cpu(shdr->Command), temp->mid);
646 return temp;
647 }
648
649 static int
smb2_get_mid_entry(struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb2_hdr * shdr,struct mid_q_entry ** mid)650 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
651 struct smb2_hdr *shdr, struct mid_q_entry **mid)
652 {
653 switch (READ_ONCE(server->tcpStatus)) {
654 case CifsExiting:
655 return -ENOENT;
656 case CifsNeedReconnect:
657 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
658 return -EAGAIN;
659 case CifsNeedNegotiate:
660 if (shdr->Command != SMB2_NEGOTIATE)
661 return -EAGAIN;
662 break;
663 default:
664 break;
665 }
666
667 switch (READ_ONCE(ses->ses_status)) {
668 case SES_NEW:
669 if (shdr->Command != SMB2_SESSION_SETUP &&
670 shdr->Command != SMB2_NEGOTIATE)
671 return -EAGAIN;
672 /* else ok - we are setting up session */
673 break;
674 case SES_EXITING:
675 if (shdr->Command != SMB2_LOGOFF)
676 return -EAGAIN;
677 /* else ok - we are shutting down the session */
678 break;
679 default:
680 break;
681 }
682
683 *mid = smb2_mid_entry_alloc(shdr, server);
684 if (*mid == NULL)
685 return -ENOMEM;
686 spin_lock(&server->mid_queue_lock);
687 list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
688 spin_unlock(&server->mid_queue_lock);
689
690 return 0;
691 }
692
693 int
smb2_check_receive(struct mid_q_entry * mid,struct TCP_Server_Info * server,bool log_error)694 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
695 bool log_error)
696 {
697 unsigned int len = mid->resp_buf_size;
698 struct kvec iov[1];
699 struct smb_rqst rqst = { .rq_iov = iov,
700 .rq_nvec = 1 };
701
702 iov[0].iov_base = (char *)mid->resp_buf;
703 iov[0].iov_len = len;
704
705 dump_smb(mid->resp_buf, min_t(u32, 80, len));
706 /* convert the length into a more usable form */
707 if (len > 24 && server->sign && !mid->decrypted) {
708 int rc;
709
710 rc = smb2_verify_signature(&rqst, server);
711 if (rc)
712 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
713 rc);
714 }
715
716 return map_smb2_to_linux_error(mid->resp_buf, log_error);
717 }
718
719 struct mid_q_entry *
smb2_setup_request(struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb_rqst * rqst)720 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
721 struct smb_rqst *rqst)
722 {
723 int rc;
724 struct smb2_hdr *shdr =
725 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
726 struct mid_q_entry *mid;
727
728 smb2_seq_num_into_buf(server, shdr);
729
730 rc = smb2_get_mid_entry(ses, server, shdr, &mid);
731 if (rc) {
732 revert_current_mid_from_hdr(server, shdr);
733 return ERR_PTR(rc);
734 }
735
736 rc = smb2_sign_rqst(rqst, server);
737 if (rc) {
738 revert_current_mid_from_hdr(server, shdr);
739 delete_mid(server, mid);
740 return ERR_PTR(rc);
741 }
742
743 return mid;
744 }
745
746 struct mid_q_entry *
smb2_setup_async_request(struct TCP_Server_Info * server,struct smb_rqst * rqst)747 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
748 {
749 int rc;
750 struct smb2_hdr *shdr =
751 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
752 struct mid_q_entry *mid;
753
754 spin_lock(&server->srv_lock);
755 if (server->tcpStatus == CifsNeedNegotiate &&
756 shdr->Command != SMB2_NEGOTIATE) {
757 spin_unlock(&server->srv_lock);
758 return ERR_PTR(-EAGAIN);
759 }
760 spin_unlock(&server->srv_lock);
761
762 smb2_seq_num_into_buf(server, shdr);
763
764 mid = smb2_mid_entry_alloc(shdr, server);
765 if (mid == NULL) {
766 revert_current_mid_from_hdr(server, shdr);
767 return ERR_PTR(-ENOMEM);
768 }
769
770 rc = smb2_sign_rqst(rqst, server);
771 if (rc) {
772 revert_current_mid_from_hdr(server, shdr);
773 release_mid(server, mid);
774 return ERR_PTR(rc);
775 }
776
777 return mid;
778 }
779
780 int
smb3_crypto_aead_allocate(struct TCP_Server_Info * server)781 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
782 {
783 struct crypto_aead *tfm;
784
785 if (!server->secmech.enc) {
786 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
787 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
788 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
789 else
790 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
791 if (IS_ERR(tfm)) {
792 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
793 __func__);
794 return PTR_ERR(tfm);
795 }
796 server->secmech.enc = tfm;
797 }
798
799 if (!server->secmech.dec) {
800 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
801 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
802 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
803 else
804 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
805 if (IS_ERR(tfm)) {
806 crypto_free_aead(server->secmech.enc);
807 server->secmech.enc = NULL;
808 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
809 __func__);
810 return PTR_ERR(tfm);
811 }
812 server->secmech.dec = tfm;
813 }
814
815 return 0;
816 }
817