[linux-2.6-block.git] / fs / cifs / smb2transport.c

/*
 *   fs/cifs/smb2transport.c
 *
 *   Copyright (C) International Business Machines  Corp., 2002, 2011
 *                 Etersoft, 2012
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *              Jeremy Allison (jra@samba.org) 2006
 *              Pavel Shilovsky (pshilovsky@samba.org) 2012
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/fs.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/net.h>
#include <linux/delay.h>
#include <linux/uaccess.h>
#include <asm/processor.h>
#include <linux/mempool.h>
#include <linux/highmem.h>
#include "smb2pdu.h"
#include "cifsglob.h"
#include "cifsproto.h"
#include "smb2proto.h"
#include "cifs_debug.h"
#include "smb2status.h"
#include "smb2glob.h"

static int
smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
{
	int rc;
	unsigned int size;

	if (server->secmech.sdeschmacsha256 != NULL)
		return 0; /* already allocated */

	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
	if (IS_ERR(server->secmech.hmacsha256)) {
		cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
		rc = PTR_ERR(server->secmech.hmacsha256);
		server->secmech.hmacsha256 = NULL;
		return rc;
	}

	size = sizeof(struct shash_desc) +
			crypto_shash_descsize(server->secmech.hmacsha256);
	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
	if (!server->secmech.sdeschmacsha256) {
		crypto_free_shash(server->secmech.hmacsha256);
		server->secmech.hmacsha256 = NULL;
		return -ENOMEM;
	}
	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
	server->secmech.sdeschmacsha256->shash.flags = 0x0;

	return 0;
}

static int
smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
{
	unsigned int size;
	int rc;

	if (server->secmech.sdesccmacaes != NULL)
		return 0;  /* already allocated */

	rc = smb2_crypto_shash_allocate(server);
	if (rc)
		return rc;

	server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
	if (IS_ERR(server->secmech.cmacaes)) {
		cifs_dbg(VFS, "could not allocate crypto cmac-aes");
		kfree(server->secmech.sdeschmacsha256);
		server->secmech.sdeschmacsha256 = NULL;
		crypto_free_shash(server->secmech.hmacsha256);
		server->secmech.hmacsha256 = NULL;
		rc = PTR_ERR(server->secmech.cmacaes);
		server->secmech.cmacaes = NULL;
		return rc;
	}

	size = sizeof(struct shash_desc) +
			crypto_shash_descsize(server->secmech.cmacaes);
	server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
	if (!server->secmech.sdesccmacaes) {
		cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
		kfree(server->secmech.sdeschmacsha256);
		server->secmech.sdeschmacsha256 = NULL;
		crypto_free_shash(server->secmech.hmacsha256);
		crypto_free_shash(server->secmech.cmacaes);
		server->secmech.hmacsha256 = NULL;
		server->secmech.cmacaes = NULL;
		return -ENOMEM;
	}
	server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
	server->secmech.sdesccmacaes->shash.flags = 0x0;

	return 0;
}

static struct cifs_ses *
smb2_find_smb_ses(struct smb2_hdr *smb2hdr, struct TCP_Server_Info *server)
{
	struct cifs_ses *ses;

	spin_lock(&cifs_tcp_ses_lock);
	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
		if (ses->Suid != smb2hdr->SessionId)
			continue;
		spin_unlock(&cifs_tcp_ses_lock);
		return ses;
	}
	spin_unlock(&cifs_tcp_ses_lock);

	return NULL;
}


int
smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int rc;
	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
	unsigned char *sigptr = smb2_signature;
	struct kvec *iov = rqst->rq_iov;
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;
	struct cifs_ses *ses;

	ses = smb2_find_smb_ses(smb2_pdu, server);
	if (!ses) {
		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
		return 0;
	}

	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);

	rc = smb2_crypto_shash_allocate(server);
	if (rc) {
		cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
		return rc;
	}

	rc = crypto_shash_setkey(server->secmech.hmacsha256,
		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
		return rc;
	}

	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init sha256", __func__);
		return rc;
	}

	rc = __cifs_calc_signature(rqst, server, sigptr,
		&server->secmech.sdeschmacsha256->shash);

	if (!rc)
		memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);

	return rc;
}

static int generate_key(struct cifs_ses *ses, struct kvec label,
			struct kvec context, __u8 *key, unsigned int key_size)
{
	unsigned char zero = 0x0;
	__u8 i[4] = {0, 0, 0, 1};
	__u8 L[4] = {0, 0, 0, 128};
	int rc = 0;
	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
	unsigned char *hashptr = prfhash;

	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
	memset(key, 0x0, key_size);

	rc = smb3_crypto_shash_allocate(ses->server);
	if (rc) {
		cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_setkey(ses->server->secmech.hmacsha256,
		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
				i, 4);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
				label.iov_base, label.iov_len);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
				&zero, 1);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
				context.iov_base, context.iov_len);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
				L, 4);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash,
				hashptr);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
		goto smb3signkey_ret;
	}

	memcpy(key, hashptr, key_size);

smb3signkey_ret:
	return rc;
}

struct derivation {
	struct kvec label;
	struct kvec context;
};

struct derivation_triplet {
	struct derivation signing;
	struct derivation encryption;
	struct derivation decryption;
};

static int
generate_smb3signingkey(struct cifs_ses *ses,
			const struct derivation_triplet *ptriplet)
{
	int rc;

	rc = generate_key(ses, ptriplet->signing.label,
			  ptriplet->signing.context, ses->smb3signingkey,
			  SMB3_SIGN_KEY_SIZE);
	if (rc)
		return rc;

	rc = generate_key(ses, ptriplet->encryption.label,
			  ptriplet->encryption.context, ses->smb3encryptionkey,
			  SMB3_SIGN_KEY_SIZE);
	if (rc)
		return rc;

	return generate_key(ses, ptriplet->decryption.label,
			    ptriplet->decryption.context,
			    ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
}

int
generate_smb30signingkey(struct cifs_ses *ses)

{
	struct derivation_triplet triplet;
	struct derivation *d;

	d = &triplet.signing;
	d->label.iov_base = "SMB2AESCMAC";
	d->label.iov_len = 12;
	d->context.iov_base = "SmbSign";
	d->context.iov_len = 8;

	d = &triplet.encryption;
	d->label.iov_base = "SMB2AESCCM";
	d->label.iov_len = 11;
	d->context.iov_base = "ServerIn ";
	d->context.iov_len = 10;

	d = &triplet.decryption;
	d->label.iov_base = "SMB2AESCCM";
	d->label.iov_len = 11;
	d->context.iov_base = "ServerOut";
	d->context.iov_len = 10;

	return generate_smb3signingkey(ses, &triplet);
}

int
generate_smb311signingkey(struct cifs_ses *ses)

{
	struct derivation_triplet triplet;
	struct derivation *d;

	d = &triplet.signing;
	d->label.iov_base = "SMB2AESCMAC";
	d->label.iov_len = 12;
	d->context.iov_base = "SmbSign";
	d->context.iov_len = 8;

	d = &triplet.encryption;
	d->label.iov_base = "SMB2AESCCM";
	d->label.iov_len = 11;
	d->context.iov_base = "ServerIn ";
	d->context.iov_len = 10;

	d = &triplet.decryption;
	d->label.iov_base = "SMB2AESCCM";
	d->label.iov_len = 11;
	d->context.iov_base = "ServerOut";
	d->context.iov_len = 10;

	return generate_smb3signingkey(ses, &triplet);
}

int
smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int rc = 0;
	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
	unsigned char *sigptr = smb3_signature;
	struct kvec *iov = rqst->rq_iov;
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;
	struct cifs_ses *ses;

	ses = smb2_find_smb_ses(smb2_pdu, server);
	if (!ses) {
		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
		return 0;
	}

	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);

	rc = crypto_shash_setkey(server->secmech.cmacaes,
		ses->smb3signingkey, SMB2_CMACAES_SIZE);

	if (rc) {
		cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
		return rc;
	}

	/*
	 * we already allocate sdesccmacaes when we init smb3 signing key,
	 * so unlike smb2 case we do not have to check here if secmech are
	 * initialized
	 */
	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
		return rc;
	}
	
	rc = __cifs_calc_signature(rqst, server, sigptr,
				   &server->secmech.sdesccmacaes->shash);

	if (!rc)
		memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);

	return rc;
}

/* must be called with server->srv_mutex held */
static int
smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int rc = 0;
	struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base;

	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) ||
	    server->tcpStatus == CifsNeedNegotiate)
		return rc;

	if (!server->session_estab) {
		strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
		return rc;
	}

	rc = server->ops->calc_signature(rqst, server);

	return rc;
}

int
smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	unsigned int rc;
	char server_response_sig[16];
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;

	if ((smb2_pdu->Command == SMB2_NEGOTIATE) ||
	    (smb2_pdu->Command == SMB2_SESSION_SETUP) ||
	    (smb2_pdu->Command == SMB2_OPLOCK_BREAK) ||
	    (!server->session_estab))
		return 0;

	/*
	 * BB what if signatures are supposed to be on for session but
	 * server does not send one? BB
	 */

	/* Do not need to verify session setups with signature "BSRSPYL " */
	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
		cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
			 smb2_pdu->Command);

	/*
	 * Save off the origiginal signature so we can modify the smb and check
	 * our calculated signature against what the server sent.
	 */
	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);

	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);

	mutex_lock(&server->srv_mutex);
	rc = server->ops->calc_signature(rqst, server);
	mutex_unlock(&server->srv_mutex);

	if (rc)
		return rc;

	if (memcmp(server_response_sig, smb2_pdu->Signature,
		   SMB2_SIGNATURE_SIZE))
		return -EACCES;
	else
		return 0;
}

/*
 * Set message id for the request. Should be called after wait_for_free_request
 * and when srv_mutex is held.
 */
static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info *server, struct smb2_hdr *hdr)
{
	unsigned int i, num = le16_to_cpu(hdr->CreditCharge);

	hdr->MessageId = get_next_mid64(server);
	/* skip message numbers according to CreditCharge field */
	for (i = 1; i < num; i++)
		get_next_mid(server);
}

static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
		     struct TCP_Server_Info *server)
{
	struct mid_q_entry *temp;

	if (server == NULL) {
		cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
		return NULL;
	}

	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	if (temp == NULL)
		return temp;
	else {
		memset(temp, 0, sizeof(struct mid_q_entry));
		temp->mid = le64_to_cpu(smb_buffer->MessageId);
		temp->pid = current->pid;
		temp->command = smb_buffer->Command;	/* Always LE */
		temp->when_alloc = jiffies;
		temp->server = server;

		/*
		 * The default is for the mid to be synchronous, so the
		 * default callback just wakes up the current task.
		 */
		temp->callback = cifs_wake_up_task;
		temp->callback_data = current;
	}

	atomic_inc(&midCount);
	temp->mid_state = MID_REQUEST_ALLOCATED;
	return temp;
}

static int
smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_hdr *buf,
		   struct mid_q_entry **mid)
{
	if (ses->server->tcpStatus == CifsExiting)
		return -ENOENT;

	if (ses->server->tcpStatus == CifsNeedReconnect) {
		cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
		return -EAGAIN;
	}

	if (ses->status == CifsNew) {
		if ((buf->Command != SMB2_SESSION_SETUP) &&
		    (buf->Command != SMB2_NEGOTIATE))
			return -EAGAIN;
		/* else ok - we are setting up session */
	}

	if (ses->status == CifsExiting) {
		if (buf->Command != SMB2_LOGOFF)
			return -EAGAIN;
		/* else ok - we are shutting down the session */
	}

	*mid = smb2_mid_entry_alloc(buf, ses->server);
	if (*mid == NULL)
		return -ENOMEM;
	spin_lock(&GlobalMid_Lock);
	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
	spin_unlock(&GlobalMid_Lock);
	return 0;
}

int
smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
		   bool log_error)
{
	unsigned int len = get_rfc1002_length(mid->resp_buf);
	struct kvec iov;
	struct smb_rqst rqst = { .rq_iov = &iov,
				 .rq_nvec = 1 };

	iov.iov_base = (char *)mid->resp_buf;
	iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4;

	dump_smb(mid->resp_buf, min_t(u32, 80, len));
	/* convert the length into a more usable form */
	if (len > 24 && server->sign) {
		int rc;

		rc = smb2_verify_signature(&rqst, server);
		if (rc)
			cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
				 rc);
	}

	return map_smb2_to_linux_error(mid->resp_buf, log_error);
}

struct mid_q_entry *
smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
{
	int rc;
	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(ses->server, hdr);

	rc = smb2_get_mid_entry(ses, hdr, &mid);
	if (rc)
		return ERR_PTR(rc);
	rc = smb2_sign_rqst(rqst, ses->server);
	if (rc) {
		cifs_delete_mid(mid);
		return ERR_PTR(rc);
	}
	return mid;
}

struct mid_q_entry *
smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
{
	int rc;
	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(server, hdr);

	mid = smb2_mid_entry_alloc(hdr, server);
	if (mid == NULL)
		return ERR_PTR(-ENOMEM);

	rc = smb2_sign_rqst(rqst, server);
	if (rc) {
		DeleteMidQEntry(mid);
		return ERR_PTR(rc);
	}

	return mid;
}
Commit	Line	Data
2dc7e1c0 PS	1	/*
	2	* fs/cifs/smb2transport.c
	3	*
	4	* Copyright (C) International Business Machines Corp., 2002, 2011
	5	* Etersoft, 2012
	6	* Author(s): Steve French (sfrench@us.ibm.com)
	7	* Jeremy Allison (jra@samba.org) 2006
	8	* Pavel Shilovsky (pshilovsky@samba.org) 2012
	9	*
	10	* This library is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU Lesser General Public License as published
	12	* by the Free Software Foundation; either version 2.1 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This library is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	18	* the GNU Lesser General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU Lesser General Public License
	21	* along with this library; if not, write to the Free Software
	22	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	23	*/
	24
	25	#include <linux/fs.h>
	26	#include <linux/list.h>
	27	#include <linux/wait.h>
	28	#include <linux/net.h>
	29	#include <linux/delay.h>
	30	#include <linux/uaccess.h>
	31	#include <asm/processor.h>
	32	#include <linux/mempool.h>
fb308a6f	33	#include <linux/highmem.h>
2dc7e1c0 PS	34	#include "smb2pdu.h"
	35	#include "cifsglob.h"
	36	#include "cifsproto.h"
	37	#include "smb2proto.h"
	38	#include "cifs_debug.h"
	39	#include "smb2status.h"
3c1bf7e4 PS	40	#include "smb2glob.h"
3c1bf7e4 PS	41
95dc8dd1 SF	42	static int
	43	smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
	44	{
ba482029	45	int rc;
95dc8dd1 SF	46	unsigned int size;
	47
	48	if (server->secmech.sdeschmacsha256 != NULL)
	49	return 0; /* already allocated */
	50
	51	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
	52	if (IS_ERR(server->secmech.hmacsha256)) {
	53	cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
ba482029 JL	54	rc = PTR_ERR(server->secmech.hmacsha256);
	55	server->secmech.hmacsha256 = NULL;
	56	return rc;
95dc8dd1 SF	57	}
	58
	59	size = sizeof(struct shash_desc) +
	60	crypto_shash_descsize(server->secmech.hmacsha256);
	61	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
	62	if (!server->secmech.sdeschmacsha256) {
	63	crypto_free_shash(server->secmech.hmacsha256);
	64	server->secmech.hmacsha256 = NULL;
	65	return -ENOMEM;
	66	}
	67	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
	68	server->secmech.sdeschmacsha256->shash.flags = 0x0;
	69
	70	return 0;
	71	}
	72
	73	static int
	74	smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
	75	{
	76	unsigned int size;
	77	int rc;
	78
	79	if (server->secmech.sdesccmacaes != NULL)
	80	return 0; /* already allocated */
	81
	82	rc = smb2_crypto_shash_allocate(server);
	83	if (rc)
	84	return rc;
	85
	86	server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
	87	if (IS_ERR(server->secmech.cmacaes)) {
	88	cifs_dbg(VFS, "could not allocate crypto cmac-aes");
	89	kfree(server->secmech.sdeschmacsha256);
	90	server->secmech.sdeschmacsha256 = NULL;
	91	crypto_free_shash(server->secmech.hmacsha256);
	92	server->secmech.hmacsha256 = NULL;
ba482029 JL	93	rc = PTR_ERR(server->secmech.cmacaes);
	94	server->secmech.cmacaes = NULL;
	95	return rc;
95dc8dd1 SF	96	}
	97
	98	size = sizeof(struct shash_desc) +
	99	crypto_shash_descsize(server->secmech.cmacaes);
	100	server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
	101	if (!server->secmech.sdesccmacaes) {
	102	cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
	103	kfree(server->secmech.sdeschmacsha256);
	104	server->secmech.sdeschmacsha256 = NULL;
	105	crypto_free_shash(server->secmech.hmacsha256);
	106	crypto_free_shash(server->secmech.cmacaes);
	107	server->secmech.hmacsha256 = NULL;
	108	server->secmech.cmacaes = NULL;
	109	return -ENOMEM;
	110	}
	111	server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
	112	server->secmech.sdesccmacaes->shash.flags = 0x0;
	113
	114	return 0;
	115	}
	116
32811d24 SP	117	static struct cifs_ses *
	118	smb2_find_smb_ses(struct smb2_hdr smb2hdr, struct TCP_Server_Info server)
	119	{
	120	struct cifs_ses *ses;
	121
	122	spin_lock(&cifs_tcp_ses_lock);
	123	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
	124	if (ses->Suid != smb2hdr->SessionId)
	125	continue;
	126	spin_unlock(&cifs_tcp_ses_lock);
	127	return ses;
	128	}
	129	spin_unlock(&cifs_tcp_ses_lock);
	130
	131	return NULL;
	132	}
	133
95dc8dd1	134
38107d45	135	int
0b688cfc	136	smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4	137	{
16c568ef	138	int rc;
3c1bf7e4 PS	139	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
3c1bf7e4 PS	140	unsigned char *sigptr = smb2_signature;
0b688cfc	141	struct kvec *iov = rqst->rq_iov;
3c1bf7e4	142	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
32811d24 SP	143	struct cifs_ses *ses;
	144
	145	ses = smb2_find_smb_ses(smb2_pdu, server);
	146	if (!ses) {
	147	cifs_dbg(VFS, "%s: Could not find session\n", __func__);
	148	return 0;
	149	}
3c1bf7e4 PS	150
	151	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	152	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
	153
95dc8dd1 SF	154	rc = smb2_crypto_shash_allocate(server);
	155	if (rc) {
	156	cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
	157	return rc;
	158	}
	159
3c1bf7e4	160	rc = crypto_shash_setkey(server->secmech.hmacsha256,
32811d24	161	ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
3c1bf7e4	162	if (rc) {
f96637be	163	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
3c1bf7e4 PS	164	return rc;
	165	}
	166
	167	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	168	if (rc) {
95dc8dd1	169	cifs_dbg(VFS, "%s: Could not init sha256", __func__);
3c1bf7e4 PS	170	return rc;
	171	}
	172
16c568ef AV	173	rc = __cifs_calc_signature(rqst, server, sigptr,
16c568ef AV	174	&server->secmech.sdeschmacsha256->shash);
3c1bf7e4	175
16c568ef AV	176	if (!rc)
16c568ef AV	177	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
3c1bf7e4 PS	178
	179	return rc;
	180	}
	181
373512ec SF	182	static int generate_key(struct cifs_ses *ses, struct kvec label,
373512ec SF	183	struct kvec context, __u8 *key, unsigned int key_size)
429b46f4 SF	184	{
	185	unsigned char zero = 0x0;
	186	__u8 i[4] = {0, 0, 0, 1};
	187	__u8 L[4] = {0, 0, 0, 128};
	188	int rc = 0;
	189	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
	190	unsigned char *hashptr = prfhash;
	191
	192	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
373512ec	193	memset(key, 0x0, key_size);
429b46f4	194
32811d24	195	rc = smb3_crypto_shash_allocate(ses->server);
95dc8dd1 SF	196	if (rc) {
	197	cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
	198	goto smb3signkey_ret;
	199	}
	200
32811d24 SP	201	rc = crypto_shash_setkey(ses->server->secmech.hmacsha256,
32811d24 SP	202	ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
429b46f4 SF	203	if (rc) {
	204	cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
	205	goto smb3signkey_ret;
	206	}
	207
32811d24	208	rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash);
429b46f4 SF	209	if (rc) {
	210	cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
	211	goto smb3signkey_ret;
	212	}
	213
32811d24	214	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
429b46f4 SF	215	i, 4);
	216	if (rc) {
	217	cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
	218	goto smb3signkey_ret;
	219	}
	220
32811d24	221	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
373512ec	222	label.iov_base, label.iov_len);
429b46f4 SF	223	if (rc) {
	224	cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
	225	goto smb3signkey_ret;
	226	}
	227
32811d24	228	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
429b46f4 SF	229	&zero, 1);
	230	if (rc) {
	231	cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
	232	goto smb3signkey_ret;
	233	}
	234
32811d24	235	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
373512ec	236	context.iov_base, context.iov_len);
429b46f4 SF	237	if (rc) {
	238	cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
	239	goto smb3signkey_ret;
	240	}
	241
32811d24	242	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
429b46f4 SF	243	L, 4);
	244	if (rc) {
	245	cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
	246	goto smb3signkey_ret;
	247	}
	248
32811d24	249	rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash,
429b46f4 SF	250	hashptr);
	251	if (rc) {
	252	cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
	253	goto smb3signkey_ret;
	254	}
	255
373512ec	256	memcpy(key, hashptr, key_size);
429b46f4 SF	257
429b46f4 SF	258	smb3signkey_ret:
32811d24	259	return rc;
429b46f4 SF	260	}
429b46f4 SF	261
373512ec SF	262	struct derivation {
	263	struct kvec label;
	264	struct kvec context;
	265	};
	266
	267	struct derivation_triplet {
	268	struct derivation signing;
	269	struct derivation encryption;
	270	struct derivation decryption;
	271	};
	272
	273	static int
	274	generate_smb3signingkey(struct cifs_ses *ses,
	275	const struct derivation_triplet *ptriplet)
	276	{
	277	int rc;
	278
	279	rc = generate_key(ses, ptriplet->signing.label,
	280	ptriplet->signing.context, ses->smb3signingkey,
	281	SMB3_SIGN_KEY_SIZE);
	282	if (rc)
	283	return rc;
	284
	285	rc = generate_key(ses, ptriplet->encryption.label,
	286	ptriplet->encryption.context, ses->smb3encryptionkey,
	287	SMB3_SIGN_KEY_SIZE);
	288	if (rc)
	289	return rc;
	290
	291	return generate_key(ses, ptriplet->decryption.label,
	292	ptriplet->decryption.context,
	293	ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
	294	}
	295
	296	int
	297	generate_smb30signingkey(struct cifs_ses *ses)
	298
	299	{
	300	struct derivation_triplet triplet;
	301	struct derivation *d;
	302
	303	d = &triplet.signing;
	304	d->label.iov_base = "SMB2AESCMAC";
	305	d->label.iov_len = 12;
	306	d->context.iov_base = "SmbSign";
	307	d->context.iov_len = 8;
	308
	309	d = &triplet.encryption;
	310	d->label.iov_base = "SMB2AESCCM";
	311	d->label.iov_len = 11;
	312	d->context.iov_base = "ServerIn ";
	313	d->context.iov_len = 10;
	314
	315	d = &triplet.decryption;
	316	d->label.iov_base = "SMB2AESCCM";
	317	d->label.iov_len = 11;
	318	d->context.iov_base = "ServerOut";
	319	d->context.iov_len = 10;
	320
	321	return generate_smb3signingkey(ses, &triplet);
	322	}
	323
	324	int
	325	generate_smb311signingkey(struct cifs_ses *ses)
326
327	{
328	struct derivation_triplet triplet;
329	struct derivation *d;
330
331	d = &triplet.signing;
332	d->label.iov_base = "SMB2AESCMAC";
333	d->label.iov_len = 12;
334	d->context.iov_base = "SmbSign";
335	d->context.iov_len = 8;
336
337	d = &triplet.encryption;
338	d->label.iov_base = "SMB2AESCCM";
339	d->label.iov_len = 11;
340	d->context.iov_base = "ServerIn ";
341	d->context.iov_len = 10;
342
343	d = &triplet.decryption;
344	d->label.iov_base = "SMB2AESCCM";
345	d->label.iov_len = 11;
346	d->context.iov_base = "ServerOut";
347	d->context.iov_len = 10;
348
349	return generate_smb3signingkey(ses, &triplet);
350	}
351
38107d45 SF	352	int
	353	smb3_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
	354	{
32811d24	355	int rc = 0;
429b46f4 SF	356	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
	357	unsigned char *sigptr = smb3_signature;
	358	struct kvec *iov = rqst->rq_iov;
429b46f4	359	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
32811d24 SP	360	struct cifs_ses *ses;
	361
	362	ses = smb2_find_smb_ses(smb2_pdu, server);
	363	if (!ses) {
	364	cifs_dbg(VFS, "%s: Could not find session\n", __func__);
	365	return 0;
	366	}
429b46f4 SF	367
	368	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
	369	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
	370
	371	rc = crypto_shash_setkey(server->secmech.cmacaes,
32811d24 SP	372	ses->smb3signingkey, SMB2_CMACAES_SIZE);
32811d24 SP	373
429b46f4 SF	374	if (rc) {
	375	cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
	376	return rc;
	377	}
	378
95dc8dd1 SF	379	/*
	380	* we already allocate sdesccmacaes when we init smb3 signing key,
	381	* so unlike smb2 case we do not have to check here if secmech are
	382	* initialized
	383	*/
429b46f4 SF	384	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
	385	if (rc) {
	386	cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
	387	return rc;
	388	}
16c568ef AV	389
	390	rc = __cifs_calc_signature(rqst, server, sigptr,
	391	&server->secmech.sdesccmacaes->shash);
429b46f4	392
16c568ef AV	393	if (!rc)
16c568ef AV	394	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
429b46f4 SF	395
429b46f4 SF	396	return rc;
38107d45 SF	397	}
38107d45 SF	398
3c1bf7e4 PS	399	/* must be called with server->srv_mutex held */
3c1bf7e4 PS	400	static int
0b688cfc	401	smb2_sign_rqst(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4 PS	402	{
3c1bf7e4 PS	403	int rc = 0;
0b688cfc	404	struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base;
3c1bf7e4 PS	405
	406	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) \|\|
	407	server->tcpStatus == CifsNeedNegotiate)
	408	return rc;
	409
	410	if (!server->session_estab) {
	411	strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
	412	return rc;
	413	}
	414
38107d45	415	rc = server->ops->calc_signature(rqst, server);
3c1bf7e4 PS	416
	417	return rc;
	418	}
	419
	420	int
0b688cfc	421	smb2_verify_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4 PS	422	{
	423	unsigned int rc;
	424	char server_response_sig[16];
0b688cfc	425	struct smb2_hdr smb2_pdu = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
3c1bf7e4 PS	426
3c1bf7e4 PS	427	if ((smb2_pdu->Command == SMB2_NEGOTIATE) \|\|
32811d24	428	(smb2_pdu->Command == SMB2_SESSION_SETUP) \|\|
3c1bf7e4 PS	429	(smb2_pdu->Command == SMB2_OPLOCK_BREAK) \|\|
	430	(!server->session_estab))
	431	return 0;
	432
	433	/*
	434	* BB what if signatures are supposed to be on for session but
	435	* server does not send one? BB
	436	*/
	437
	438	/* Do not need to verify session setups with signature "BSRSPYL " */
	439	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
f96637be JP	440	cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
f96637be JP	441	smb2_pdu->Command);
3c1bf7e4 PS	442
	443	/*
	444	* Save off the origiginal signature so we can modify the smb and check
	445	* our calculated signature against what the server sent.
	446	*/
	447	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);
	448
	449	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);
	450
	451	mutex_lock(&server->srv_mutex);
38107d45	452	rc = server->ops->calc_signature(rqst, server);
3c1bf7e4 PS	453	mutex_unlock(&server->srv_mutex);
	454
	455	if (rc)
	456	return rc;
	457
	458	if (memcmp(server_response_sig, smb2_pdu->Signature,
	459	SMB2_SIGNATURE_SIZE))
	460	return -EACCES;
	461	else
	462	return 0;
	463	}
	464
2dc7e1c0 PS	465	/*
	466	* Set message id for the request. Should be called after wait_for_free_request
	467	* and when srv_mutex is held.
	468	*/
	469	static inline void
	470	smb2_seq_num_into_buf(struct TCP_Server_Info server, struct smb2_hdr hdr)
	471	{
cb7e9eab PS	472	unsigned int i, num = le16_to_cpu(hdr->CreditCharge);
cb7e9eab PS	473
3d378d3f	474	hdr->MessageId = get_next_mid64(server);
cb7e9eab PS	475	/* skip message numbers according to CreditCharge field */
	476	for (i = 1; i < num; i++)
	477	get_next_mid(server);
2dc7e1c0 PS	478	}
	479
	480	static struct mid_q_entry *
	481	smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
	482	struct TCP_Server_Info *server)
	483	{
	484	struct mid_q_entry *temp;
	485
	486	if (server == NULL) {
f96637be	487	cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
2dc7e1c0 PS	488	return NULL;
	489	}
	490
	491	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	492	if (temp == NULL)
	493	return temp;
	494	else {
	495	memset(temp, 0, sizeof(struct mid_q_entry));
9235d098	496	temp->mid = le64_to_cpu(smb_buffer->MessageId);
2dc7e1c0 PS	497	temp->pid = current->pid;
	498	temp->command = smb_buffer->Command; /* Always LE */
	499	temp->when_alloc = jiffies;
	500	temp->server = server;
	501
	502	/*
	503	* The default is for the mid to be synchronous, so the
	504	* default callback just wakes up the current task.
	505	*/
	506	temp->callback = cifs_wake_up_task;
	507	temp->callback_data = current;
	508	}
	509
	510	atomic_inc(&midCount);
	511	temp->mid_state = MID_REQUEST_ALLOCATED;
	512	return temp;
	513	}
	514
	515	static int
	516	smb2_get_mid_entry(struct cifs_ses ses, struct smb2_hdr buf,
	517	struct mid_q_entry **mid)
	518	{
	519	if (ses->server->tcpStatus == CifsExiting)
	520	return -ENOENT;
	521
	522	if (ses->server->tcpStatus == CifsNeedReconnect) {
f96637be	523	cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
2dc7e1c0 PS	524	return -EAGAIN;
	525	}
	526
7f48558e	527	if (ses->status == CifsNew) {
2dc7e1c0 PS	528	if ((buf->Command != SMB2_SESSION_SETUP) &&
	529	(buf->Command != SMB2_NEGOTIATE))
	530	return -EAGAIN;
	531	/* else ok - we are setting up session */
	532	}
7f48558e SP	533
	534	if (ses->status == CifsExiting) {
	535	if (buf->Command != SMB2_LOGOFF)
	536	return -EAGAIN;
	537	/* else ok - we are shutting down the session */
	538	}
	539
2dc7e1c0 PS	540	*mid = smb2_mid_entry_alloc(buf, ses->server);
	541	if (*mid == NULL)
	542	return -ENOMEM;
	543	spin_lock(&GlobalMid_Lock);
	544	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
	545	spin_unlock(&GlobalMid_Lock);
	546	return 0;
	547	}
	548
	549	int
	550	smb2_check_receive(struct mid_q_entry mid, struct TCP_Server_Info server,
	551	bool log_error)
	552	{
	553	unsigned int len = get_rfc1002_length(mid->resp_buf);
0b688cfc JL	554	struct kvec iov;
	555	struct smb_rqst rqst = { .rq_iov = &iov,
	556	.rq_nvec = 1 };
	557
	558	iov.iov_base = (char *)mid->resp_buf;
	559	iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4;
2dc7e1c0 PS	560
	561	dump_smb(mid->resp_buf, min_t(u32, 80, len));
	562	/* convert the length into a more usable form */
38d77c50	563	if (len > 24 && server->sign) {
3c1bf7e4 PS	564	int rc;
3c1bf7e4 PS	565
0b688cfc	566	rc = smb2_verify_signature(&rqst, server);
3c1bf7e4	567	if (rc)
f96637be JP	568	cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
f96637be JP	569	rc);
3c1bf7e4	570	}
2dc7e1c0 PS	571
	572	return map_smb2_to_linux_error(mid->resp_buf, log_error);
	573	}
	574
fec344e3 JL	575	struct mid_q_entry *
fec344e3 JL	576	smb2_setup_request(struct cifs_ses ses, struct smb_rqst rqst)
2dc7e1c0 PS	577	{
2dc7e1c0 PS	578	int rc;
fec344e3	579	struct smb2_hdr hdr = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
2dc7e1c0 PS	580	struct mid_q_entry *mid;
	581
	582	smb2_seq_num_into_buf(ses->server, hdr);
	583
	584	rc = smb2_get_mid_entry(ses, hdr, &mid);
	585	if (rc)
fec344e3 JL	586	return ERR_PTR(rc);
	587	rc = smb2_sign_rqst(rqst, ses->server);
	588	if (rc) {
3c1bf7e4	589	cifs_delete_mid(mid);
fec344e3 JL	590	return ERR_PTR(rc);
	591	}
	592	return mid;
2dc7e1c0 PS	593	}
2dc7e1c0 PS	594
fec344e3 JL	595	struct mid_q_entry *
fec344e3 JL	596	smb2_setup_async_request(struct TCP_Server_Info server, struct smb_rqst rqst)
c95b8eed	597	{
fec344e3 JL	598	int rc;
fec344e3 JL	599	struct smb2_hdr hdr = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
c95b8eed PS	600	struct mid_q_entry *mid;
	601
	602	smb2_seq_num_into_buf(server, hdr);
	603
	604	mid = smb2_mid_entry_alloc(hdr, server);
	605	if (mid == NULL)
fec344e3	606	return ERR_PTR(-ENOMEM);
c95b8eed	607
fec344e3	608	rc = smb2_sign_rqst(rqst, server);
c95b8eed PS	609	if (rc) {
c95b8eed PS	610	DeleteMidQEntry(mid);
fec344e3	611	return ERR_PTR(rc);
3c1bf7e4 PS	612	}
3c1bf7e4 PS	613
fec344e3	614	return mid;
c95b8eed	615	}