1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002, 2011 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Jeremy Allison (jra@samba.org) 2006 8 * Pavel Shilovsky (pshilovsky@samba.org) 2012 9 * 10 */ 11 12 #include <linux/fs.h> 13 #include <linux/list.h> 14 #include <linux/wait.h> 15 #include <linux/net.h> 16 #include <linux/delay.h> 17 #include <linux/uaccess.h> 18 #include <asm/processor.h> 19 #include <linux/mempool.h> 20 #include <linux/highmem.h> 21 #include <crypto/aead.h> 22 #include "cifsglob.h" 23 #include "cifsproto.h" 24 #include "smb2proto.h" 25 #include "cifs_debug.h" 26 #include "../common/smb2status.h" 27 #include "smb2glob.h" 28 29 int smb3_crypto_shash_allocate(struct TCP_Server_Info *server) 30 { 31 struct cifs_secmech *p = &server->secmech; 32 int rc; 33 34 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); 35 if (rc) 36 goto err; 37 38 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); 39 if (rc) 40 goto err; 41 42 return 0; 43 err: 44 cifs_free_hash(&p->hmacsha256); 45 return rc; 46 } 47 48 static 49 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) 50 { 51 struct cifs_chan *chan; 52 struct TCP_Server_Info *pserver; 53 struct cifs_ses *ses = NULL; 54 int i; 55 int rc = 0; 56 bool is_binding = false; 57 58 spin_lock(&cifs_tcp_ses_lock); 59 60 /* If server is a channel, select the primary channel */ 61 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 62 63 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 64 if (ses->Suid == ses_id) 65 goto found; 66 } 67 trace_smb3_ses_not_found(ses_id); 68 cifs_server_dbg(FYI, "%s: Could not find session 0x%llx\n", 69 __func__, ses_id); 70 rc = -ENOENT; 71 goto out; 72 73 found: 74 spin_lock(&ses->ses_lock); 75 spin_lock(&ses->chan_lock); 76 77 is_binding = (cifs_chan_needs_reconnect(ses, server) && 78 ses->ses_status == SES_GOOD); 79 if (is_binding) { 80 /* 81 * If we are in the process of binding a new channel 82 * to an existing session, use the master connection 83 * session key 84 */ 85 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); 86 spin_unlock(&ses->chan_lock); 87 spin_unlock(&ses->ses_lock); 88 goto out; 89 } 90 91 /* 92 * Otherwise, use the channel key. 93 */ 94 95 for (i = 0; i < ses->chan_count; i++) { 96 chan = ses->chans + i; 97 if (chan->server == server) { 98 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); 99 spin_unlock(&ses->chan_lock); 100 spin_unlock(&ses->ses_lock); 101 goto out; 102 } 103 } 104 spin_unlock(&ses->chan_lock); 105 spin_unlock(&ses->ses_lock); 106 107 cifs_dbg(VFS, 108 "%s: Could not find channel signing key for session 0x%llx\n", 109 __func__, ses_id); 110 rc = -ENOENT; 111 112 out: 113 spin_unlock(&cifs_tcp_ses_lock); 114 return rc; 115 } 116 117 static struct cifs_ses * 118 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id) 119 { 120 struct TCP_Server_Info *pserver; 121 struct cifs_ses *ses; 122 123 /* If server is a channel, select the primary channel */ 124 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 125 126 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 127 if (ses->Suid != ses_id) 128 continue; 129 130 spin_lock(&ses->ses_lock); 131 if (ses->ses_status == SES_EXITING) { 132 spin_unlock(&ses->ses_lock); 133 continue; 134 } 135 cifs_smb_ses_inc_refcount(ses); 136 spin_unlock(&ses->ses_lock); 137 return ses; 138 } 139 140 return NULL; 141 } 142 143 struct cifs_ses * 144 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id) 145 { 146 struct cifs_ses *ses; 147 148 spin_lock(&cifs_tcp_ses_lock); 149 ses = smb2_find_smb_ses_unlocked(server, ses_id); 150 spin_unlock(&cifs_tcp_ses_lock); 151 152 return ses; 153 } 154 155 static struct cifs_tcon * 156 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid) 157 { 158 struct cifs_tcon *tcon; 159 160 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 161 if (tcon->tid != tid) 162 continue; 163 ++tcon->tc_count; 164 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, 165 netfs_trace_tcon_ref_get_find_sess_tcon); 166 return tcon; 167 } 168 169 return NULL; 170 } 171 172 /* 173 * Obtain tcon corresponding to the tid in the given 174 * cifs_ses 175 */ 176 177 struct cifs_tcon * 178 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) 179 { 180 struct cifs_ses *ses; 181 struct cifs_tcon *tcon; 182 183 spin_lock(&cifs_tcp_ses_lock); 184 ses = smb2_find_smb_ses_unlocked(server, ses_id); 185 if (!ses) { 186 spin_unlock(&cifs_tcp_ses_lock); 187 return NULL; 188 } 189 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); 190 if (!tcon) { 191 spin_unlock(&cifs_tcp_ses_lock); 192 cifs_put_smb_ses(ses); 193 return NULL; 194 } 195 spin_unlock(&cifs_tcp_ses_lock); 196 /* tcon already has a ref to ses, so we don't need ses anymore */ 197 cifs_put_smb_ses(ses); 198 199 return tcon; 200 } 201 202 int 203 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 204 bool allocate_crypto) 205 { 206 int rc; 207 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE]; 208 unsigned char *sigptr = smb2_signature; 209 struct kvec *iov = rqst->rq_iov; 210 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 211 struct cifs_ses *ses; 212 struct shash_desc *shash = NULL; 213 struct smb_rqst drqst; 214 215 ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId)); 216 if (unlikely(!ses)) { 217 cifs_server_dbg(FYI, "%s: Could not find session\n", __func__); 218 return -ENOENT; 219 } 220 221 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE); 222 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 223 224 if (allocate_crypto) { 225 rc = cifs_alloc_hash("hmac(sha256)", &shash); 226 if (rc) { 227 cifs_server_dbg(VFS, 228 "%s: sha256 alloc failed\n", __func__); 229 goto out; 230 } 231 } else { 232 shash = server->secmech.hmacsha256; 233 } 234 235 rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response, 236 SMB2_NTLMV2_SESSKEY_SIZE); 237 if (rc) { 238 cifs_server_dbg(VFS, 239 "%s: Could not update with response\n", 240 __func__); 241 goto out; 242 } 243 244 rc = crypto_shash_init(shash); 245 if (rc) { 246 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__); 247 goto out; 248 } 249 250 /* 251 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 252 * data, that is, iov[0] should not contain a rfc1002 length. 253 * 254 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 255 * __cifs_calc_signature(). 256 */ 257 drqst = *rqst; 258 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 259 rc = crypto_shash_update(shash, iov[0].iov_base, 260 iov[0].iov_len); 261 if (rc) { 262 cifs_server_dbg(VFS, 263 "%s: Could not update with payload\n", 264 __func__); 265 goto out; 266 } 267 drqst.rq_iov++; 268 drqst.rq_nvec--; 269 } 270 271 rc = __cifs_calc_signature(&drqst, server, sigptr, shash); 272 if (!rc) 273 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); 274 275 out: 276 if (allocate_crypto) 277 cifs_free_hash(&shash); 278 if (ses) 279 cifs_put_smb_ses(ses); 280 return rc; 281 } 282 283 static int generate_key(struct cifs_ses *ses, struct kvec label, 284 struct kvec context, __u8 *key, unsigned int key_size) 285 { 286 unsigned char zero = 0x0; 287 __u8 i[4] = {0, 0, 0, 1}; 288 __u8 L128[4] = {0, 0, 0, 128}; 289 __u8 L256[4] = {0, 0, 1, 0}; 290 int rc = 0; 291 unsigned char prfhash[SMB2_HMACSHA256_SIZE]; 292 unsigned char *hashptr = prfhash; 293 struct TCP_Server_Info *server = ses->server; 294 295 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); 296 memset(key, 0x0, key_size); 297 298 rc = smb3_crypto_shash_allocate(server); 299 if (rc) { 300 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); 301 goto smb3signkey_ret; 302 } 303 304 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm, 305 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); 306 if (rc) { 307 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__); 308 goto smb3signkey_ret; 309 } 310 311 rc = crypto_shash_init(server->secmech.hmacsha256); 312 if (rc) { 313 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__); 314 goto smb3signkey_ret; 315 } 316 317 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4); 318 if (rc) { 319 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__); 320 goto smb3signkey_ret; 321 } 322 323 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len); 324 if (rc) { 325 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__); 326 goto smb3signkey_ret; 327 } 328 329 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1); 330 if (rc) { 331 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__); 332 goto smb3signkey_ret; 333 } 334 335 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len); 336 if (rc) { 337 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__); 338 goto smb3signkey_ret; 339 } 340 341 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 342 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 343 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4); 344 } else { 345 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4); 346 } 347 if (rc) { 348 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__); 349 goto smb3signkey_ret; 350 } 351 352 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr); 353 if (rc) { 354 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__); 355 goto smb3signkey_ret; 356 } 357 358 memcpy(key, hashptr, key_size); 359 360 smb3signkey_ret: 361 return rc; 362 } 363 364 struct derivation { 365 struct kvec label; 366 struct kvec context; 367 }; 368 369 struct derivation_triplet { 370 struct derivation signing; 371 struct derivation encryption; 372 struct derivation decryption; 373 }; 374 375 static int 376 generate_smb3signingkey(struct cifs_ses *ses, 377 struct TCP_Server_Info *server, 378 const struct derivation_triplet *ptriplet) 379 { 380 int rc; 381 bool is_binding = false; 382 int chan_index = 0; 383 384 spin_lock(&ses->ses_lock); 385 spin_lock(&ses->chan_lock); 386 is_binding = (cifs_chan_needs_reconnect(ses, server) && 387 ses->ses_status == SES_GOOD); 388 389 chan_index = cifs_ses_get_chan_index(ses, server); 390 if (chan_index == CIFS_INVAL_CHAN_INDEX) { 391 spin_unlock(&ses->chan_lock); 392 spin_unlock(&ses->ses_lock); 393 394 return -EINVAL; 395 } 396 397 spin_unlock(&ses->chan_lock); 398 spin_unlock(&ses->ses_lock); 399 400 /* 401 * All channels use the same encryption/decryption keys but 402 * they have their own signing key. 403 * 404 * When we generate the keys, check if it is for a new channel 405 * (binding) in which case we only need to generate a signing 406 * key and store it in the channel as to not overwrite the 407 * master connection signing key stored in the session 408 */ 409 410 if (is_binding) { 411 rc = generate_key(ses, ptriplet->signing.label, 412 ptriplet->signing.context, 413 ses->chans[chan_index].signkey, 414 SMB3_SIGN_KEY_SIZE); 415 if (rc) 416 return rc; 417 } else { 418 rc = generate_key(ses, ptriplet->signing.label, 419 ptriplet->signing.context, 420 ses->smb3signingkey, 421 SMB3_SIGN_KEY_SIZE); 422 if (rc) 423 return rc; 424 425 /* safe to access primary channel, since it will never go away */ 426 spin_lock(&ses->chan_lock); 427 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, 428 SMB3_SIGN_KEY_SIZE); 429 spin_unlock(&ses->chan_lock); 430 431 rc = generate_key(ses, ptriplet->encryption.label, 432 ptriplet->encryption.context, 433 ses->smb3encryptionkey, 434 SMB3_ENC_DEC_KEY_SIZE); 435 if (rc) 436 return rc; 437 rc = generate_key(ses, ptriplet->decryption.label, 438 ptriplet->decryption.context, 439 ses->smb3decryptionkey, 440 SMB3_ENC_DEC_KEY_SIZE); 441 if (rc) 442 return rc; 443 } 444 445 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 446 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__); 447 /* 448 * The session id is opaque in terms of endianness, so we can't 449 * print it as a long long. we dump it as we got it on the wire 450 */ 451 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 452 &ses->Suid); 453 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); 454 cifs_dbg(VFS, "Session Key %*ph\n", 455 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 456 cifs_dbg(VFS, "Signing Key %*ph\n", 457 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); 458 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 459 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 460 cifs_dbg(VFS, "ServerIn Key %*ph\n", 461 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); 462 cifs_dbg(VFS, "ServerOut Key %*ph\n", 463 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); 464 } else { 465 cifs_dbg(VFS, "ServerIn Key %*ph\n", 466 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); 467 cifs_dbg(VFS, "ServerOut Key %*ph\n", 468 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); 469 } 470 #endif 471 return rc; 472 } 473 474 int 475 generate_smb30signingkey(struct cifs_ses *ses, 476 struct TCP_Server_Info *server) 477 478 { 479 struct derivation_triplet triplet; 480 struct derivation *d; 481 482 d = &triplet.signing; 483 d->label.iov_base = "SMB2AESCMAC"; 484 d->label.iov_len = 12; 485 d->context.iov_base = "SmbSign"; 486 d->context.iov_len = 8; 487 488 d = &triplet.encryption; 489 d->label.iov_base = "SMB2AESCCM"; 490 d->label.iov_len = 11; 491 d->context.iov_base = "ServerIn "; 492 d->context.iov_len = 10; 493 494 d = &triplet.decryption; 495 d->label.iov_base = "SMB2AESCCM"; 496 d->label.iov_len = 11; 497 d->context.iov_base = "ServerOut"; 498 d->context.iov_len = 10; 499 500 return generate_smb3signingkey(ses, server, &triplet); 501 } 502 503 int 504 generate_smb311signingkey(struct cifs_ses *ses, 505 struct TCP_Server_Info *server) 506 507 { 508 struct derivation_triplet triplet; 509 struct derivation *d; 510 511 d = &triplet.signing; 512 d->label.iov_base = "SMBSigningKey"; 513 d->label.iov_len = 14; 514 d->context.iov_base = ses->preauth_sha_hash; 515 d->context.iov_len = 64; 516 517 d = &triplet.encryption; 518 d->label.iov_base = "SMBC2SCipherKey"; 519 d->label.iov_len = 16; 520 d->context.iov_base = ses->preauth_sha_hash; 521 d->context.iov_len = 64; 522 523 d = &triplet.decryption; 524 d->label.iov_base = "SMBS2CCipherKey"; 525 d->label.iov_len = 16; 526 d->context.iov_base = ses->preauth_sha_hash; 527 d->context.iov_len = 64; 528 529 return generate_smb3signingkey(ses, server, &triplet); 530 } 531 532 int 533 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 534 bool allocate_crypto) 535 { 536 int rc; 537 unsigned char smb3_signature[SMB2_CMACAES_SIZE]; 538 unsigned char *sigptr = smb3_signature; 539 struct kvec *iov = rqst->rq_iov; 540 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 541 struct shash_desc *shash = NULL; 542 struct smb_rqst drqst; 543 u8 key[SMB3_SIGN_KEY_SIZE]; 544 545 rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); 546 if (unlikely(rc)) { 547 cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__); 548 return rc; 549 } 550 551 if (allocate_crypto) { 552 rc = cifs_alloc_hash("cmac(aes)", &shash); 553 if (rc) 554 return rc; 555 } else { 556 shash = server->secmech.aes_cmac; 557 } 558 559 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE); 560 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 561 562 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); 563 if (rc) { 564 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__); 565 goto out; 566 } 567 568 /* 569 * we already allocate aes_cmac when we init smb3 signing key, 570 * so unlike smb2 case we do not have to check here if secmech are 571 * initialized 572 */ 573 rc = crypto_shash_init(shash); 574 if (rc) { 575 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__); 576 goto out; 577 } 578 579 /* 580 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 581 * data, that is, iov[0] should not contain a rfc1002 length. 582 * 583 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 584 * __cifs_calc_signature(). 585 */ 586 drqst = *rqst; 587 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 588 rc = crypto_shash_update(shash, iov[0].iov_base, 589 iov[0].iov_len); 590 if (rc) { 591 cifs_server_dbg(VFS, "%s: Could not update with payload\n", 592 __func__); 593 goto out; 594 } 595 drqst.rq_iov++; 596 drqst.rq_nvec--; 597 } 598 599 rc = __cifs_calc_signature(&drqst, server, sigptr, shash); 600 if (!rc) 601 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); 602 603 out: 604 if (allocate_crypto) 605 cifs_free_hash(&shash); 606 return rc; 607 } 608 609 /* must be called with server->srv_mutex held */ 610 static int 611 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server) 612 { 613 int rc = 0; 614 struct smb2_hdr *shdr; 615 struct smb2_sess_setup_req *ssr; 616 bool is_binding; 617 bool is_signed; 618 619 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 620 ssr = (struct smb2_sess_setup_req *)shdr; 621 622 is_binding = shdr->Command == SMB2_SESSION_SETUP && 623 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); 624 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; 625 626 if (!is_signed) 627 return 0; 628 spin_lock(&server->srv_lock); 629 if (server->ops->need_neg && 630 server->ops->need_neg(server)) { 631 spin_unlock(&server->srv_lock); 632 return 0; 633 } 634 spin_unlock(&server->srv_lock); 635 if (!is_binding && !server->session_estab) { 636 strscpy(shdr->Signature, "BSRSPYL"); 637 return 0; 638 } 639 640 rc = server->ops->calc_signature(rqst, server, false); 641 642 return rc; 643 } 644 645 int 646 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) 647 { 648 unsigned int rc; 649 char server_response_sig[SMB2_SIGNATURE_SIZE]; 650 struct smb2_hdr *shdr = 651 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 652 653 if ((shdr->Command == SMB2_NEGOTIATE) || 654 (shdr->Command == SMB2_SESSION_SETUP) || 655 (shdr->Command == SMB2_OPLOCK_BREAK) || 656 server->ignore_signature || 657 (!server->session_estab)) 658 return 0; 659 660 /* 661 * BB what if signatures are supposed to be on for session but 662 * server does not send one? BB 663 */ 664 665 /* Do not need to verify session setups with signature "BSRSPYL " */ 666 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) 667 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", 668 shdr->Command); 669 670 /* 671 * Save off the origiginal signature so we can modify the smb and check 672 * our calculated signature against what the server sent. 673 */ 674 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); 675 676 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); 677 678 rc = server->ops->calc_signature(rqst, server, true); 679 680 if (rc) 681 return rc; 682 683 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { 684 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n", 685 shdr->Command, shdr->MessageId); 686 return -EACCES; 687 } else 688 return 0; 689 } 690 691 /* 692 * Set message id for the request. Should be called after wait_for_free_request 693 * and when srv_mutex is held. 694 */ 695 static inline void 696 smb2_seq_num_into_buf(struct TCP_Server_Info *server, 697 struct smb2_hdr *shdr) 698 { 699 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); 700 701 shdr->MessageId = get_next_mid64(server); 702 /* skip message numbers according to CreditCharge field */ 703 for (i = 1; i < num; i++) 704 get_next_mid(server); 705 } 706 707 static struct mid_q_entry * 708 smb2_mid_entry_alloc(const struct smb2_hdr *shdr, 709 struct TCP_Server_Info *server) 710 { 711 struct mid_q_entry *temp; 712 unsigned int credits = le16_to_cpu(shdr->CreditCharge); 713 714 if (server == NULL) { 715 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n"); 716 return NULL; 717 } 718 719 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 720 memset(temp, 0, sizeof(struct mid_q_entry)); 721 kref_init(&temp->refcount); 722 temp->mid = le64_to_cpu(shdr->MessageId); 723 temp->credits = credits > 0 ? credits : 1; 724 temp->pid = current->pid; 725 temp->command = shdr->Command; /* Always LE */ 726 temp->when_alloc = jiffies; 727 temp->server = server; 728 729 /* 730 * The default is for the mid to be synchronous, so the 731 * default callback just wakes up the current task. 732 */ 733 get_task_struct(current); 734 temp->creator = current; 735 temp->callback = cifs_wake_up_task; 736 temp->callback_data = current; 737 738 atomic_inc(&mid_count); 739 temp->mid_state = MID_REQUEST_ALLOCATED; 740 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), 741 le64_to_cpu(shdr->SessionId), 742 le16_to_cpu(shdr->Command), temp->mid); 743 return temp; 744 } 745 746 static int 747 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server, 748 struct smb2_hdr *shdr, struct mid_q_entry **mid) 749 { 750 spin_lock(&server->srv_lock); 751 if (server->tcpStatus == CifsExiting) { 752 spin_unlock(&server->srv_lock); 753 return -ENOENT; 754 } 755 756 if (server->tcpStatus == CifsNeedReconnect) { 757 spin_unlock(&server->srv_lock); 758 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 759 return -EAGAIN; 760 } 761 762 if (server->tcpStatus == CifsNeedNegotiate && 763 shdr->Command != SMB2_NEGOTIATE) { 764 spin_unlock(&server->srv_lock); 765 return -EAGAIN; 766 } 767 spin_unlock(&server->srv_lock); 768 769 spin_lock(&ses->ses_lock); 770 if (ses->ses_status == SES_NEW) { 771 if ((shdr->Command != SMB2_SESSION_SETUP) && 772 (shdr->Command != SMB2_NEGOTIATE)) { 773 spin_unlock(&ses->ses_lock); 774 return -EAGAIN; 775 } 776 /* else ok - we are setting up session */ 777 } 778 779 if (ses->ses_status == SES_EXITING) { 780 if (shdr->Command != SMB2_LOGOFF) { 781 spin_unlock(&ses->ses_lock); 782 return -EAGAIN; 783 } 784 /* else ok - we are shutting down the session */ 785 } 786 spin_unlock(&ses->ses_lock); 787 788 *mid = smb2_mid_entry_alloc(shdr, server); 789 if (*mid == NULL) 790 return -ENOMEM; 791 spin_lock(&server->mid_lock); 792 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); 793 spin_unlock(&server->mid_lock); 794 795 return 0; 796 } 797 798 int 799 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 800 bool log_error) 801 { 802 unsigned int len = mid->resp_buf_size; 803 struct kvec iov[1]; 804 struct smb_rqst rqst = { .rq_iov = iov, 805 .rq_nvec = 1 }; 806 807 iov[0].iov_base = (char *)mid->resp_buf; 808 iov[0].iov_len = len; 809 810 dump_smb(mid->resp_buf, min_t(u32, 80, len)); 811 /* convert the length into a more usable form */ 812 if (len > 24 && server->sign && !mid->decrypted) { 813 int rc; 814 815 rc = smb2_verify_signature(&rqst, server); 816 if (rc) 817 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 818 rc); 819 } 820 821 return map_smb2_to_linux_error(mid->resp_buf, log_error); 822 } 823 824 struct mid_q_entry * 825 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server, 826 struct smb_rqst *rqst) 827 { 828 int rc; 829 struct smb2_hdr *shdr = 830 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 831 struct mid_q_entry *mid; 832 833 smb2_seq_num_into_buf(server, shdr); 834 835 rc = smb2_get_mid_entry(ses, server, shdr, &mid); 836 if (rc) { 837 revert_current_mid_from_hdr(server, shdr); 838 return ERR_PTR(rc); 839 } 840 841 rc = smb2_sign_rqst(rqst, server); 842 if (rc) { 843 revert_current_mid_from_hdr(server, shdr); 844 delete_mid(mid); 845 return ERR_PTR(rc); 846 } 847 848 return mid; 849 } 850 851 struct mid_q_entry * 852 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 853 { 854 int rc; 855 struct smb2_hdr *shdr = 856 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 857 struct mid_q_entry *mid; 858 859 spin_lock(&server->srv_lock); 860 if (server->tcpStatus == CifsNeedNegotiate && 861 shdr->Command != SMB2_NEGOTIATE) { 862 spin_unlock(&server->srv_lock); 863 return ERR_PTR(-EAGAIN); 864 } 865 spin_unlock(&server->srv_lock); 866 867 smb2_seq_num_into_buf(server, shdr); 868 869 mid = smb2_mid_entry_alloc(shdr, server); 870 if (mid == NULL) { 871 revert_current_mid_from_hdr(server, shdr); 872 return ERR_PTR(-ENOMEM); 873 } 874 875 rc = smb2_sign_rqst(rqst, server); 876 if (rc) { 877 revert_current_mid_from_hdr(server, shdr); 878 release_mid(mid); 879 return ERR_PTR(rc); 880 } 881 882 return mid; 883 } 884 885 int 886 smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 887 { 888 struct crypto_aead *tfm; 889 890 if (!server->secmech.enc) { 891 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 892 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 893 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 894 else 895 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 896 if (IS_ERR(tfm)) { 897 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n", 898 __func__); 899 return PTR_ERR(tfm); 900 } 901 server->secmech.enc = tfm; 902 } 903 904 if (!server->secmech.dec) { 905 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 906 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 907 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 908 else 909 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 910 if (IS_ERR(tfm)) { 911 crypto_free_aead(server->secmech.enc); 912 server->secmech.enc = NULL; 913 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n", 914 __func__); 915 return PTR_ERR(tfm); 916 } 917 server->secmech.dec = tfm; 918 } 919 920 return 0; 921 } 922