1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002, 2011 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Jeremy Allison (jra@samba.org) 2006 8 * Pavel Shilovsky (pshilovsky@samba.org) 2012 9 * 10 */ 11 12 #include <linux/fs.h> 13 #include <linux/list.h> 14 #include <linux/wait.h> 15 #include <linux/net.h> 16 #include <linux/delay.h> 17 #include <linux/uaccess.h> 18 #include <asm/processor.h> 19 #include <linux/mempool.h> 20 #include <linux/highmem.h> 21 #include <crypto/aead.h> 22 #include <crypto/sha2.h> 23 #include "cifsglob.h" 24 #include "cifsproto.h" 25 #include "smb2proto.h" 26 #include "cifs_debug.h" 27 #include "../common/smb2status.h" 28 #include "smb2glob.h" 29 30 int 31 smb3_crypto_shash_allocate(struct TCP_Server_Info *server) 32 { 33 struct cifs_secmech *p = &server->secmech; 34 35 return cifs_alloc_hash("cmac(aes)", &p->aes_cmac); 36 } 37 38 static 39 int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) 40 { 41 struct cifs_chan *chan; 42 struct TCP_Server_Info *pserver; 43 struct cifs_ses *ses = NULL; 44 int i; 45 int rc = 0; 46 bool is_binding = false; 47 48 spin_lock(&cifs_tcp_ses_lock); 49 50 /* If server is a channel, select the primary channel */ 51 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 52 53 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 54 if (ses->Suid == ses_id) 55 goto found; 56 } 57 trace_smb3_ses_not_found(ses_id); 58 cifs_server_dbg(FYI, "%s: Could not find session 0x%llx\n", 59 __func__, ses_id); 60 rc = -ENOENT; 61 goto out; 62 63 found: 64 spin_lock(&ses->ses_lock); 65 spin_lock(&ses->chan_lock); 66 67 is_binding = (cifs_chan_needs_reconnect(ses, server) && 68 ses->ses_status == SES_GOOD); 69 if (is_binding) { 70 /* 71 * If we are in the process of binding a new channel 72 * to an existing session, use the master connection 73 * session key 74 */ 75 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); 76 spin_unlock(&ses->chan_lock); 77 spin_unlock(&ses->ses_lock); 78 goto out; 79 } 80 81 /* 82 * Otherwise, use the channel key. 83 */ 84 85 for (i = 0; i < ses->chan_count; i++) { 86 chan = ses->chans + i; 87 if (chan->server == server) { 88 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); 89 spin_unlock(&ses->chan_lock); 90 spin_unlock(&ses->ses_lock); 91 goto out; 92 } 93 } 94 spin_unlock(&ses->chan_lock); 95 spin_unlock(&ses->ses_lock); 96 97 cifs_dbg(VFS, 98 "%s: Could not find channel signing key for session 0x%llx\n", 99 __func__, ses_id); 100 rc = -ENOENT; 101 102 out: 103 spin_unlock(&cifs_tcp_ses_lock); 104 return rc; 105 } 106 107 static struct cifs_ses * 108 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id) 109 { 110 struct TCP_Server_Info *pserver; 111 struct cifs_ses *ses; 112 113 /* If server is a channel, select the primary channel */ 114 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 115 116 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 117 if (ses->Suid != ses_id) 118 continue; 119 120 spin_lock(&ses->ses_lock); 121 if (ses->ses_status == SES_EXITING) { 122 spin_unlock(&ses->ses_lock); 123 continue; 124 } 125 cifs_smb_ses_inc_refcount(ses); 126 spin_unlock(&ses->ses_lock); 127 return ses; 128 } 129 130 return NULL; 131 } 132 133 static int smb2_get_sign_key(struct TCP_Server_Info *server, 134 __u64 ses_id, u8 *key) 135 { 136 struct cifs_ses *ses; 137 int rc = -ENOENT; 138 139 if (SERVER_IS_CHAN(server)) 140 server = server->primary_server; 141 142 spin_lock(&cifs_tcp_ses_lock); 143 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 144 if (ses->Suid != ses_id) 145 continue; 146 147 rc = 0; 148 spin_lock(&ses->ses_lock); 149 switch (ses->ses_status) { 150 case SES_EXITING: /* SMB2_LOGOFF */ 151 case SES_GOOD: 152 if (likely(ses->auth_key.response)) { 153 memcpy(key, ses->auth_key.response, 154 SMB2_NTLMV2_SESSKEY_SIZE); 155 } else { 156 rc = -EIO; 157 } 158 break; 159 default: 160 rc = -EAGAIN; 161 break; 162 } 163 spin_unlock(&ses->ses_lock); 164 break; 165 } 166 spin_unlock(&cifs_tcp_ses_lock); 167 return rc; 168 } 169 170 static struct cifs_tcon * 171 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid) 172 { 173 struct cifs_tcon *tcon; 174 175 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 176 if (tcon->tid != tid) 177 continue; 178 ++tcon->tc_count; 179 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, 180 netfs_trace_tcon_ref_get_find_sess_tcon); 181 return tcon; 182 } 183 184 return NULL; 185 } 186 187 /* 188 * Obtain tcon corresponding to the tid in the given 189 * cifs_ses 190 */ 191 192 struct cifs_tcon * 193 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) 194 { 195 struct cifs_ses *ses; 196 struct cifs_tcon *tcon; 197 198 spin_lock(&cifs_tcp_ses_lock); 199 ses = smb2_find_smb_ses_unlocked(server, ses_id); 200 if (!ses) { 201 spin_unlock(&cifs_tcp_ses_lock); 202 return NULL; 203 } 204 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); 205 spin_unlock(&cifs_tcp_ses_lock); 206 /* tcon already has a ref to ses, so we don't need ses anymore */ 207 cifs_put_smb_ses(ses); 208 209 return tcon; 210 } 211 212 int 213 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 214 bool allocate_crypto) 215 { 216 int rc; 217 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE]; 218 struct kvec *iov = rqst->rq_iov; 219 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 220 struct hmac_sha256_ctx hmac_ctx; 221 struct smb_rqst drqst; 222 __u64 sid = le64_to_cpu(shdr->SessionId); 223 u8 key[SMB2_NTLMV2_SESSKEY_SIZE]; 224 225 rc = smb2_get_sign_key(server, sid, key); 226 if (unlikely(rc)) { 227 cifs_server_dbg(FYI, "%s: [sesid=0x%llx] couldn't find signing key: %d\n", 228 __func__, sid, rc); 229 return rc; 230 } 231 232 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE); 233 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 234 235 hmac_sha256_init_usingrawkey(&hmac_ctx, key, sizeof(key)); 236 237 /* 238 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 239 * data, that is, iov[0] should not contain a rfc1002 length. 240 * 241 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 242 * __cifs_calc_signature(). 243 */ 244 drqst = *rqst; 245 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 246 hmac_sha256_update(&hmac_ctx, iov[0].iov_base, iov[0].iov_len); 247 drqst.rq_iov++; 248 drqst.rq_nvec--; 249 } 250 251 rc = __cifs_calc_signature( 252 &drqst, server, smb2_signature, 253 &(struct cifs_calc_sig_ctx){ .hmac = &hmac_ctx }); 254 if (!rc) 255 memcpy(shdr->Signature, smb2_signature, SMB2_SIGNATURE_SIZE); 256 257 return rc; 258 } 259 260 static int generate_key(struct cifs_ses *ses, struct kvec label, 261 struct kvec context, __u8 *key, unsigned int key_size) 262 { 263 unsigned char zero = 0x0; 264 __u8 i[4] = {0, 0, 0, 1}; 265 __u8 L128[4] = {0, 0, 0, 128}; 266 __u8 L256[4] = {0, 0, 1, 0}; 267 int rc = 0; 268 unsigned char prfhash[SMB2_HMACSHA256_SIZE]; 269 struct TCP_Server_Info *server = ses->server; 270 struct hmac_sha256_ctx hmac_ctx; 271 272 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); 273 memset(key, 0x0, key_size); 274 275 rc = smb3_crypto_shash_allocate(server); 276 if (rc) { 277 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); 278 return rc; 279 } 280 281 hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response, 282 SMB2_NTLMV2_SESSKEY_SIZE); 283 hmac_sha256_update(&hmac_ctx, i, 4); 284 hmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len); 285 hmac_sha256_update(&hmac_ctx, &zero, 1); 286 hmac_sha256_update(&hmac_ctx, context.iov_base, context.iov_len); 287 288 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 289 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 290 hmac_sha256_update(&hmac_ctx, L256, 4); 291 } else { 292 hmac_sha256_update(&hmac_ctx, L128, 4); 293 } 294 hmac_sha256_final(&hmac_ctx, prfhash); 295 296 memcpy(key, prfhash, key_size); 297 return 0; 298 } 299 300 struct derivation { 301 struct kvec label; 302 struct kvec context; 303 }; 304 305 struct derivation_triplet { 306 struct derivation signing; 307 struct derivation encryption; 308 struct derivation decryption; 309 }; 310 311 static int 312 generate_smb3signingkey(struct cifs_ses *ses, 313 struct TCP_Server_Info *server, 314 const struct derivation_triplet *ptriplet) 315 { 316 int rc; 317 bool is_binding = false; 318 int chan_index = 0; 319 320 spin_lock(&ses->ses_lock); 321 spin_lock(&ses->chan_lock); 322 is_binding = (cifs_chan_needs_reconnect(ses, server) && 323 ses->ses_status == SES_GOOD); 324 325 chan_index = cifs_ses_get_chan_index(ses, server); 326 if (chan_index == CIFS_INVAL_CHAN_INDEX) { 327 spin_unlock(&ses->chan_lock); 328 spin_unlock(&ses->ses_lock); 329 330 return -EINVAL; 331 } 332 333 spin_unlock(&ses->chan_lock); 334 spin_unlock(&ses->ses_lock); 335 336 /* 337 * All channels use the same encryption/decryption keys but 338 * they have their own signing key. 339 * 340 * When we generate the keys, check if it is for a new channel 341 * (binding) in which case we only need to generate a signing 342 * key and store it in the channel as to not overwrite the 343 * master connection signing key stored in the session 344 */ 345 346 if (is_binding) { 347 rc = generate_key(ses, ptriplet->signing.label, 348 ptriplet->signing.context, 349 ses->chans[chan_index].signkey, 350 SMB3_SIGN_KEY_SIZE); 351 if (rc) 352 return rc; 353 } else { 354 rc = generate_key(ses, ptriplet->signing.label, 355 ptriplet->signing.context, 356 ses->smb3signingkey, 357 SMB3_SIGN_KEY_SIZE); 358 if (rc) 359 return rc; 360 361 /* safe to access primary channel, since it will never go away */ 362 spin_lock(&ses->chan_lock); 363 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, 364 SMB3_SIGN_KEY_SIZE); 365 spin_unlock(&ses->chan_lock); 366 367 rc = generate_key(ses, ptriplet->encryption.label, 368 ptriplet->encryption.context, 369 ses->smb3encryptionkey, 370 SMB3_ENC_DEC_KEY_SIZE); 371 if (rc) 372 return rc; 373 rc = generate_key(ses, ptriplet->decryption.label, 374 ptriplet->decryption.context, 375 ses->smb3decryptionkey, 376 SMB3_ENC_DEC_KEY_SIZE); 377 if (rc) 378 return rc; 379 } 380 381 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 382 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__); 383 /* 384 * The session id is opaque in terms of endianness, so we can't 385 * print it as a long long. we dump it as we got it on the wire 386 */ 387 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 388 &ses->Suid); 389 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); 390 cifs_dbg(VFS, "Session Key %*ph\n", 391 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 392 cifs_dbg(VFS, "Signing Key %*ph\n", 393 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); 394 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 395 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 396 cifs_dbg(VFS, "ServerIn Key %*ph\n", 397 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); 398 cifs_dbg(VFS, "ServerOut Key %*ph\n", 399 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); 400 } else { 401 cifs_dbg(VFS, "ServerIn Key %*ph\n", 402 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); 403 cifs_dbg(VFS, "ServerOut Key %*ph\n", 404 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); 405 } 406 #endif 407 return rc; 408 } 409 410 int 411 generate_smb30signingkey(struct cifs_ses *ses, 412 struct TCP_Server_Info *server) 413 414 { 415 struct derivation_triplet triplet; 416 struct derivation *d; 417 418 d = &triplet.signing; 419 d->label.iov_base = "SMB2AESCMAC"; 420 d->label.iov_len = 12; 421 d->context.iov_base = "SmbSign"; 422 d->context.iov_len = 8; 423 424 d = &triplet.encryption; 425 d->label.iov_base = "SMB2AESCCM"; 426 d->label.iov_len = 11; 427 d->context.iov_base = "ServerIn "; 428 d->context.iov_len = 10; 429 430 d = &triplet.decryption; 431 d->label.iov_base = "SMB2AESCCM"; 432 d->label.iov_len = 11; 433 d->context.iov_base = "ServerOut"; 434 d->context.iov_len = 10; 435 436 return generate_smb3signingkey(ses, server, &triplet); 437 } 438 439 int 440 generate_smb311signingkey(struct cifs_ses *ses, 441 struct TCP_Server_Info *server) 442 443 { 444 struct derivation_triplet triplet; 445 struct derivation *d; 446 447 d = &triplet.signing; 448 d->label.iov_base = "SMBSigningKey"; 449 d->label.iov_len = 14; 450 d->context.iov_base = ses->preauth_sha_hash; 451 d->context.iov_len = 64; 452 453 d = &triplet.encryption; 454 d->label.iov_base = "SMBC2SCipherKey"; 455 d->label.iov_len = 16; 456 d->context.iov_base = ses->preauth_sha_hash; 457 d->context.iov_len = 64; 458 459 d = &triplet.decryption; 460 d->label.iov_base = "SMBS2CCipherKey"; 461 d->label.iov_len = 16; 462 d->context.iov_base = ses->preauth_sha_hash; 463 d->context.iov_len = 64; 464 465 return generate_smb3signingkey(ses, server, &triplet); 466 } 467 468 int 469 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 470 bool allocate_crypto) 471 { 472 int rc; 473 unsigned char smb3_signature[SMB2_CMACAES_SIZE]; 474 struct kvec *iov = rqst->rq_iov; 475 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base; 476 struct shash_desc *shash = NULL; 477 struct smb_rqst drqst; 478 u8 key[SMB3_SIGN_KEY_SIZE]; 479 480 rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); 481 if (unlikely(rc)) { 482 cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__); 483 return rc; 484 } 485 486 if (allocate_crypto) { 487 rc = cifs_alloc_hash("cmac(aes)", &shash); 488 if (rc) 489 return rc; 490 } else { 491 shash = server->secmech.aes_cmac; 492 } 493 494 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE); 495 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 496 497 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); 498 if (rc) { 499 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__); 500 goto out; 501 } 502 503 /* 504 * we already allocate aes_cmac when we init smb3 signing key, 505 * so unlike smb2 case we do not have to check here if secmech are 506 * initialized 507 */ 508 rc = crypto_shash_init(shash); 509 if (rc) { 510 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__); 511 goto out; 512 } 513 514 /* 515 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 516 * data, that is, iov[0] should not contain a rfc1002 length. 517 * 518 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 519 * __cifs_calc_signature(). 520 */ 521 drqst = *rqst; 522 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 523 rc = crypto_shash_update(shash, iov[0].iov_base, 524 iov[0].iov_len); 525 if (rc) { 526 cifs_server_dbg(VFS, "%s: Could not update with payload\n", 527 __func__); 528 goto out; 529 } 530 drqst.rq_iov++; 531 drqst.rq_nvec--; 532 } 533 534 rc = __cifs_calc_signature( 535 &drqst, server, smb3_signature, 536 &(struct cifs_calc_sig_ctx){ .shash = shash }); 537 if (!rc) 538 memcpy(shdr->Signature, smb3_signature, SMB2_SIGNATURE_SIZE); 539 540 out: 541 if (allocate_crypto) 542 cifs_free_hash(&shash); 543 return rc; 544 } 545 546 /* must be called with server->srv_mutex held */ 547 static int 548 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server) 549 { 550 int rc = 0; 551 struct smb2_hdr *shdr; 552 struct smb2_sess_setup_req *ssr; 553 bool is_binding; 554 bool is_signed; 555 556 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 557 ssr = (struct smb2_sess_setup_req *)shdr; 558 559 is_binding = shdr->Command == SMB2_SESSION_SETUP && 560 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); 561 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; 562 563 if (!is_signed) 564 return 0; 565 spin_lock(&server->srv_lock); 566 if (server->ops->need_neg && 567 server->ops->need_neg(server)) { 568 spin_unlock(&server->srv_lock); 569 return 0; 570 } 571 spin_unlock(&server->srv_lock); 572 if (!is_binding && !server->session_estab) { 573 strscpy(shdr->Signature, "BSRSPYL"); 574 return 0; 575 } 576 577 rc = server->ops->calc_signature(rqst, server, false); 578 579 return rc; 580 } 581 582 int 583 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) 584 { 585 unsigned int rc; 586 char server_response_sig[SMB2_SIGNATURE_SIZE]; 587 struct smb2_hdr *shdr = 588 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 589 590 if ((shdr->Command == SMB2_NEGOTIATE) || 591 (shdr->Command == SMB2_SESSION_SETUP) || 592 (shdr->Command == SMB2_OPLOCK_BREAK) || 593 server->ignore_signature || 594 (!server->session_estab)) 595 return 0; 596 597 /* 598 * BB what if signatures are supposed to be on for session but 599 * server does not send one? BB 600 */ 601 602 /* Do not need to verify session setups with signature "BSRSPYL " */ 603 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) 604 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", 605 shdr->Command); 606 607 /* 608 * Save off the original signature so we can modify the smb and check 609 * our calculated signature against what the server sent. 610 */ 611 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); 612 613 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); 614 615 rc = server->ops->calc_signature(rqst, server, true); 616 617 if (rc) 618 return rc; 619 620 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { 621 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n", 622 shdr->Command, shdr->MessageId); 623 return -EACCES; 624 } else 625 return 0; 626 } 627 628 /* 629 * Set message id for the request. Should be called after wait_for_free_request 630 * and when srv_mutex is held. 631 */ 632 static inline void 633 smb2_seq_num_into_buf(struct TCP_Server_Info *server, 634 struct smb2_hdr *shdr) 635 { 636 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); 637 638 shdr->MessageId = get_next_mid64(server); 639 /* skip message numbers according to CreditCharge field */ 640 for (i = 1; i < num; i++) 641 get_next_mid(server); 642 } 643 644 static struct mid_q_entry * 645 smb2_mid_entry_alloc(const struct smb2_hdr *shdr, 646 struct TCP_Server_Info *server) 647 { 648 struct mid_q_entry *temp; 649 unsigned int credits = le16_to_cpu(shdr->CreditCharge); 650 651 if (server == NULL) { 652 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n"); 653 return NULL; 654 } 655 656 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 657 memset(temp, 0, sizeof(struct mid_q_entry)); 658 kref_init(&temp->refcount); 659 spin_lock_init(&temp->mid_lock); 660 temp->mid = le64_to_cpu(shdr->MessageId); 661 temp->credits = credits > 0 ? credits : 1; 662 temp->pid = current->pid; 663 temp->command = shdr->Command; /* Always LE */ 664 temp->when_alloc = jiffies; 665 temp->server = server; 666 667 /* 668 * The default is for the mid to be synchronous, so the 669 * default callback just wakes up the current task. 670 */ 671 get_task_struct(current); 672 temp->creator = current; 673 temp->callback = cifs_wake_up_task; 674 temp->callback_data = current; 675 676 atomic_inc(&mid_count); 677 temp->mid_state = MID_REQUEST_ALLOCATED; 678 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), 679 le64_to_cpu(shdr->SessionId), 680 le16_to_cpu(shdr->Command), temp->mid); 681 return temp; 682 } 683 684 static int 685 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server, 686 struct smb2_hdr *shdr, struct mid_q_entry **mid) 687 { 688 spin_lock(&server->srv_lock); 689 if (server->tcpStatus == CifsExiting) { 690 spin_unlock(&server->srv_lock); 691 return -ENOENT; 692 } 693 694 if (server->tcpStatus == CifsNeedReconnect) { 695 spin_unlock(&server->srv_lock); 696 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 697 return -EAGAIN; 698 } 699 700 if (server->tcpStatus == CifsNeedNegotiate && 701 shdr->Command != SMB2_NEGOTIATE) { 702 spin_unlock(&server->srv_lock); 703 return -EAGAIN; 704 } 705 spin_unlock(&server->srv_lock); 706 707 spin_lock(&ses->ses_lock); 708 if (ses->ses_status == SES_NEW) { 709 if ((shdr->Command != SMB2_SESSION_SETUP) && 710 (shdr->Command != SMB2_NEGOTIATE)) { 711 spin_unlock(&ses->ses_lock); 712 return -EAGAIN; 713 } 714 /* else ok - we are setting up session */ 715 } 716 717 if (ses->ses_status == SES_EXITING) { 718 if (shdr->Command != SMB2_LOGOFF) { 719 spin_unlock(&ses->ses_lock); 720 return -EAGAIN; 721 } 722 /* else ok - we are shutting down the session */ 723 } 724 spin_unlock(&ses->ses_lock); 725 726 *mid = smb2_mid_entry_alloc(shdr, server); 727 if (*mid == NULL) 728 return -ENOMEM; 729 spin_lock(&server->mid_queue_lock); 730 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); 731 spin_unlock(&server->mid_queue_lock); 732 733 return 0; 734 } 735 736 int 737 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 738 bool log_error) 739 { 740 unsigned int len = mid->resp_buf_size; 741 struct kvec iov[1]; 742 struct smb_rqst rqst = { .rq_iov = iov, 743 .rq_nvec = 1 }; 744 745 iov[0].iov_base = (char *)mid->resp_buf; 746 iov[0].iov_len = len; 747 748 dump_smb(mid->resp_buf, min_t(u32, 80, len)); 749 /* convert the length into a more usable form */ 750 if (len > 24 && server->sign && !mid->decrypted) { 751 int rc; 752 753 rc = smb2_verify_signature(&rqst, server); 754 if (rc) 755 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 756 rc); 757 } 758 759 return map_smb2_to_linux_error(mid->resp_buf, log_error); 760 } 761 762 struct mid_q_entry * 763 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server, 764 struct smb_rqst *rqst) 765 { 766 int rc; 767 struct smb2_hdr *shdr = 768 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 769 struct mid_q_entry *mid; 770 771 smb2_seq_num_into_buf(server, shdr); 772 773 rc = smb2_get_mid_entry(ses, server, shdr, &mid); 774 if (rc) { 775 revert_current_mid_from_hdr(server, shdr); 776 return ERR_PTR(rc); 777 } 778 779 rc = smb2_sign_rqst(rqst, server); 780 if (rc) { 781 revert_current_mid_from_hdr(server, shdr); 782 delete_mid(mid); 783 return ERR_PTR(rc); 784 } 785 786 return mid; 787 } 788 789 struct mid_q_entry * 790 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 791 { 792 int rc; 793 struct smb2_hdr *shdr = 794 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; 795 struct mid_q_entry *mid; 796 797 spin_lock(&server->srv_lock); 798 if (server->tcpStatus == CifsNeedNegotiate && 799 shdr->Command != SMB2_NEGOTIATE) { 800 spin_unlock(&server->srv_lock); 801 return ERR_PTR(-EAGAIN); 802 } 803 spin_unlock(&server->srv_lock); 804 805 smb2_seq_num_into_buf(server, shdr); 806 807 mid = smb2_mid_entry_alloc(shdr, server); 808 if (mid == NULL) { 809 revert_current_mid_from_hdr(server, shdr); 810 return ERR_PTR(-ENOMEM); 811 } 812 813 rc = smb2_sign_rqst(rqst, server); 814 if (rc) { 815 revert_current_mid_from_hdr(server, shdr); 816 release_mid(mid); 817 return ERR_PTR(rc); 818 } 819 820 return mid; 821 } 822 823 int 824 smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 825 { 826 struct crypto_aead *tfm; 827 828 if (!server->secmech.enc) { 829 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 830 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 831 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 832 else 833 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 834 if (IS_ERR(tfm)) { 835 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n", 836 __func__); 837 return PTR_ERR(tfm); 838 } 839 server->secmech.enc = tfm; 840 } 841 842 if (!server->secmech.dec) { 843 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 844 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 845 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 846 else 847 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 848 if (IS_ERR(tfm)) { 849 crypto_free_aead(server->secmech.enc); 850 server->secmech.enc = NULL; 851 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n", 852 __func__); 853 return PTR_ERR(tfm); 854 } 855 server->secmech.dec = tfm; 856 } 857 858 return 0; 859 } 860