~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/cifs/smb2transport.c

Version: ~ [ linux-5.14-rc3 ] ~ [ linux-5.13.5 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.53 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.135 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.198 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.240 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.276 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.276 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *   fs/cifs/smb2transport.c
  3  *
  4  *   Copyright (C) International Business Machines  Corp., 2002, 2011
  5  *                 Etersoft, 2012
  6  *   Author(s): Steve French (sfrench@us.ibm.com)
  7  *              Jeremy Allison (jra@samba.org) 2006
  8  *              Pavel Shilovsky (pshilovsky@samba.org) 2012
  9  *
 10  *   This library is free software; you can redistribute it and/or modify
 11  *   it under the terms of the GNU Lesser General Public License as published
 12  *   by the Free Software Foundation; either version 2.1 of the License, or
 13  *   (at your option) any later version.
 14  *
 15  *   This library is distributed in the hope that it will be useful,
 16  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 17  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 18  *   the GNU Lesser General Public License for more details.
 19  *
 20  *   You should have received a copy of the GNU Lesser General Public License
 21  *   along with this library; if not, write to the Free Software
 22  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 23  */
 24 
 25 #include <linux/fs.h>
 26 #include <linux/list.h>
 27 #include <linux/wait.h>
 28 #include <linux/net.h>
 29 #include <linux/delay.h>
 30 #include <linux/uaccess.h>
 31 #include <asm/processor.h>
 32 #include <linux/mempool.h>
 33 #include <linux/highmem.h>
 34 #include <crypto/aead.h>
 35 #include "smb2pdu.h"
 36 #include "cifsglob.h"
 37 #include "cifsproto.h"
 38 #include "smb2proto.h"
 39 #include "cifs_debug.h"
 40 #include "smb2status.h"
 41 #include "smb2glob.h"
 42 
 43 static int
 44 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
 45 {
 46         struct cifs_secmech *p = &server->secmech;
 47         int rc;
 48 
 49         rc = cifs_alloc_hash("hmac(sha256)",
 50                              &p->hmacsha256,
 51                              &p->sdeschmacsha256);
 52         if (rc)
 53                 goto err;
 54 
 55         rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
 56         if (rc)
 57                 goto err;
 58 
 59         return 0;
 60 err:
 61         cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
 62         return rc;
 63 }
 64 
 65 int
 66 smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
 67 {
 68         struct cifs_secmech *p = &server->secmech;
 69         int rc = 0;
 70 
 71         rc = cifs_alloc_hash("hmac(sha256)",
 72                              &p->hmacsha256,
 73                              &p->sdeschmacsha256);
 74         if (rc)
 75                 return rc;
 76 
 77         rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
 78         if (rc)
 79                 goto err;
 80 
 81         rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512);
 82         if (rc)
 83                 goto err;
 84 
 85         return 0;
 86 
 87 err:
 88         cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
 89         cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
 90         return rc;
 91 }
 92 
 93 
 94 static
 95 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
 96 {
 97         struct cifs_chan *chan;
 98         struct cifs_ses *ses = NULL;
 99         struct TCP_Server_Info *it = NULL;
100         int i;
101         int rc = 0;
102 
103         spin_lock(&cifs_tcp_ses_lock);
104 
105         list_for_each_entry(it, &cifs_tcp_ses_list, tcp_ses_list) {
106                 list_for_each_entry(ses, &it->smb_ses_list, smb_ses_list) {
107                         if (ses->Suid == ses_id)
108                                 goto found;
109                 }
110         }
111         cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
112                         __func__, ses_id);
113         rc = -ENOENT;
114         goto out;
115 
116 found:
117         if (ses->binding) {
118                 /*
119                  * If we are in the process of binding a new channel
120                  * to an existing session, use the master connection
121                  * session key
122                  */
123                 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
124                 goto out;
125         }
126 
127         /*
128          * Otherwise, use the channel key.
129          */
130 
131         for (i = 0; i < ses->chan_count; i++) {
132                 chan = ses->chans + i;
133                 if (chan->server == server) {
134                         memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
135                         goto out;
136                 }
137         }
138 
139         cifs_dbg(VFS,
140                  "%s: Could not find channel signing key for session 0x%llx\n",
141                  __func__, ses_id);
142         rc = -ENOENT;
143 
144 out:
145         spin_unlock(&cifs_tcp_ses_lock);
146         return rc;
147 }
148 
149 static struct cifs_ses *
150 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
151 {
152         struct cifs_ses *ses;
153 
154         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
155                 if (ses->Suid != ses_id)
156                         continue;
157                 return ses;
158         }
159 
160         return NULL;
161 }
162 
163 struct cifs_ses *
164 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
165 {
166         struct cifs_ses *ses;
167 
168         spin_lock(&cifs_tcp_ses_lock);
169         ses = smb2_find_smb_ses_unlocked(server, ses_id);
170         spin_unlock(&cifs_tcp_ses_lock);
171 
172         return ses;
173 }
174 
175 static struct cifs_tcon *
176 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32  tid)
177 {
178         struct cifs_tcon *tcon;
179 
180         list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
181                 if (tcon->tid != tid)
182                         continue;
183                 ++tcon->tc_count;
184                 return tcon;
185         }
186 
187         return NULL;
188 }
189 
190 /*
191  * Obtain tcon corresponding to the tid in the given
192  * cifs_ses
193  */
194 
195 struct cifs_tcon *
196 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32  tid)
197 {
198         struct cifs_ses *ses;
199         struct cifs_tcon *tcon;
200 
201         spin_lock(&cifs_tcp_ses_lock);
202         ses = smb2_find_smb_ses_unlocked(server, ses_id);
203         if (!ses) {
204                 spin_unlock(&cifs_tcp_ses_lock);
205                 return NULL;
206         }
207         tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
208         spin_unlock(&cifs_tcp_ses_lock);
209 
210         return tcon;
211 }
212 
213 int
214 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
215                         bool allocate_crypto)
216 {
217         int rc;
218         unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
219         unsigned char *sigptr = smb2_signature;
220         struct kvec *iov = rqst->rq_iov;
221         struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
222         struct cifs_ses *ses;
223         struct shash_desc *shash;
224         struct crypto_shash *hash;
225         struct sdesc *sdesc = NULL;
226         struct smb_rqst drqst;
227 
228         ses = smb2_find_smb_ses(server, shdr->SessionId);
229         if (!ses) {
230                 cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
231                 return 0;
232         }
233 
234         memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
235         memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
236 
237         if (allocate_crypto) {
238                 rc = cifs_alloc_hash("hmac(sha256)", &hash, &sdesc);
239                 if (rc) {
240                         cifs_server_dbg(VFS,
241                                         "%s: sha256 alloc failed\n", __func__);
242                         return rc;
243                 }
244                 shash = &sdesc->shash;
245         } else {
246                 hash = server->secmech.hmacsha256;
247                 shash = &server->secmech.sdeschmacsha256->shash;
248         }
249 
250         rc = crypto_shash_setkey(hash, ses->auth_key.response,
251                         SMB2_NTLMV2_SESSKEY_SIZE);
252         if (rc) {
253                 cifs_server_dbg(VFS,
254                                 "%s: Could not update with response\n",
255                                 __func__);
256                 goto out;
257         }
258 
259         rc = crypto_shash_init(shash);
260         if (rc) {
261                 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
262                 goto out;
263         }
264 
265         /*
266          * For SMB2+, __cifs_calc_signature() expects to sign only the actual
267          * data, that is, iov[0] should not contain a rfc1002 length.
268          *
269          * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
270          * __cifs_calc_signature().
271          */
272         drqst = *rqst;
273         if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
274                 rc = crypto_shash_update(shash, iov[0].iov_base,
275                                          iov[0].iov_len);
276                 if (rc) {
277                         cifs_server_dbg(VFS,
278                                         "%s: Could not update with payload\n",
279                                         __func__);
280                         goto out;
281                 }
282                 drqst.rq_iov++;
283                 drqst.rq_nvec--;
284         }
285 
286         rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
287         if (!rc)
288                 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
289 
290 out:
291         if (allocate_crypto)
292                 cifs_free_hash(&hash, &sdesc);
293         return rc;
294 }
295 
296 static int generate_key(struct cifs_ses *ses, struct kvec label,
297                         struct kvec context, __u8 *key, unsigned int key_size)
298 {
299         unsigned char zero = 0x0;
300         __u8 i[4] = {0, 0, 0, 1};
301         __u8 L[4] = {0, 0, 0, 128};
302         int rc = 0;
303         unsigned char prfhash[SMB2_HMACSHA256_SIZE];
304         unsigned char *hashptr = prfhash;
305         struct TCP_Server_Info *server = ses->server;
306 
307         memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
308         memset(key, 0x0, key_size);
309 
310         rc = smb3_crypto_shash_allocate(server);
311         if (rc) {
312                 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
313                 goto smb3signkey_ret;
314         }
315 
316         rc = crypto_shash_setkey(server->secmech.hmacsha256,
317                 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
318         if (rc) {
319                 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
320                 goto smb3signkey_ret;
321         }
322 
323         rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
324         if (rc) {
325                 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
326                 goto smb3signkey_ret;
327         }
328 
329         rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
330                                 i, 4);
331         if (rc) {
332                 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
333                 goto smb3signkey_ret;
334         }
335 
336         rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
337                                 label.iov_base, label.iov_len);
338         if (rc) {
339                 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
340                 goto smb3signkey_ret;
341         }
342 
343         rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
344                                 &zero, 1);
345         if (rc) {
346                 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
347                 goto smb3signkey_ret;
348         }
349 
350         rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
351                                 context.iov_base, context.iov_len);
352         if (rc) {
353                 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
354                 goto smb3signkey_ret;
355         }
356 
357         rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
358                                 L, 4);
359         if (rc) {
360                 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
361                 goto smb3signkey_ret;
362         }
363 
364         rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
365                                 hashptr);
366         if (rc) {
367                 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
368                 goto smb3signkey_ret;
369         }
370 
371         memcpy(key, hashptr, key_size);
372 
373 smb3signkey_ret:
374         return rc;
375 }
376 
377 struct derivation {
378         struct kvec label;
379         struct kvec context;
380 };
381 
382 struct derivation_triplet {
383         struct derivation signing;
384         struct derivation encryption;
385         struct derivation decryption;
386 };
387 
388 static int
389 generate_smb3signingkey(struct cifs_ses *ses,
390                         const struct derivation_triplet *ptriplet)
391 {
392         int rc;
393 
394         /*
395          * All channels use the same encryption/decryption keys but
396          * they have their own signing key.
397          *
398          * When we generate the keys, check if it is for a new channel
399          * (binding) in which case we only need to generate a signing
400          * key and store it in the channel as to not overwrite the
401          * master connection signing key stored in the session
402          */
403 
404         if (ses->binding) {
405                 rc = generate_key(ses, ptriplet->signing.label,
406                                   ptriplet->signing.context,
407                                   cifs_ses_binding_channel(ses)->signkey,
408                                   SMB3_SIGN_KEY_SIZE);
409                 if (rc)
410                         return rc;
411         } else {
412                 rc = generate_key(ses, ptriplet->signing.label,
413                                   ptriplet->signing.context,
414                                   ses->smb3signingkey,
415                                   SMB3_SIGN_KEY_SIZE);
416                 if (rc)
417                         return rc;
418 
419                 memcpy(ses->chans[0].signkey, ses->smb3signingkey,
420                        SMB3_SIGN_KEY_SIZE);
421 
422                 rc = generate_key(ses, ptriplet->encryption.label,
423                                   ptriplet->encryption.context,
424                                   ses->smb3encryptionkey,
425                                   SMB3_SIGN_KEY_SIZE);
426                 rc = generate_key(ses, ptriplet->decryption.label,
427                                   ptriplet->decryption.context,
428                                   ses->smb3decryptionkey,
429                                   SMB3_SIGN_KEY_SIZE);
430                 if (rc)
431                         return rc;
432         }
433 
434         if (rc)
435                 return rc;
436 
437 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
438         cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
439         /*
440          * The session id is opaque in terms of endianness, so we can't
441          * print it as a long long. we dump it as we got it on the wire
442          */
443         cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
444                         &ses->Suid);
445         cifs_dbg(VFS, "Session Key   %*ph\n",
446                  SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
447         cifs_dbg(VFS, "Signing Key   %*ph\n",
448                  SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
449         cifs_dbg(VFS, "ServerIn Key  %*ph\n",
450                  SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);
451         cifs_dbg(VFS, "ServerOut Key %*ph\n",
452                  SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);
453 #endif
454         return rc;
455 }
456 
457 int
458 generate_smb30signingkey(struct cifs_ses *ses)
459 
460 {
461         struct derivation_triplet triplet;
462         struct derivation *d;
463 
464         d = &triplet.signing;
465         d->label.iov_base = "SMB2AESCMAC";
466         d->label.iov_len = 12;
467         d->context.iov_base = "SmbSign";
468         d->context.iov_len = 8;
469 
470         d = &triplet.encryption;
471         d->label.iov_base = "SMB2AESCCM";
472         d->label.iov_len = 11;
473         d->context.iov_base = "ServerIn ";
474         d->context.iov_len = 10;
475 
476         d = &triplet.decryption;
477         d->label.iov_base = "SMB2AESCCM";
478         d->label.iov_len = 11;
479         d->context.iov_base = "ServerOut";
480         d->context.iov_len = 10;
481 
482         return generate_smb3signingkey(ses, &triplet);
483 }
484 
485 int
486 generate_smb311signingkey(struct cifs_ses *ses)
487 
488 {
489         struct derivation_triplet triplet;
490         struct derivation *d;
491 
492         d = &triplet.signing;
493         d->label.iov_base = "SMBSigningKey";
494         d->label.iov_len = 14;
495         d->context.iov_base = ses->preauth_sha_hash;
496         d->context.iov_len = 64;
497 
498         d = &triplet.encryption;
499         d->label.iov_base = "SMBC2SCipherKey";
500         d->label.iov_len = 16;
501         d->context.iov_base = ses->preauth_sha_hash;
502         d->context.iov_len = 64;
503 
504         d = &triplet.decryption;
505         d->label.iov_base = "SMBS2CCipherKey";
506         d->label.iov_len = 16;
507         d->context.iov_base = ses->preauth_sha_hash;
508         d->context.iov_len = 64;
509 
510         return generate_smb3signingkey(ses, &triplet);
511 }
512 
513 int
514 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
515                         bool allocate_crypto)
516 {
517         int rc;
518         unsigned char smb3_signature[SMB2_CMACAES_SIZE];
519         unsigned char *sigptr = smb3_signature;
520         struct kvec *iov = rqst->rq_iov;
521         struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
522         struct shash_desc *shash;
523         struct crypto_shash *hash;
524         struct sdesc *sdesc = NULL;
525         struct smb_rqst drqst;
526         u8 key[SMB3_SIGN_KEY_SIZE];
527 
528         rc = smb2_get_sign_key(shdr->SessionId, server, key);
529         if (rc)
530                 return 0;
531 
532         if (allocate_crypto) {
533                 rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc);
534                 if (rc)
535                         return rc;
536 
537                 shash = &sdesc->shash;
538         } else {
539                 hash = server->secmech.cmacaes;
540                 shash = &server->secmech.sdesccmacaes->shash;
541         }
542 
543         memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
544         memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
545 
546         rc = crypto_shash_setkey(hash, key, SMB2_CMACAES_SIZE);
547         if (rc) {
548                 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
549                 goto out;
550         }
551 
552         /*
553          * we already allocate sdesccmacaes when we init smb3 signing key,
554          * so unlike smb2 case we do not have to check here if secmech are
555          * initialized
556          */
557         rc = crypto_shash_init(shash);
558         if (rc) {
559                 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
560                 goto out;
561         }
562 
563         /*
564          * For SMB2+, __cifs_calc_signature() expects to sign only the actual
565          * data, that is, iov[0] should not contain a rfc1002 length.
566          *
567          * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
568          * __cifs_calc_signature().
569          */
570         drqst = *rqst;
571         if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
572                 rc = crypto_shash_update(shash, iov[0].iov_base,
573                                          iov[0].iov_len);
574                 if (rc) {
575                         cifs_server_dbg(VFS, "%s: Could not update with payload\n",
576                                  __func__);
577                         goto out;
578                 }
579                 drqst.rq_iov++;
580                 drqst.rq_nvec--;
581         }
582 
583         rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
584         if (!rc)
585                 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
586 
587 out:
588         if (allocate_crypto)
589                 cifs_free_hash(&hash, &sdesc);
590         return rc;
591 }
592 
593 /* must be called with server->srv_mutex held */
594 static int
595 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
596 {
597         int rc = 0;
598         struct smb2_sync_hdr *shdr;
599         struct smb2_sess_setup_req *ssr;
600         bool is_binding;
601         bool is_signed;
602 
603         shdr = (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
604         ssr = (struct smb2_sess_setup_req *)shdr;
605 
606         is_binding = shdr->Command == SMB2_SESSION_SETUP &&
607                 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
608         is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
609 
610         if (!is_signed)
611                 return 0;
612         if (server->tcpStatus == CifsNeedNegotiate)
613                 return 0;
614         if (!is_binding && !server->session_estab) {
615                 strncpy(shdr->Signature, "BSRSPYL", 8);
616                 return 0;
617         }
618 
619         rc = server->ops->calc_signature(rqst, server, false);
620 
621         return rc;
622 }
623 
624 int
625 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
626 {
627         unsigned int rc;
628         char server_response_sig[SMB2_SIGNATURE_SIZE];
629         struct smb2_sync_hdr *shdr =
630                         (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
631 
632         if ((shdr->Command == SMB2_NEGOTIATE) ||
633             (shdr->Command == SMB2_SESSION_SETUP) ||
634             (shdr->Command == SMB2_OPLOCK_BREAK) ||
635             server->ignore_signature ||
636             (!server->session_estab))
637                 return 0;
638 
639         /*
640          * BB what if signatures are supposed to be on for session but
641          * server does not send one? BB
642          */
643 
644         /* Do not need to verify session setups with signature "BSRSPYL " */
645         if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
646                 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
647                          shdr->Command);
648 
649         /*
650          * Save off the origiginal signature so we can modify the smb and check
651          * our calculated signature against what the server sent.
652          */
653         memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
654 
655         memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
656 
657         rc = server->ops->calc_signature(rqst, server, true);
658 
659         if (rc)
660                 return rc;
661 
662         if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
663                 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
664                         shdr->Command, shdr->MessageId);
665                 return -EACCES;
666         } else
667                 return 0;
668 }
669 
670 /*
671  * Set message id for the request. Should be called after wait_for_free_request
672  * and when srv_mutex is held.
673  */
674 static inline void
675 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
676                       struct smb2_sync_hdr *shdr)
677 {
678         unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
679 
680         shdr->MessageId = get_next_mid64(server);
681         /* skip message numbers according to CreditCharge field */
682         for (i = 1; i < num; i++)
683                 get_next_mid(server);
684 }
685 
686 static struct mid_q_entry *
687 smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr,
688                      struct TCP_Server_Info *server)
689 {
690         struct mid_q_entry *temp;
691         unsigned int credits = le16_to_cpu(shdr->CreditCharge);
692 
693         if (server == NULL) {
694                 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
695                 return NULL;
696         }
697 
698         temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
699         memset(temp, 0, sizeof(struct mid_q_entry));
700         kref_init(&temp->refcount);
701         temp->mid = le64_to_cpu(shdr->MessageId);
702         temp->credits = credits > 0 ? credits : 1;
703         temp->pid = current->pid;
704         temp->command = shdr->Command; /* Always LE */
705         temp->when_alloc = jiffies;
706         temp->server = server;
707 
708         /*
709          * The default is for the mid to be synchronous, so the
710          * default callback just wakes up the current task.
711          */
712         get_task_struct(current);
713         temp->creator = current;
714         temp->callback = cifs_wake_up_task;
715         temp->callback_data = current;
716 
717         atomic_inc(&midCount);
718         temp->mid_state = MID_REQUEST_ALLOCATED;
719         trace_smb3_cmd_enter(shdr->TreeId, shdr->SessionId,
720                 le16_to_cpu(shdr->Command), temp->mid);
721         return temp;
722 }
723 
724 static int
725 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
726                    struct smb2_sync_hdr *shdr, struct mid_q_entry **mid)
727 {
728         if (server->tcpStatus == CifsExiting)
729                 return -ENOENT;
730 
731         if (server->tcpStatus == CifsNeedReconnect) {
732                 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
733                 return -EAGAIN;
734         }
735 
736         if (server->tcpStatus == CifsNeedNegotiate &&
737            shdr->Command != SMB2_NEGOTIATE)
738                 return -EAGAIN;
739 
740         if (ses->status == CifsNew) {
741                 if ((shdr->Command != SMB2_SESSION_SETUP) &&
742                     (shdr->Command != SMB2_NEGOTIATE))
743                         return -EAGAIN;
744                 /* else ok - we are setting up session */
745         }
746 
747         if (ses->status == CifsExiting) {
748                 if (shdr->Command != SMB2_LOGOFF)
749                         return -EAGAIN;
750                 /* else ok - we are shutting down the session */
751         }
752 
753         *mid = smb2_mid_entry_alloc(shdr, server);
754         if (*mid == NULL)
755                 return -ENOMEM;
756         spin_lock(&GlobalMid_Lock);
757         list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
758         spin_unlock(&GlobalMid_Lock);
759 
760         return 0;
761 }
762 
763 int
764 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
765                    bool log_error)
766 {
767         unsigned int len = mid->resp_buf_size;
768         struct kvec iov[1];
769         struct smb_rqst rqst = { .rq_iov = iov,
770                                  .rq_nvec = 1 };
771 
772         iov[0].iov_base = (char *)mid->resp_buf;
773         iov[0].iov_len = len;
774 
775         dump_smb(mid->resp_buf, min_t(u32, 80, len));
776         /* convert the length into a more usable form */
777         if (len > 24 && server->sign && !mid->decrypted) {
778                 int rc;
779 
780                 rc = smb2_verify_signature(&rqst, server);
781                 if (rc)
782                         cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
783                                  rc);
784         }
785 
786         return map_smb2_to_linux_error(mid->resp_buf, log_error);
787 }
788 
789 struct mid_q_entry *
790 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
791                    struct smb_rqst *rqst)
792 {
793         int rc;
794         struct smb2_sync_hdr *shdr =
795                         (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
796         struct mid_q_entry *mid;
797 
798         smb2_seq_num_into_buf(server, shdr);
799 
800         rc = smb2_get_mid_entry(ses, server, shdr, &mid);
801         if (rc) {
802                 revert_current_mid_from_hdr(server, shdr);
803                 return ERR_PTR(rc);
804         }
805 
806         rc = smb2_sign_rqst(rqst, server);
807         if (rc) {
808                 revert_current_mid_from_hdr(server, shdr);
809                 cifs_delete_mid(mid);
810                 return ERR_PTR(rc);
811         }
812 
813         return mid;
814 }
815 
816 struct mid_q_entry *
817 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
818 {
819         int rc;
820         struct smb2_sync_hdr *shdr =
821                         (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
822         struct mid_q_entry *mid;
823 
824         if (server->tcpStatus == CifsNeedNegotiate &&
825            shdr->Command != SMB2_NEGOTIATE)
826                 return ERR_PTR(-EAGAIN);
827 
828         smb2_seq_num_into_buf(server, shdr);
829 
830         mid = smb2_mid_entry_alloc(shdr, server);
831         if (mid == NULL) {
832                 revert_current_mid_from_hdr(server, shdr);
833                 return ERR_PTR(-ENOMEM);
834         }
835 
836         rc = smb2_sign_rqst(rqst, server);
837         if (rc) {
838                 revert_current_mid_from_hdr(server, shdr);
839                 DeleteMidQEntry(mid);
840                 return ERR_PTR(rc);
841         }
842 
843         return mid;
844 }
845 
846 int
847 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
848 {
849         struct crypto_aead *tfm;
850 
851         if (!server->secmech.ccmaesencrypt) {
852                 if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
853                         tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
854                 else
855                         tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
856                 if (IS_ERR(tfm)) {
857                         cifs_server_dbg(VFS, "%s: Failed to alloc encrypt aead\n",
858                                  __func__);
859                         return PTR_ERR(tfm);
860                 }
861                 server->secmech.ccmaesencrypt = tfm;
862         }
863 
864         if (!server->secmech.ccmaesdecrypt) {
865                 if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
866                         tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
867                 else
868                         tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
869                 if (IS_ERR(tfm)) {
870                         crypto_free_aead(server->secmech.ccmaesencrypt);
871                         server->secmech.ccmaesencrypt = NULL;
872                         cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
873                                  __func__);
874                         return PTR_ERR(tfm);
875                 }
876                 server->secmech.ccmaesdecrypt = tfm;
877         }
878 
879         return 0;
880 }
881 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp