1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002, 2011 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Jeremy Allison (jra@samba.org) 2006 8 * Pavel Shilovsky (pshilovsky@samba.org) 2012 9 * 10 */ 11 12 #include <linux/fs.h> 13 #include <linux/list.h> 14 #include <linux/wait.h> 15 #include <linux/net.h> 16 #include <linux/delay.h> 17 #include <linux/uaccess.h> 18 #include <asm/processor.h> 19 #include <linux/mempool.h> 20 #include <linux/highmem.h> 21 #include <crypto/aead.h> 22 #include <crypto/sha2.h> 23 #include <crypto/utils.h> 24 #include "cifsglob.h" 25 #include "cifsproto.h" 26 #include "smb2proto.h" 27 #include "cifs_debug.h" 28 #include "../common/smb2status.h" 29 #include "smb2glob.h" 30 31 int 32 smb3_crypto_shash_allocate(struct TCP_Server_Info *server) 33 { 34 struct cifs_secmech *p = &server->secmech; 35 36 return cifs_alloc_hash("cmac(aes)", &p->aes_cmac); 37 } 38 39 static 40 int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) 41 { 42 struct cifs_chan *chan; 43 struct TCP_Server_Info *pserver; 44 struct cifs_ses *ses = NULL; 45 int i; 46 int rc = 0; 47 bool is_binding = false; 48 49 spin_lock(&cifs_tcp_ses_lock); 50 51 /* If server is a channel, select the primary channel */ 52 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 53 54 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 55 if (ses->Suid == ses_id) 56 goto found; 57 } 58 trace_smb3_ses_not_found(ses_id); 59 cifs_server_dbg(FYI, "%s: Could not find session 0x%llx\n", 60 __func__, ses_id); 61 rc = -ENOENT; 62 goto out; 63 64 found: 65 spin_lock(&ses->ses_lock); 66 spin_lock(&ses->chan_lock); 67 68 is_binding = (cifs_chan_needs_reconnect(ses, server) && 69 ses->ses_status == SES_GOOD); 70 if (is_binding) { 71 /* 72 * If we are in the process of binding a new channel 73 * to an existing session, use the master connection 74 * session key 75 */ 76 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); 77 spin_unlock(&ses->chan_lock); 78 spin_unlock(&ses->ses_lock); 79 goto out; 80 } 81 82 /* 83 * Otherwise, use the channel key. 84 */ 85 86 for (i = 0; i < ses->chan_count; i++) { 87 chan = ses->chans + i; 88 if (chan->server == server) { 89 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); 90 spin_unlock(&ses->chan_lock); 91 spin_unlock(&ses->ses_lock); 92 goto out; 93 } 94 } 95 spin_unlock(&ses->chan_lock); 96 spin_unlock(&ses->ses_lock); 97 98 cifs_dbg(VFS, 99 "%s: Could not find channel signing key for session 0x%llx\n", 100 __func__, ses_id); 101 rc = -ENOENT; 102 103 out: 104 spin_unlock(&cifs_tcp_ses_lock); 105 return rc; 106 } 107 108 static struct cifs_ses * 109 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id) 110 { 111 struct TCP_Server_Info *pserver; 112 struct cifs_ses *ses; 113 114 /* If server is a channel, select the primary channel */ 115 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 116 117 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 118 if (ses->Suid != ses_id) 119 continue; 120 121 spin_lock(&ses->ses_lock); 122 if (ses->ses_status == SES_EXITING) { 123 spin_unlock(&ses->ses_lock); 124 continue; 125 } 126 cifs_smb_ses_inc_refcount(ses); 127 spin_unlock(&ses->ses_lock); 128 return ses; 129 } 130 131 return NULL; 132 } 133 134 static int smb2_get_sign_key(struct TCP_Server_Info *server, 135 __u64 ses_id, u8 *key) 136 { 137 struct cifs_ses *ses; 138 int rc = -ENOENT; 139 140 if (SERVER_IS_CHAN(server)) 141 server = server->primary_server; 142 143 spin_lock(&cifs_tcp_ses_lock); 144 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 145 if (ses->Suid != ses_id) 146 continue; 147 148 rc = 0; 149 spin_lock(&ses->ses_lock); 150 switch (ses->ses_status) { 151 case SES_EXITING: /* SMB2_LOGOFF */ 152 case SES_GOOD: 153 if (likely(ses->auth_key.response)) { 154 memcpy(key, ses->auth_key.response, 155 SMB2_NTLMV2_SESSKEY_SIZE); 156 } else { 157 rc = smb_EIO(smb_eio_trace_no_auth_key); 158 } 159 break; 160 default: 161 rc = -EAGAIN; 162 break; 163 } 164 spin_unlock(&ses->ses_lock); 165 break; 166 } 167 spin_unlock(&cifs_tcp_ses_lock); 168 return rc; 169 } 170 171 static struct cifs_tcon * 172 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid) 173 { 174 struct cifs_tcon *tcon; 175 176 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 177 if (tcon->tid != tid) 178 continue; 179 ++tcon->tc_count; 180 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, 181 netfs_trace_tcon_ref_get_find_sess_tcon); 182 return tcon; 183 } 184 185 return NULL; 186 } 187 188 /* 189 * Obtain tcon corresponding to the tid in the given 190 * cifs_ses 191 */ 192 193 struct cifs_tcon * 194 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) 195 { 196 struct cifs_ses *ses; 197 struct cifs_tcon *tcon; 198 199 spin_lock(&cifs_tcp_ses_lock); 200 ses = smb2_find_smb_ses_unlocked(server, ses_id); 201 if (!ses) { 202 spin_unlock(&cifs_tcp_ses_lock); 203 return NULL; 204 } 205 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); 206 spin_unlock(&cifs_tcp_ses_lock); 207 /* tcon already has a ref to ses, so we don't need ses anymore */ 208 cifs_put_smb_ses(ses); 209 210 return tcon; 211 } 212 213 static int 214 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 215 bool allocate_crypto) 216 { 217 int rc; 218 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE]; 219 struct kvec *iov = rqst->rq_iov; 220 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 221 struct hmac_sha256_ctx hmac_ctx; 222 struct smb_rqst drqst; 223 __u64 sid = le64_to_cpu(shdr->SessionId); 224 u8 key[SMB2_NTLMV2_SESSKEY_SIZE]; 225 226 rc = smb2_get_sign_key(server, sid, key); 227 if (unlikely(rc)) { 228 cifs_server_dbg(FYI, "%s: [sesid=0x%llx] couldn't find signing key: %d\n", 229 __func__, sid, rc); 230 return rc; 231 } 232 233 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE); 234 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 235 236 hmac_sha256_init_usingrawkey(&hmac_ctx, key, sizeof(key)); 237 238 /* 239 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 240 * data, that is, iov[0] should not contain a rfc1002 length. 241 * 242 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 243 * __cifs_calc_signature(). 244 */ 245 drqst = *rqst; 246 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 247 hmac_sha256_update(&hmac_ctx, iov[0].iov_base, iov[0].iov_len); 248 drqst.rq_iov++; 249 drqst.rq_nvec--; 250 } 251 252 rc = __cifs_calc_signature( 253 &drqst, server, smb2_signature, 254 &(struct cifs_calc_sig_ctx){ .hmac = &hmac_ctx }); 255 if (!rc) 256 memcpy(shdr->Signature, smb2_signature, SMB2_SIGNATURE_SIZE); 257 258 return rc; 259 } 260 261 static int generate_key(struct cifs_ses *ses, struct kvec label, 262 struct kvec context, __u8 *key, unsigned int key_size) 263 { 264 unsigned char zero = 0x0; 265 __u8 i[4] = {0, 0, 0, 1}; 266 __u8 L128[4] = {0, 0, 0, 128}; 267 __u8 L256[4] = {0, 0, 1, 0}; 268 int rc = 0; 269 unsigned char prfhash[SMB2_HMACSHA256_SIZE]; 270 struct TCP_Server_Info *server = ses->server; 271 struct hmac_sha256_ctx hmac_ctx; 272 273 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); 274 memset(key, 0x0, key_size); 275 276 rc = smb3_crypto_shash_allocate(server); 277 if (rc) { 278 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); 279 return rc; 280 } 281 282 hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response, 283 SMB2_NTLMV2_SESSKEY_SIZE); 284 hmac_sha256_update(&hmac_ctx, i, 4); 285 hmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len); 286 hmac_sha256_update(&hmac_ctx, &zero, 1); 287 hmac_sha256_update(&hmac_ctx, context.iov_base, context.iov_len); 288 289 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 290 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 291 hmac_sha256_update(&hmac_ctx, L256, 4); 292 } else { 293 hmac_sha256_update(&hmac_ctx, L128, 4); 294 } 295 hmac_sha256_final(&hmac_ctx, prfhash); 296 297 memcpy(key, prfhash, key_size); 298 return 0; 299 } 300 301 struct derivation { 302 struct kvec label; 303 struct kvec context; 304 }; 305 306 struct derivation_triplet { 307 struct derivation signing; 308 struct derivation encryption; 309 struct derivation decryption; 310 }; 311 312 static int 313 generate_smb3signingkey(struct cifs_ses *ses, 314 struct TCP_Server_Info *server, 315 const struct derivation_triplet *ptriplet) 316 { 317 int rc; 318 bool is_binding = false; 319 int chan_index = 0; 320 321 spin_lock(&ses->ses_lock); 322 spin_lock(&ses->chan_lock); 323 is_binding = (cifs_chan_needs_reconnect(ses, server) && 324 ses->ses_status == SES_GOOD); 325 326 chan_index = cifs_ses_get_chan_index(ses, server); 327 if (chan_index == CIFS_INVAL_CHAN_INDEX) { 328 spin_unlock(&ses->chan_lock); 329 spin_unlock(&ses->ses_lock); 330 331 return -EINVAL; 332 } 333 334 spin_unlock(&ses->chan_lock); 335 spin_unlock(&ses->ses_lock); 336 337 /* 338 * All channels use the same encryption/decryption keys but 339 * they have their own signing key. 340 * 341 * When we generate the keys, check if it is for a new channel 342 * (binding) in which case we only need to generate a signing 343 * key and store it in the channel as to not overwrite the 344 * master connection signing key stored in the session 345 */ 346 347 if (is_binding) { 348 rc = generate_key(ses, ptriplet->signing.label, 349 ptriplet->signing.context, 350 ses->chans[chan_index].signkey, 351 SMB3_SIGN_KEY_SIZE); 352 if (rc) 353 return rc; 354 } else { 355 rc = generate_key(ses, ptriplet->signing.label, 356 ptriplet->signing.context, 357 ses->smb3signingkey, 358 SMB3_SIGN_KEY_SIZE); 359 if (rc) 360 return rc; 361 362 /* safe to access primary channel, since it will never go away */ 363 spin_lock(&ses->chan_lock); 364 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, 365 SMB3_SIGN_KEY_SIZE); 366 spin_unlock(&ses->chan_lock); 367 368 rc = generate_key(ses, ptriplet->encryption.label, 369 ptriplet->encryption.context, 370 ses->smb3encryptionkey, 371 SMB3_ENC_DEC_KEY_SIZE); 372 if (rc) 373 return rc; 374 rc = generate_key(ses, ptriplet->decryption.label, 375 ptriplet->decryption.context, 376 ses->smb3decryptionkey, 377 SMB3_ENC_DEC_KEY_SIZE); 378 if (rc) 379 return rc; 380 } 381 382 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 383 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__); 384 /* 385 * The session id is opaque in terms of endianness, so we can't 386 * print it as a long long. we dump it as we got it on the wire 387 */ 388 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 389 &ses->Suid); 390 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); 391 cifs_dbg(VFS, "Session Key %*ph\n", 392 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 393 cifs_dbg(VFS, "Signing Key %*ph\n", 394 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); 395 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 396 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 397 cifs_dbg(VFS, "ServerIn Key %*ph\n", 398 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); 399 cifs_dbg(VFS, "ServerOut Key %*ph\n", 400 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); 401 } else { 402 cifs_dbg(VFS, "ServerIn Key %*ph\n", 403 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); 404 cifs_dbg(VFS, "ServerOut Key %*ph\n", 405 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); 406 } 407 #endif 408 return rc; 409 } 410 411 int 412 generate_smb30signingkey(struct cifs_ses *ses, 413 struct TCP_Server_Info *server) 414 415 { 416 struct derivation_triplet triplet; 417 struct derivation *d; 418 419 d = &triplet.signing; 420 d->label.iov_base = "SMB2AESCMAC"; 421 d->label.iov_len = 12; 422 d->context.iov_base = "SmbSign"; 423 d->context.iov_len = 8; 424 425 d = &triplet.encryption; 426 d->label.iov_base = "SMB2AESCCM"; 427 d->label.iov_len = 11; 428 d->context.iov_base = "ServerIn "; 429 d->context.iov_len = 10; 430 431 d = &triplet.decryption; 432 d->label.iov_base = "SMB2AESCCM"; 433 d->label.iov_len = 11; 434 d->context.iov_base = "ServerOut"; 435 d->context.iov_len = 10; 436 437 return generate_smb3signingkey(ses, server, &triplet); 438 } 439 440 int 441 generate_smb311signingkey(struct cifs_ses *ses, 442 struct TCP_Server_Info *server) 443 444 { 445 struct derivation_triplet triplet; 446 struct derivation *d; 447 448 d = &triplet.signing; 449 d->label.iov_base = "SMBSigningKey"; 450 d->label.iov_len = 14; 451 d->context.iov_base = ses->preauth_sha_hash; 452 d->context.iov_len = 64; 453 454 d = &triplet.encryption; 455 d->label.iov_base = "SMBC2SCipherKey"; 456 d->label.iov_len = 16; 457 d->context.iov_base = ses->preauth_sha_hash; 458 d->context.iov_len = 64; 459 460 d = &triplet.decryption; 461 d->label.iov_base = "SMBS2CCipherKey"; 462 d->label.iov_len = 16; 463 d->context.iov_base = ses->preauth_sha_hash; 464 d->context.iov_len = 64; 465 466 return generate_smb3signingkey(ses, server, &triplet); 467 } 468 469 static int 470 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 471 bool allocate_crypto) 472 { 473 int rc; 474 unsigned char smb3_signature[SMB2_CMACAES_SIZE]; 475 struct kvec *iov = rqst->rq_iov; 476 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 477 struct shash_desc *shash = NULL; 478 struct smb_rqst drqst; 479 u8 key[SMB3_SIGN_KEY_SIZE]; 480 481 if (server->vals->protocol_id <= SMB21_PROT_ID) 482 return smb2_calc_signature(rqst, server, allocate_crypto); 483 484 rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); 485 if (unlikely(rc)) { 486 cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__); 487 return rc; 488 } 489 490 if (allocate_crypto) { 491 rc = cifs_alloc_hash("cmac(aes)", &shash); 492 if (rc) 493 return rc; 494 } else { 495 shash = server->secmech.aes_cmac; 496 } 497 498 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE); 499 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 500 501 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); 502 if (rc) { 503 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__); 504 goto out; 505 } 506 507 /* 508 * we already allocate aes_cmac when we init smb3 signing key, 509 * so unlike smb2 case we do not have to check here if secmech are 510 * initialized 511 */ 512 rc = crypto_shash_init(shash); 513 if (rc) { 514 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__); 515 goto out; 516 } 517 518 /* 519 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 520 * data, that is, iov[0] should not contain a rfc1002 length. 521 * 522 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 523 * __cifs_calc_signature(). 524 */ 525 drqst = *rqst; 526 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 527 rc = crypto_shash_update(shash, iov[0].iov_base, 528 iov[0].iov_len); 529 if (rc) { 530 cifs_server_dbg(VFS, "%s: Could not update with payload\n", 531 __func__); 532 goto out; 533 } 534 drqst.rq_iov++; 535 drqst.rq_nvec--; 536 } 537 538 rc = __cifs_calc_signature( 539 &drqst, server, smb3_signature, 540 &(struct cifs_calc_sig_ctx){ .shash = shash }); 541 if (!rc) 542 memcpy(shdr->Signature, smb3_signature, SMB2_SIGNATURE_SIZE); 543 544 out: 545 if (allocate_crypto) 546 cifs_free_hash(&shash); 547 return rc; 548 } 549 550 /* must be called with server->srv_mutex held */ 551 static int 552 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server) 553 { 554 struct smb2_hdr *shdr; 555 struct smb2_sess_setup_req *ssr; 556 bool is_binding; 557 bool is_signed; 558 559 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 560 ssr = (struct smb2_sess_setup_req *)shdr; 561 562 is_binding = shdr->Command == SMB2_SESSION_SETUP && 563 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); 564 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; 565 566 if (!is_signed) 567 return 0; 568 spin_lock(&server->srv_lock); 569 if (server->ops->need_neg && 570 server->ops->need_neg(server)) { 571 spin_unlock(&server->srv_lock); 572 return 0; 573 } 574 spin_unlock(&server->srv_lock); 575 if (!is_binding && !server->session_estab) { 576 strscpy(shdr->Signature, "BSRSPYL"); 577 return 0; 578 } 579 580 return smb3_calc_signature(rqst, server, false); 581 } 582 583 int 584 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) 585 { 586 unsigned int rc; 587 char server_response_sig[SMB2_SIGNATURE_SIZE]; 588 struct smb2_hdr *shdr = 589 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 590 591 if ((shdr->Command == SMB2_NEGOTIATE) || 592 (shdr->Command == SMB2_SESSION_SETUP) || 593 (shdr->Command == SMB2_OPLOCK_BREAK) || 594 server->ignore_signature || 595 (!server->session_estab)) 596 return 0; 597 598 /* 599 * BB what if signatures are supposed to be on for session but 600 * server does not send one? BB 601 */ 602 603 /* Do not need to verify session setups with signature "BSRSPYL " */ 604 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) 605 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", 606 shdr->Command); 607 608 /* 609 * Save off the original signature so we can modify the smb and check 610 * our calculated signature against what the server sent. 611 */ 612 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); 613 614 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); 615 616 rc = smb3_calc_signature(rqst, server, true); 617 618 if (rc) 619 return rc; 620 621 if (crypto_memneq(server_response_sig, shdr->Signature, 622 SMB2_SIGNATURE_SIZE)) { 623 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n", 624 shdr->Command, shdr->MessageId); 625 return -EACCES; 626 } else 627 return 0; 628 } 629 630 /* 631 * Set message id for the request. Should be called after wait_for_free_request 632 * and when srv_mutex is held. 633 */ 634 static inline void 635 smb2_seq_num_into_buf(struct TCP_Server_Info *server, 636 struct smb2_hdr *shdr) 637 { 638 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); 639 640 shdr->MessageId = get_next_mid64(server); 641 /* skip message numbers according to CreditCharge field */ 642 for (i = 1; i < num; i++) 643 get_next_mid(server); 644 } 645 646 static struct mid_q_entry * 647 smb2_mid_entry_alloc(const struct smb2_hdr *shdr, 648 struct TCP_Server_Info *server) 649 { 650 struct mid_q_entry *temp; 651 unsigned int credits = le16_to_cpu(shdr->CreditCharge); 652 653 if (server == NULL) { 654 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n"); 655 return NULL; 656 } 657 658 temp = mempool_alloc(&cifs_mid_pool, GFP_NOFS); 659 memset(temp, 0, sizeof(struct mid_q_entry)); 660 refcount_set(&temp->refcount, 1); 661 spin_lock_init(&temp->mid_lock); 662 temp->mid = le64_to_cpu(shdr->MessageId); 663 temp->credits = credits > 0 ? credits : 1; 664 temp->pid = current->pid; 665 temp->command = shdr->Command; /* Always LE */ 666 temp->when_alloc = jiffies; 667 668 /* 669 * The default is for the mid to be synchronous, so the 670 * default callback just wakes up the current task. 671 */ 672 get_task_struct(current); 673 temp->creator = current; 674 temp->callback = cifs_wake_up_task; 675 temp->callback_data = current; 676 677 atomic_inc(&mid_count); 678 temp->mid_state = MID_REQUEST_ALLOCATED; 679 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), 680 le64_to_cpu(shdr->SessionId), 681 le16_to_cpu(shdr->Command), temp->mid); 682 return temp; 683 } 684 685 static int 686 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server, 687 struct smb2_hdr *shdr, struct mid_q_entry **mid) 688 { 689 switch (READ_ONCE(server->tcpStatus)) { 690 case CifsExiting: 691 return -ENOENT; 692 case CifsNeedReconnect: 693 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 694 return -EAGAIN; 695 case CifsNeedNegotiate: 696 if (shdr->Command != SMB2_NEGOTIATE) 697 return -EAGAIN; 698 break; 699 default: 700 break; 701 } 702 703 switch (READ_ONCE(ses->ses_status)) { 704 case SES_NEW: 705 if (shdr->Command != SMB2_SESSION_SETUP && 706 shdr->Command != SMB2_NEGOTIATE) 707 return -EAGAIN; 708 /* else ok - we are setting up session */ 709 break; 710 case SES_EXITING: 711 if (shdr->Command != SMB2_LOGOFF) 712 return -EAGAIN; 713 /* else ok - we are shutting down the session */ 714 break; 715 default: 716 break; 717 } 718 719 *mid = smb2_mid_entry_alloc(shdr, server); 720 if (*mid == NULL) 721 return -ENOMEM; 722 spin_lock(&server->mid_queue_lock); 723 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); 724 spin_unlock(&server->mid_queue_lock); 725 726 return 0; 727 } 728 729 int 730 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 731 bool log_error) 732 { 733 unsigned int len = mid->resp_buf_size; 734 struct kvec iov[1]; 735 struct smb_rqst rqst = { .rq_iov = iov, 736 .rq_nvec = 1 }; 737 738 iov[0].iov_base = (char *)mid->resp_buf; 739 iov[0].iov_len = len; 740 741 dump_smb(mid->resp_buf, min_t(u32, 80, len)); 742 /* convert the length into a more usable form */ 743 if (len > 24 && server->sign && !mid->decrypted) { 744 int rc; 745 746 rc = smb2_verify_signature(&rqst, server); 747 if (rc) 748 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 749 rc); 750 } 751 752 return map_smb2_to_linux_error(mid->resp_buf, log_error); 753 } 754 755 struct mid_q_entry * 756 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server, 757 struct smb_rqst *rqst) 758 { 759 int rc; 760 struct smb2_hdr *shdr = 761 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 762 struct mid_q_entry *mid; 763 764 smb2_seq_num_into_buf(server, shdr); 765 766 rc = smb2_get_mid_entry(ses, server, shdr, &mid); 767 if (rc) { 768 revert_current_mid_from_hdr(server, shdr); 769 return ERR_PTR(rc); 770 } 771 772 rc = smb2_sign_rqst(rqst, server); 773 if (rc) { 774 revert_current_mid_from_hdr(server, shdr); 775 delete_mid(server, mid); 776 return ERR_PTR(rc); 777 } 778 779 return mid; 780 } 781 782 struct mid_q_entry * 783 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 784 { 785 int rc; 786 struct smb2_hdr *shdr = 787 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 788 struct mid_q_entry *mid; 789 790 spin_lock(&server->srv_lock); 791 if (server->tcpStatus == CifsNeedNegotiate && 792 shdr->Command != SMB2_NEGOTIATE) { 793 spin_unlock(&server->srv_lock); 794 return ERR_PTR(-EAGAIN); 795 } 796 spin_unlock(&server->srv_lock); 797 798 smb2_seq_num_into_buf(server, shdr); 799 800 mid = smb2_mid_entry_alloc(shdr, server); 801 if (mid == NULL) { 802 revert_current_mid_from_hdr(server, shdr); 803 return ERR_PTR(-ENOMEM); 804 } 805 806 rc = smb2_sign_rqst(rqst, server); 807 if (rc) { 808 revert_current_mid_from_hdr(server, shdr); 809 release_mid(server, mid); 810 return ERR_PTR(rc); 811 } 812 813 return mid; 814 } 815 816 int 817 smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 818 { 819 struct crypto_aead *tfm; 820 821 if (!server->secmech.enc) { 822 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 823 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 824 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 825 else 826 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 827 if (IS_ERR(tfm)) { 828 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n", 829 __func__); 830 return PTR_ERR(tfm); 831 } 832 server->secmech.enc = tfm; 833 } 834 835 if (!server->secmech.dec) { 836 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 837 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 838 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 839 else 840 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 841 if (IS_ERR(tfm)) { 842 crypto_free_aead(server->secmech.enc); 843 server->secmech.enc = NULL; 844 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n", 845 __func__); 846 return PTR_ERR(tfm); 847 } 848 server->secmech.dec = tfm; 849 } 850 851 return 0; 852 } 853