1/* 2 * fs/cifs/smb2transport.c 3 * 4 * Copyright (C) International Business Machines Corp., 2002, 2011 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Jeremy Allison (jra@samba.org) 2006 8 * Pavel Shilovsky (pshilovsky@samba.org) 2012 9 * 10 * This library is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU Lesser General Public License as published 12 * by the Free Software Foundation; either version 2.1 of the License, or 13 * (at your option) any later version. 14 * 15 * This library is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 18 * the GNU Lesser General Public License for more details. 19 * 20 * You should have received a copy of the GNU Lesser General Public License 21 * along with this library; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 */ 24 25#include <linux/fs.h> 26#include <linux/list.h> 27#include <linux/wait.h> 28#include <linux/net.h> 29#include <linux/delay.h> 30#include <linux/uaccess.h> 31#include <asm/processor.h> 32#include <linux/mempool.h> 33#include <linux/highmem.h> 34#include <crypto/aead.h> 35#include "smb2pdu.h" 36#include "cifsglob.h" 37#include "cifsproto.h" 38#include "smb2proto.h" 39#include "cifs_debug.h" 40#include "smb2status.h" 41#include "smb2glob.h" 42 43static int 44smb3_crypto_shash_allocate(struct TCP_Server_Info *server) 45{ 46 struct cifs_secmech *p = &server->secmech; 47 int rc; 48 49 rc = cifs_alloc_hash("hmac(sha256)", 50 &p->hmacsha256, 51 &p->sdeschmacsha256); 52 if (rc) 53 goto err; 54 55 rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes); 56 if (rc) 57 goto err; 58 59 return 0; 60err: 61 cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256); 62 return rc; 63} 64 65int 66smb311_crypto_shash_allocate(struct TCP_Server_Info *server) 67{ 68 struct cifs_secmech *p = &server->secmech; 69 int rc = 0; 70 71 rc = cifs_alloc_hash("hmac(sha256)", 72 &p->hmacsha256, 73 &p->sdeschmacsha256); 74 if (rc) 75 return rc; 76 77 rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes); 78 if (rc) 79 goto err; 80 81 rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512); 82 if (rc) 83 goto err; 84 85 return 0; 86 87err: 88 cifs_free_hash(&p->cmacaes, &p->sdesccmacaes); 89 cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256); 90 return rc; 91} 92 93 94static 95int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) 96{ 97 struct cifs_chan *chan; 98 struct cifs_ses *ses = NULL; 99 struct TCP_Server_Info *it = NULL; 100 int i; 101 int rc = 0; 102 103 spin_lock(&cifs_tcp_ses_lock); 104 105 list_for_each_entry(it, &cifs_tcp_ses_list, tcp_ses_list) { 106 list_for_each_entry(ses, &it->smb_ses_list, smb_ses_list) { 107 if (ses->Suid == ses_id) 108 goto found; 109 } 110 } 111 cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n", 112 __func__, ses_id); 113 rc = -ENOENT; 114 goto out; 115 116found: 117 if (ses->binding) { 118 /* 119 * If we are in the process of binding a new channel 120 * to an existing session, use the master connection 121 * session key 122 */ 123 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); 124 goto out; 125 } 126 127 /* 128 * Otherwise, use the channel key. 129 */ 130 131 for (i = 0; i < ses->chan_count; i++) { 132 chan = ses->chans + i; 133 if (chan->server == server) { 134 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); 135 goto out; 136 } 137 } 138 139 cifs_dbg(VFS, 140 "%s: Could not find channel signing key for session 0x%llx\n", 141 __func__, ses_id); 142 rc = -ENOENT; 143 144out: 145 spin_unlock(&cifs_tcp_ses_lock); 146 return rc; 147} 148 149static struct cifs_ses * 150smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id) 151{ 152 struct cifs_ses *ses; 153 154 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 155 if (ses->Suid != ses_id) 156 continue; 157 return ses; 158 } 159 160 return NULL; 161} 162 163struct cifs_ses * 164smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id) 165{ 166 struct cifs_ses *ses; 167 168 spin_lock(&cifs_tcp_ses_lock); 169 ses = smb2_find_smb_ses_unlocked(server, ses_id); 170 spin_unlock(&cifs_tcp_ses_lock); 171 172 return ses; 173} 174 175static struct cifs_tcon * 176smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid) 177{ 178 struct cifs_tcon *tcon; 179 180 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 181 if (tcon->tid != tid) 182 continue; 183 ++tcon->tc_count; 184 return tcon; 185 } 186 187 return NULL; 188} 189 190/* 191 * Obtain tcon corresponding to the tid in the given 192 * cifs_ses 193 */ 194 195struct cifs_tcon * 196smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) 197{ 198 struct cifs_ses *ses; 199 struct cifs_tcon *tcon; 200 201 spin_lock(&cifs_tcp_ses_lock); 202 ses = smb2_find_smb_ses_unlocked(server, ses_id); 203 if (!ses) { 204 spin_unlock(&cifs_tcp_ses_lock); 205 return NULL; 206 } 207 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); 208 spin_unlock(&cifs_tcp_ses_lock); 209 210 return tcon; 211} 212 213int 214smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 215 bool allocate_crypto) 216{ 217 int rc; 218 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE]; 219 unsigned char *sigptr = smb2_signature; 220 struct kvec *iov = rqst->rq_iov; 221 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; 222 struct cifs_ses *ses; 223 struct shash_desc *shash; 224 struct crypto_shash *hash; 225 struct sdesc *sdesc = NULL; 226 struct smb_rqst drqst; 227 228 ses = smb2_find_smb_ses(server, shdr->SessionId); 229 if (!ses) { 230 cifs_server_dbg(VFS, "%s: Could not find session\n", __func__); 231 return 0; 232 } 233 234 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE); 235 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 236 237 if (allocate_crypto) { 238 rc = cifs_alloc_hash("hmac(sha256)", &hash, &sdesc); 239 if (rc) { 240 cifs_server_dbg(VFS, 241 "%s: sha256 alloc failed\n", __func__); 242 return rc; 243 } 244 shash = &sdesc->shash; 245 } else { 246 hash = server->secmech.hmacsha256; 247 shash = &server->secmech.sdeschmacsha256->shash; 248 } 249 250 rc = crypto_shash_setkey(hash, ses->auth_key.response, 251 SMB2_NTLMV2_SESSKEY_SIZE); 252 if (rc) { 253 cifs_server_dbg(VFS, 254 "%s: Could not update with response\n", 255 __func__); 256 goto out; 257 } 258 259 rc = crypto_shash_init(shash); 260 if (rc) { 261 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__); 262 goto out; 263 } 264 265 /* 266 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 267 * data, that is, iov[0] should not contain a rfc1002 length. 268 * 269 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 270 * __cifs_calc_signature(). 271 */ 272 drqst = *rqst; 273 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 274 rc = crypto_shash_update(shash, iov[0].iov_base, 275 iov[0].iov_len); 276 if (rc) { 277 cifs_server_dbg(VFS, 278 "%s: Could not update with payload\n", 279 __func__); 280 goto out; 281 } 282 drqst.rq_iov++; 283 drqst.rq_nvec--; 284 } 285 286 rc = __cifs_calc_signature(&drqst, server, sigptr, shash); 287 if (!rc) 288 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); 289 290out: 291 if (allocate_crypto) 292 cifs_free_hash(&hash, &sdesc); 293 return rc; 294} 295 296static int generate_key(struct cifs_ses *ses, struct kvec label, 297 struct kvec context, __u8 *key, unsigned int key_size) 298{ 299 unsigned char zero = 0x0; 300 __u8 i[4] = {0, 0, 0, 1}; 301 __u8 L128[4] = {0, 0, 0, 128}; 302 __u8 L256[4] = {0, 0, 1, 0}; 303 int rc = 0; 304 unsigned char prfhash[SMB2_HMACSHA256_SIZE]; 305 unsigned char *hashptr = prfhash; 306 struct TCP_Server_Info *server = ses->server; 307 308 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); 309 memset(key, 0x0, key_size); 310 311 rc = smb3_crypto_shash_allocate(server); 312 if (rc) { 313 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); 314 goto smb3signkey_ret; 315 } 316 317 rc = crypto_shash_setkey(server->secmech.hmacsha256, 318 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); 319 if (rc) { 320 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__); 321 goto smb3signkey_ret; 322 } 323 324 rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash); 325 if (rc) { 326 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__); 327 goto smb3signkey_ret; 328 } 329 330 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 331 i, 4); 332 if (rc) { 333 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__); 334 goto smb3signkey_ret; 335 } 336 337 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 338 label.iov_base, label.iov_len); 339 if (rc) { 340 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__); 341 goto smb3signkey_ret; 342 } 343 344 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 345 &zero, 1); 346 if (rc) { 347 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__); 348 goto smb3signkey_ret; 349 } 350 351 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 352 context.iov_base, context.iov_len); 353 if (rc) { 354 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__); 355 goto smb3signkey_ret; 356 } 357 358 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 359 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 360 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 361 L256, 4); 362 } else { 363 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 364 L128, 4); 365 } 366 if (rc) { 367 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__); 368 goto smb3signkey_ret; 369 } 370 371 rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash, 372 hashptr); 373 if (rc) { 374 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__); 375 goto smb3signkey_ret; 376 } 377 378 memcpy(key, hashptr, key_size); 379 380smb3signkey_ret: 381 return rc; 382} 383 384struct derivation { 385 struct kvec label; 386 struct kvec context; 387}; 388 389struct derivation_triplet { 390 struct derivation signing; 391 struct derivation encryption; 392 struct derivation decryption; 393}; 394 395static int 396generate_smb3signingkey(struct cifs_ses *ses, 397 const struct derivation_triplet *ptriplet) 398{ 399 int rc; 400#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 401 struct TCP_Server_Info *server = ses->server; 402#endif 403 404 /* 405 * All channels use the same encryption/decryption keys but 406 * they have their own signing key. 407 * 408 * When we generate the keys, check if it is for a new channel 409 * (binding) in which case we only need to generate a signing 410 * key and store it in the channel as to not overwrite the 411 * master connection signing key stored in the session 412 */ 413 414 if (ses->binding) { 415 rc = generate_key(ses, ptriplet->signing.label, 416 ptriplet->signing.context, 417 cifs_ses_binding_channel(ses)->signkey, 418 SMB3_SIGN_KEY_SIZE); 419 if (rc) 420 return rc; 421 } else { 422 rc = generate_key(ses, ptriplet->signing.label, 423 ptriplet->signing.context, 424 ses->smb3signingkey, 425 SMB3_SIGN_KEY_SIZE); 426 if (rc) 427 return rc; 428 429 memcpy(ses->chans[0].signkey, ses->smb3signingkey, 430 SMB3_SIGN_KEY_SIZE); 431 432 rc = generate_key(ses, ptriplet->encryption.label, 433 ptriplet->encryption.context, 434 ses->smb3encryptionkey, 435 SMB3_ENC_DEC_KEY_SIZE); 436 if (rc) 437 return rc; 438 rc = generate_key(ses, ptriplet->decryption.label, 439 ptriplet->decryption.context, 440 ses->smb3decryptionkey, 441 SMB3_ENC_DEC_KEY_SIZE); 442 if (rc) 443 return rc; 444 } 445 446#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 447 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__); 448 /* 449 * The session id is opaque in terms of endianness, so we can't 450 * print it as a long long. we dump it as we got it on the wire 451 */ 452 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 453 &ses->Suid); 454 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); 455 cifs_dbg(VFS, "Session Key %*ph\n", 456 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 457 cifs_dbg(VFS, "Signing Key %*ph\n", 458 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); 459 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 460 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 461 cifs_dbg(VFS, "ServerIn Key %*ph\n", 462 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); 463 cifs_dbg(VFS, "ServerOut Key %*ph\n", 464 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); 465 } else { 466 cifs_dbg(VFS, "ServerIn Key %*ph\n", 467 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); 468 cifs_dbg(VFS, "ServerOut Key %*ph\n", 469 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); 470 } 471#endif 472 return rc; 473} 474 475int 476generate_smb30signingkey(struct cifs_ses *ses) 477 478{ 479 struct derivation_triplet triplet; 480 struct derivation *d; 481 482 d = &triplet.signing; 483 d->label.iov_base = "SMB2AESCMAC"; 484 d->label.iov_len = 12; 485 d->context.iov_base = "SmbSign"; 486 d->context.iov_len = 8; 487 488 d = &triplet.encryption; 489 d->label.iov_base = "SMB2AESCCM"; 490 d->label.iov_len = 11; 491 d->context.iov_base = "ServerIn "; 492 d->context.iov_len = 10; 493 494 d = &triplet.decryption; 495 d->label.iov_base = "SMB2AESCCM"; 496 d->label.iov_len = 11; 497 d->context.iov_base = "ServerOut"; 498 d->context.iov_len = 10; 499 500 return generate_smb3signingkey(ses, &triplet); 501} 502 503int 504generate_smb311signingkey(struct cifs_ses *ses) 505 506{ 507 struct derivation_triplet triplet; 508 struct derivation *d; 509 510 d = &triplet.signing; 511 d->label.iov_base = "SMBSigningKey"; 512 d->label.iov_len = 14; 513 d->context.iov_base = ses->preauth_sha_hash; 514 d->context.iov_len = 64; 515 516 d = &triplet.encryption; 517 d->label.iov_base = "SMBC2SCipherKey"; 518 d->label.iov_len = 16; 519 d->context.iov_base = ses->preauth_sha_hash; 520 d->context.iov_len = 64; 521 522 d = &triplet.decryption; 523 d->label.iov_base = "SMBS2CCipherKey"; 524 d->label.iov_len = 16; 525 d->context.iov_base = ses->preauth_sha_hash; 526 d->context.iov_len = 64; 527 528 return generate_smb3signingkey(ses, &triplet); 529} 530 531int 532smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 533 bool allocate_crypto) 534{ 535 int rc; 536 unsigned char smb3_signature[SMB2_CMACAES_SIZE]; 537 unsigned char *sigptr = smb3_signature; 538 struct kvec *iov = rqst->rq_iov; 539 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; 540 struct shash_desc *shash; 541 struct crypto_shash *hash; 542 struct sdesc *sdesc = NULL; 543 struct smb_rqst drqst; 544 u8 key[SMB3_SIGN_KEY_SIZE]; 545 546 rc = smb2_get_sign_key(shdr->SessionId, server, key); 547 if (rc) 548 return 0; 549 550 if (allocate_crypto) { 551 rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc); 552 if (rc) 553 return rc; 554 555 shash = &sdesc->shash; 556 } else { 557 hash = server->secmech.cmacaes; 558 shash = &server->secmech.sdesccmacaes->shash; 559 } 560 561 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE); 562 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); 563 564 rc = crypto_shash_setkey(hash, key, SMB2_CMACAES_SIZE); 565 if (rc) { 566 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__); 567 goto out; 568 } 569 570 /* 571 * we already allocate sdesccmacaes when we init smb3 signing key, 572 * so unlike smb2 case we do not have to check here if secmech are 573 * initialized 574 */ 575 rc = crypto_shash_init(shash); 576 if (rc) { 577 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__); 578 goto out; 579 } 580 581 /* 582 * For SMB2+, __cifs_calc_signature() expects to sign only the actual 583 * data, that is, iov[0] should not contain a rfc1002 length. 584 * 585 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to 586 * __cifs_calc_signature(). 587 */ 588 drqst = *rqst; 589 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) { 590 rc = crypto_shash_update(shash, iov[0].iov_base, 591 iov[0].iov_len); 592 if (rc) { 593 cifs_server_dbg(VFS, "%s: Could not update with payload\n", 594 __func__); 595 goto out; 596 } 597 drqst.rq_iov++; 598 drqst.rq_nvec--; 599 } 600 601 rc = __cifs_calc_signature(&drqst, server, sigptr, shash); 602 if (!rc) 603 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); 604 605out: 606 if (allocate_crypto) 607 cifs_free_hash(&hash, &sdesc); 608 return rc; 609} 610 611/* must be called with server->srv_mutex held */ 612static int 613smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server) 614{ 615 int rc = 0; 616 struct smb2_sync_hdr *shdr; 617 struct smb2_sess_setup_req *ssr; 618 bool is_binding; 619 bool is_signed; 620 621 shdr = (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base; 622 ssr = (struct smb2_sess_setup_req *)shdr; 623 624 is_binding = shdr->Command == SMB2_SESSION_SETUP && 625 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); 626 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; 627 628 if (!is_signed) 629 return 0; 630 if (server->tcpStatus == CifsNeedNegotiate) 631 return 0; 632 if (!is_binding && !server->session_estab) { 633 strncpy(shdr->Signature, "BSRSPYL", 8); 634 return 0; 635 } 636 637 rc = server->ops->calc_signature(rqst, server, false); 638 639 return rc; 640} 641 642int 643smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) 644{ 645 unsigned int rc; 646 char server_response_sig[SMB2_SIGNATURE_SIZE]; 647 struct smb2_sync_hdr *shdr = 648 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base; 649 650 if ((shdr->Command == SMB2_NEGOTIATE) || 651 (shdr->Command == SMB2_SESSION_SETUP) || 652 (shdr->Command == SMB2_OPLOCK_BREAK) || 653 server->ignore_signature || 654 (!server->session_estab)) 655 return 0; 656 657 /* 658 * BB what if signatures are supposed to be on for session but 659 * server does not send one? BB 660 */ 661 662 /* Do not need to verify session setups with signature "BSRSPYL " */ 663 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) 664 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", 665 shdr->Command); 666 667 /* 668 * Save off the origiginal signature so we can modify the smb and check 669 * our calculated signature against what the server sent. 670 */ 671 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); 672 673 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); 674 675 rc = server->ops->calc_signature(rqst, server, true); 676 677 if (rc) 678 return rc; 679 680 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { 681 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n", 682 shdr->Command, shdr->MessageId); 683 return -EACCES; 684 } else 685 return 0; 686} 687 688/* 689 * Set message id for the request. Should be called after wait_for_free_request 690 * and when srv_mutex is held. 691 */ 692static inline void 693smb2_seq_num_into_buf(struct TCP_Server_Info *server, 694 struct smb2_sync_hdr *shdr) 695{ 696 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); 697 698 shdr->MessageId = get_next_mid64(server); 699 /* skip message numbers according to CreditCharge field */ 700 for (i = 1; i < num; i++) 701 get_next_mid(server); 702} 703 704static struct mid_q_entry * 705smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr, 706 struct TCP_Server_Info *server) 707{ 708 struct mid_q_entry *temp; 709 unsigned int credits = le16_to_cpu(shdr->CreditCharge); 710 711 if (server == NULL) { 712 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n"); 713 return NULL; 714 } 715 716 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 717 memset(temp, 0, sizeof(struct mid_q_entry)); 718 kref_init(&temp->refcount); 719 temp->mid = le64_to_cpu(shdr->MessageId); 720 temp->credits = credits > 0 ? credits : 1; 721 temp->pid = current->pid; 722 temp->command = shdr->Command; /* Always LE */ 723 temp->when_alloc = jiffies; 724 temp->server = server; 725 726 /* 727 * The default is for the mid to be synchronous, so the 728 * default callback just wakes up the current task. 729 */ 730 get_task_struct(current); 731 temp->creator = current; 732 temp->callback = cifs_wake_up_task; 733 temp->callback_data = current; 734 735 atomic_inc(&midCount); 736 temp->mid_state = MID_REQUEST_ALLOCATED; 737 trace_smb3_cmd_enter(shdr->TreeId, shdr->SessionId, 738 le16_to_cpu(shdr->Command), temp->mid); 739 return temp; 740} 741 742static int 743smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server, 744 struct smb2_sync_hdr *shdr, struct mid_q_entry **mid) 745{ 746 if (server->tcpStatus == CifsExiting) 747 return -ENOENT; 748 749 if (server->tcpStatus == CifsNeedReconnect) { 750 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 751 return -EAGAIN; 752 } 753 754 if (server->tcpStatus == CifsNeedNegotiate && 755 shdr->Command != SMB2_NEGOTIATE) 756 return -EAGAIN; 757 758 if (ses->status == CifsNew) { 759 if ((shdr->Command != SMB2_SESSION_SETUP) && 760 (shdr->Command != SMB2_NEGOTIATE)) 761 return -EAGAIN; 762 /* else ok - we are setting up session */ 763 } 764 765 if (ses->status == CifsExiting) { 766 if (shdr->Command != SMB2_LOGOFF) 767 return -EAGAIN; 768 /* else ok - we are shutting down the session */ 769 } 770 771 *mid = smb2_mid_entry_alloc(shdr, server); 772 if (*mid == NULL) 773 return -ENOMEM; 774 spin_lock(&GlobalMid_Lock); 775 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); 776 spin_unlock(&GlobalMid_Lock); 777 778 return 0; 779} 780 781int 782smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 783 bool log_error) 784{ 785 unsigned int len = mid->resp_buf_size; 786 struct kvec iov[1]; 787 struct smb_rqst rqst = { .rq_iov = iov, 788 .rq_nvec = 1 }; 789 790 iov[0].iov_base = (char *)mid->resp_buf; 791 iov[0].iov_len = len; 792 793 dump_smb(mid->resp_buf, min_t(u32, 80, len)); 794 /* convert the length into a more usable form */ 795 if (len > 24 && server->sign && !mid->decrypted) { 796 int rc; 797 798 rc = smb2_verify_signature(&rqst, server); 799 if (rc) 800 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 801 rc); 802 } 803 804 return map_smb2_to_linux_error(mid->resp_buf, log_error); 805} 806 807struct mid_q_entry * 808smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server, 809 struct smb_rqst *rqst) 810{ 811 int rc; 812 struct smb2_sync_hdr *shdr = 813 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base; 814 struct mid_q_entry *mid; 815 816 smb2_seq_num_into_buf(server, shdr); 817 818 rc = smb2_get_mid_entry(ses, server, shdr, &mid); 819 if (rc) { 820 revert_current_mid_from_hdr(server, shdr); 821 return ERR_PTR(rc); 822 } 823 824 rc = smb2_sign_rqst(rqst, server); 825 if (rc) { 826 revert_current_mid_from_hdr(server, shdr); 827 cifs_delete_mid(mid); 828 return ERR_PTR(rc); 829 } 830 831 return mid; 832} 833 834struct mid_q_entry * 835smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 836{ 837 int rc; 838 struct smb2_sync_hdr *shdr = 839 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base; 840 struct mid_q_entry *mid; 841 842 if (server->tcpStatus == CifsNeedNegotiate && 843 shdr->Command != SMB2_NEGOTIATE) 844 return ERR_PTR(-EAGAIN); 845 846 smb2_seq_num_into_buf(server, shdr); 847 848 mid = smb2_mid_entry_alloc(shdr, server); 849 if (mid == NULL) { 850 revert_current_mid_from_hdr(server, shdr); 851 return ERR_PTR(-ENOMEM); 852 } 853 854 rc = smb2_sign_rqst(rqst, server); 855 if (rc) { 856 revert_current_mid_from_hdr(server, shdr); 857 DeleteMidQEntry(mid); 858 return ERR_PTR(rc); 859 } 860 861 return mid; 862} 863 864int 865smb3_crypto_aead_allocate(struct TCP_Server_Info *server) 866{ 867 struct crypto_aead *tfm; 868 869 if (!server->secmech.ccmaesencrypt) { 870 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 871 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 872 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 873 else 874 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 875 if (IS_ERR(tfm)) { 876 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n", 877 __func__); 878 return PTR_ERR(tfm); 879 } 880 server->secmech.ccmaesencrypt = tfm; 881 } 882 883 if (!server->secmech.ccmaesdecrypt) { 884 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || 885 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 886 tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 887 else 888 tfm = crypto_alloc_aead("ccm(aes)", 0, 0); 889 if (IS_ERR(tfm)) { 890 crypto_free_aead(server->secmech.ccmaesencrypt); 891 server->secmech.ccmaesencrypt = NULL; 892 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n", 893 __func__); 894 return PTR_ERR(tfm); 895 } 896 server->secmech.ccmaesdecrypt = tfm; 897 } 898 899 return 0; 900} 901