[linux-2.6-block.git] / fs / cifs / smb2transport.c

/*
 *   fs/cifs/smb2transport.c
 *
 *   Copyright (C) International Business Machines  Corp., 2002, 2011
 *                 Etersoft, 2012
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *              Jeremy Allison (jra@samba.org) 2006
 *              Pavel Shilovsky (pshilovsky@samba.org) 2012
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/fs.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/net.h>
#include <linux/delay.h>
#include <linux/uaccess.h>
#include <asm/processor.h>
#include <linux/mempool.h>
#include <linux/highmem.h>
#include "smb2pdu.h"
#include "cifsglob.h"
#include "cifsproto.h"
#include "smb2proto.h"
#include "cifs_debug.h"
#include "smb2status.h"
#include "smb2glob.h"

int
smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int i, rc;
	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
	unsigned char *sigptr = smb2_signature;
	struct kvec *iov = rqst->rq_iov;
	int n_vec = rqst->rq_nvec;
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;

	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);

	rc = crypto_shash_setkey(server->secmech.hmacsha256,
		server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
		return rc;
	}

	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
		return rc;
	}

	for (i = 0; i < n_vec; i++) {
		if (iov[i].iov_len == 0)
			continue;
		if (iov[i].iov_base == NULL) {
			cifs_dbg(VFS, "null iovec entry\n");
			return -EIO;
		}
		/*
		 * The first entry includes a length field (which does not get
		 * signed that occupies the first 4 bytes before the header).
		 */
		if (i == 0) {
			if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
				break; /* nothing to sign or corrupt header */
			rc =
			crypto_shash_update(
				&server->secmech.sdeschmacsha256->shash,
				iov[i].iov_base + 4, iov[i].iov_len - 4);
		} else {
			rc =
			crypto_shash_update(
				&server->secmech.sdeschmacsha256->shash,
				iov[i].iov_base, iov[i].iov_len);
		}
		if (rc) {
			cifs_dbg(VFS, "%s: Could not update with payload\n",
				 __func__);
			return rc;
		}
	}

	/* now hash over the rq_pages array */
	for (i = 0; i < rqst->rq_npages; i++) {
		struct kvec p_iov;

		cifs_rqst_page_to_kvec(rqst, i, &p_iov);
		crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
					p_iov.iov_base, p_iov.iov_len);
		kunmap(rqst->rq_pages[i]);
	}

	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
				sigptr);
	if (rc)
		cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);

	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);

	return rc;
}

void
generate_smb3signingkey(struct TCP_Server_Info *server)
{
	unsigned char zero = 0x0;
	__u8 i[4] = {0, 0, 0, 1};
	__u8 L[4] = {0, 0, 0, 128};
	int rc = 0;
	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
	unsigned char *hashptr = prfhash;

	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
	memset(server->smb3signingkey, 0x0, SMB3_SIGNKEY_SIZE);

	rc = crypto_shash_setkey(server->secmech.hmacsha256,
		server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
				i, 4);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
				"SMB2AESCMAC", 12);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
				&zero, 1);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
				"SmbSign", 8);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
				L, 4);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
		goto smb3signkey_ret;
	}

	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
				hashptr);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
		goto smb3signkey_ret;
	}

	memcpy(server->smb3signingkey, hashptr, SMB3_SIGNKEY_SIZE);

smb3signkey_ret:
	return;
}

int
smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int i, rc;
	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
	unsigned char *sigptr = smb3_signature;
	struct kvec *iov = rqst->rq_iov;
	int n_vec = rqst->rq_nvec;
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;

	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);

	rc = crypto_shash_setkey(server->secmech.cmacaes,
		server->smb3signingkey, SMB2_CMACAES_SIZE);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
		return rc;
	}

	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
		return rc;
	}

	for (i = 0; i < n_vec; i++) {
		if (iov[i].iov_len == 0)
			continue;
		if (iov[i].iov_base == NULL) {
			cifs_dbg(VFS, "null iovec entry");
			return -EIO;
		}
		/*
		 * The first entry includes a length field (which does not get
		 * signed that occupies the first 4 bytes before the header).
		 */
		if (i == 0) {
			if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
				break; /* nothing to sign or corrupt header */
			rc =
			crypto_shash_update(
				&server->secmech.sdesccmacaes->shash,
				iov[i].iov_base + 4, iov[i].iov_len - 4);
		} else {
			rc =
			crypto_shash_update(
				&server->secmech.sdesccmacaes->shash,
				iov[i].iov_base, iov[i].iov_len);
		}
		if (rc) {
			cifs_dbg(VFS, "%s: Couldn't update cmac aes with payload\n",
							__func__);
			return rc;
		}
	}

	/* now hash over the rq_pages array */
	for (i = 0; i < rqst->rq_npages; i++) {
		struct kvec p_iov;

		cifs_rqst_page_to_kvec(rqst, i, &p_iov);
		crypto_shash_update(&server->secmech.sdesccmacaes->shash,
					p_iov.iov_base, p_iov.iov_len);
		kunmap(rqst->rq_pages[i]);
	}

	rc = crypto_shash_final(&server->secmech.sdesccmacaes->shash,
						sigptr);
	if (rc)
		cifs_dbg(VFS, "%s: Could not generate cmac aes\n", __func__);

	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);

	return rc;
}

/* must be called with server->srv_mutex held */
static int
smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	int rc = 0;
	struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base;

	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) ||
	    server->tcpStatus == CifsNeedNegotiate)
		return rc;

	if (!server->session_estab) {
		strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
		return rc;
	}

	rc = server->ops->calc_signature(rqst, server);

	return rc;
}

int
smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
{
	unsigned int rc;
	char server_response_sig[16];
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;

	if ((smb2_pdu->Command == SMB2_NEGOTIATE) ||
	    (smb2_pdu->Command == SMB2_OPLOCK_BREAK) ||
	    (!server->session_estab))
		return 0;

	/*
	 * BB what if signatures are supposed to be on for session but
	 * server does not send one? BB
	 */

	/* Do not need to verify session setups with signature "BSRSPYL " */
	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
		cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
			 smb2_pdu->Command);

	/*
	 * Save off the origiginal signature so we can modify the smb and check
	 * our calculated signature against what the server sent.
	 */
	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);

	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);

	mutex_lock(&server->srv_mutex);
	rc = server->ops->calc_signature(rqst, server);
	mutex_unlock(&server->srv_mutex);

	if (rc)
		return rc;

	if (memcmp(server_response_sig, smb2_pdu->Signature,
		   SMB2_SIGNATURE_SIZE))
		return -EACCES;
	else
		return 0;
}

/*
 * Set message id for the request. Should be called after wait_for_free_request
 * and when srv_mutex is held.
 */
static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info *server, struct smb2_hdr *hdr)
{
	hdr->MessageId = get_next_mid(server);
}

static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
		     struct TCP_Server_Info *server)
{
	struct mid_q_entry *temp;

	if (server == NULL) {
		cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
		return NULL;
	}

	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	if (temp == NULL)
		return temp;
	else {
		memset(temp, 0, sizeof(struct mid_q_entry));
		temp->mid = smb_buffer->MessageId;	/* always LE */
		temp->pid = current->pid;
		temp->command = smb_buffer->Command;	/* Always LE */
		temp->when_alloc = jiffies;
		temp->server = server;

		/*
		 * The default is for the mid to be synchronous, so the
		 * default callback just wakes up the current task.
		 */
		temp->callback = cifs_wake_up_task;
		temp->callback_data = current;
	}

	atomic_inc(&midCount);
	temp->mid_state = MID_REQUEST_ALLOCATED;
	return temp;
}

static int
smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_hdr *buf,
		   struct mid_q_entry **mid)
{
	if (ses->server->tcpStatus == CifsExiting)
		return -ENOENT;

	if (ses->server->tcpStatus == CifsNeedReconnect) {
		cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
		return -EAGAIN;
	}

	if (ses->status != CifsGood) {
		/* check if SMB2 session is bad because we are setting it up */
		if ((buf->Command != SMB2_SESSION_SETUP) &&
		    (buf->Command != SMB2_NEGOTIATE))
			return -EAGAIN;
		/* else ok - we are setting up session */
	}
	*mid = smb2_mid_entry_alloc(buf, ses->server);
	if (*mid == NULL)
		return -ENOMEM;
	spin_lock(&GlobalMid_Lock);
	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
	spin_unlock(&GlobalMid_Lock);
	return 0;
}

int
smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
		   bool log_error)
{
	unsigned int len = get_rfc1002_length(mid->resp_buf);
	struct kvec iov;
	struct smb_rqst rqst = { .rq_iov = &iov,
				 .rq_nvec = 1 };

	iov.iov_base = (char *)mid->resp_buf;
	iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4;

	dump_smb(mid->resp_buf, min_t(u32, 80, len));
	/* convert the length into a more usable form */
	if (len > 24 && server->sign) {
		int rc;

		rc = smb2_verify_signature(&rqst, server);
		if (rc)
			cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
				 rc);
	}

	return map_smb2_to_linux_error(mid->resp_buf, log_error);
}

struct mid_q_entry *
smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
{
	int rc;
	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(ses->server, hdr);

	rc = smb2_get_mid_entry(ses, hdr, &mid);
	if (rc)
		return ERR_PTR(rc);
	rc = smb2_sign_rqst(rqst, ses->server);
	if (rc) {
		cifs_delete_mid(mid);
		return ERR_PTR(rc);
	}
	return mid;
}

struct mid_q_entry *
smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
{
	int rc;
	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(server, hdr);

	mid = smb2_mid_entry_alloc(hdr, server);
	if (mid == NULL)
		return ERR_PTR(-ENOMEM);

	rc = smb2_sign_rqst(rqst, server);
	if (rc) {
		DeleteMidQEntry(mid);
		return ERR_PTR(rc);
	}

	return mid;
}
Commit	Line	Data
2dc7e1c0 PS	1	/*
	2	* fs/cifs/smb2transport.c
	3	*
	4	* Copyright (C) International Business Machines Corp., 2002, 2011
	5	* Etersoft, 2012
	6	* Author(s): Steve French (sfrench@us.ibm.com)
	7	* Jeremy Allison (jra@samba.org) 2006
	8	* Pavel Shilovsky (pshilovsky@samba.org) 2012
	9	*
	10	* This library is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU Lesser General Public License as published
	12	* by the Free Software Foundation; either version 2.1 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This library is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	18	* the GNU Lesser General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU Lesser General Public License
	21	* along with this library; if not, write to the Free Software
	22	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	23	*/
	24
	25	#include <linux/fs.h>
	26	#include <linux/list.h>
	27	#include <linux/wait.h>
	28	#include <linux/net.h>
	29	#include <linux/delay.h>
	30	#include <linux/uaccess.h>
	31	#include <asm/processor.h>
	32	#include <linux/mempool.h>
fb308a6f	33	#include <linux/highmem.h>
2dc7e1c0 PS	34	#include "smb2pdu.h"
	35	#include "cifsglob.h"
	36	#include "cifsproto.h"
	37	#include "smb2proto.h"
	38	#include "cifs_debug.h"
	39	#include "smb2status.h"
3c1bf7e4 PS	40	#include "smb2glob.h"
3c1bf7e4 PS	41
38107d45	42	int
0b688cfc	43	smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4 PS	44	{
	45	int i, rc;
	46	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
	47	unsigned char *sigptr = smb2_signature;
0b688cfc JL	48	struct kvec *iov = rqst->rq_iov;
0b688cfc JL	49	int n_vec = rqst->rq_nvec;
3c1bf7e4 PS	50	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
	51
	52	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	53	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
	54
	55	rc = crypto_shash_setkey(server->secmech.hmacsha256,
	56	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	57	if (rc) {
f96637be	58	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
3c1bf7e4 PS	59	return rc;
	60	}
	61
	62	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	63	if (rc) {
f96637be	64	cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
3c1bf7e4 PS	65	return rc;
	66	}
	67
	68	for (i = 0; i < n_vec; i++) {
	69	if (iov[i].iov_len == 0)
	70	continue;
	71	if (iov[i].iov_base == NULL) {
f96637be	72	cifs_dbg(VFS, "null iovec entry\n");
3c1bf7e4 PS	73	return -EIO;
	74	}
	75	/*
	76	* The first entry includes a length field (which does not get
	77	* signed that occupies the first 4 bytes before the header).
	78	*/
	79	if (i == 0) {
	80	if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
	81	break; /* nothing to sign or corrupt header */
	82	rc =
	83	crypto_shash_update(
	84	&server->secmech.sdeschmacsha256->shash,
	85	iov[i].iov_base + 4, iov[i].iov_len - 4);
	86	} else {
	87	rc =
	88	crypto_shash_update(
	89	&server->secmech.sdeschmacsha256->shash,
	90	iov[i].iov_base, iov[i].iov_len);
	91	}
	92	if (rc) {
f96637be JP	93	cifs_dbg(VFS, "%s: Could not update with payload\n",
f96637be JP	94	__func__);
3c1bf7e4 PS	95	return rc;
	96	}
	97	}
	98
fb308a6f JL	99	/* now hash over the rq_pages array */
	100	for (i = 0; i < rqst->rq_npages; i++) {
	101	struct kvec p_iov;
	102
	103	cifs_rqst_page_to_kvec(rqst, i, &p_iov);
	104	crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	105	p_iov.iov_base, p_iov.iov_len);
	106	kunmap(rqst->rq_pages[i]);
	107	}
	108
3c1bf7e4 PS	109	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
	110	sigptr);
	111	if (rc)
f96637be	112	cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
3c1bf7e4 PS	113
	114	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
	115
	116	return rc;
	117	}
	118
e65a5cb4	119	void
429b46f4 SF	120	generate_smb3signingkey(struct TCP_Server_Info *server)
	121	{
	122	unsigned char zero = 0x0;
	123	__u8 i[4] = {0, 0, 0, 1};
	124	__u8 L[4] = {0, 0, 0, 128};
	125	int rc = 0;
	126	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
	127	unsigned char *hashptr = prfhash;
	128
	129	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
	130	memset(server->smb3signingkey, 0x0, SMB3_SIGNKEY_SIZE);
	131
	132	rc = crypto_shash_setkey(server->secmech.hmacsha256,
	133	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	134	if (rc) {
	135	cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
	136	goto smb3signkey_ret;
	137	}
	138
	139	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	140	if (rc) {
	141	cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
	142	goto smb3signkey_ret;
	143	}
	144
	145	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	146	i, 4);
	147	if (rc) {
	148	cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
	149	goto smb3signkey_ret;
	150	}
	151
	152	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	153	"SMB2AESCMAC", 12);
	154	if (rc) {
	155	cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
	156	goto smb3signkey_ret;
	157	}
	158
	159	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	160	&zero, 1);
	161	if (rc) {
	162	cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
	163	goto smb3signkey_ret;
	164	}
	165
	166	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	167	"SmbSign", 8);
	168	if (rc) {
	169	cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
	170	goto smb3signkey_ret;
	171	}
	172
	173	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
	174	L, 4);
	175	if (rc) {
	176	cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
	177	goto smb3signkey_ret;
	178	}
	179
	180	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
	181	hashptr);
	182	if (rc) {
	183	cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
184	goto smb3signkey_ret;
185	}
186
187	memcpy(server->smb3signingkey, hashptr, SMB3_SIGNKEY_SIZE);
188
189	smb3signkey_ret:
e65a5cb4	190	return;
429b46f4 SF	191	}
429b46f4 SF	192
38107d45 SF	193	int
	194	smb3_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
	195	{
429b46f4 SF	196	int i, rc;
	197	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
	198	unsigned char *sigptr = smb3_signature;
	199	struct kvec *iov = rqst->rq_iov;
	200	int n_vec = rqst->rq_nvec;
	201	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
	202
	203	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
	204	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
	205
	206	rc = crypto_shash_setkey(server->secmech.cmacaes,
	207	server->smb3signingkey, SMB2_CMACAES_SIZE);
	208	if (rc) {
	209	cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
	210	return rc;
	211	}
	212
	213	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
	214	if (rc) {
	215	cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
	216	return rc;
	217	}
	218
	219	for (i = 0; i < n_vec; i++) {
	220	if (iov[i].iov_len == 0)
	221	continue;
	222	if (iov[i].iov_base == NULL) {
	223	cifs_dbg(VFS, "null iovec entry");
	224	return -EIO;
	225	}
	226	/*
	227	* The first entry includes a length field (which does not get
	228	* signed that occupies the first 4 bytes before the header).
	229	*/
	230	if (i == 0) {
	231	if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
	232	break; /* nothing to sign or corrupt header */
	233	rc =
	234	crypto_shash_update(
	235	&server->secmech.sdesccmacaes->shash,
	236	iov[i].iov_base + 4, iov[i].iov_len - 4);
	237	} else {
	238	rc =
	239	crypto_shash_update(
	240	&server->secmech.sdesccmacaes->shash,
	241	iov[i].iov_base, iov[i].iov_len);
	242	}
	243	if (rc) {
	244	cifs_dbg(VFS, "%s: Couldn't update cmac aes with payload\n",
	245	__func__);
	246	return rc;
	247	}
	248	}
	249
	250	/* now hash over the rq_pages array */
	251	for (i = 0; i < rqst->rq_npages; i++) {
	252	struct kvec p_iov;
	253
	254	cifs_rqst_page_to_kvec(rqst, i, &p_iov);
	255	crypto_shash_update(&server->secmech.sdesccmacaes->shash,
	256	p_iov.iov_base, p_iov.iov_len);
	257	kunmap(rqst->rq_pages[i]);
	258	}
	259
260	rc = crypto_shash_final(&server->secmech.sdesccmacaes->shash,
261	sigptr);
262	if (rc)
263	cifs_dbg(VFS, "%s: Could not generate cmac aes\n", __func__);
264
265	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
266
267	return rc;
38107d45 SF	268	}
38107d45 SF	269
3c1bf7e4 PS	270	/* must be called with server->srv_mutex held */
3c1bf7e4 PS	271	static int
0b688cfc	272	smb2_sign_rqst(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4 PS	273	{
3c1bf7e4 PS	274	int rc = 0;
0b688cfc	275	struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base;
3c1bf7e4 PS	276
	277	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) \|\|
	278	server->tcpStatus == CifsNeedNegotiate)
	279	return rc;
	280
	281	if (!server->session_estab) {
	282	strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
	283	return rc;
	284	}
	285
38107d45	286	rc = server->ops->calc_signature(rqst, server);
3c1bf7e4 PS	287
	288	return rc;
	289	}
	290
	291	int
0b688cfc	292	smb2_verify_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
3c1bf7e4 PS	293	{
	294	unsigned int rc;
	295	char server_response_sig[16];
0b688cfc	296	struct smb2_hdr smb2_pdu = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
3c1bf7e4 PS	297
	298	if ((smb2_pdu->Command == SMB2_NEGOTIATE) \|\|
	299	(smb2_pdu->Command == SMB2_OPLOCK_BREAK) \|\|
	300	(!server->session_estab))
	301	return 0;
	302
	303	/*
	304	* BB what if signatures are supposed to be on for session but
	305	* server does not send one? BB
	306	*/
	307
	308	/* Do not need to verify session setups with signature "BSRSPYL " */
	309	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
f96637be JP	310	cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
f96637be JP	311	smb2_pdu->Command);
3c1bf7e4 PS	312
	313	/*
	314	* Save off the origiginal signature so we can modify the smb and check
	315	* our calculated signature against what the server sent.
	316	*/
	317	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);
	318
	319	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);
	320
	321	mutex_lock(&server->srv_mutex);
38107d45	322	rc = server->ops->calc_signature(rqst, server);
3c1bf7e4 PS	323	mutex_unlock(&server->srv_mutex);
	324
	325	if (rc)
	326	return rc;
	327
	328	if (memcmp(server_response_sig, smb2_pdu->Signature,
	329	SMB2_SIGNATURE_SIZE))
	330	return -EACCES;
	331	else
	332	return 0;
	333	}
	334
2dc7e1c0 PS	335	/*
	336	* Set message id for the request. Should be called after wait_for_free_request
	337	* and when srv_mutex is held.
	338	*/
	339	static inline void
	340	smb2_seq_num_into_buf(struct TCP_Server_Info server, struct smb2_hdr hdr)
	341	{
	342	hdr->MessageId = get_next_mid(server);
	343	}
	344
	345	static struct mid_q_entry *
	346	smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
	347	struct TCP_Server_Info *server)
	348	{
	349	struct mid_q_entry *temp;
	350
	351	if (server == NULL) {
f96637be	352	cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
2dc7e1c0 PS	353	return NULL;
	354	}
	355
	356	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	357	if (temp == NULL)
	358	return temp;
	359	else {
	360	memset(temp, 0, sizeof(struct mid_q_entry));
	361	temp->mid = smb_buffer->MessageId; /* always LE */
	362	temp->pid = current->pid;
	363	temp->command = smb_buffer->Command; /* Always LE */
	364	temp->when_alloc = jiffies;
	365	temp->server = server;
	366
	367	/*
	368	* The default is for the mid to be synchronous, so the
	369	* default callback just wakes up the current task.
	370	*/
	371	temp->callback = cifs_wake_up_task;
	372	temp->callback_data = current;
	373	}
	374
	375	atomic_inc(&midCount);
	376	temp->mid_state = MID_REQUEST_ALLOCATED;
	377	return temp;
	378	}
	379
	380	static int
	381	smb2_get_mid_entry(struct cifs_ses ses, struct smb2_hdr buf,
	382	struct mid_q_entry **mid)
	383	{
	384	if (ses->server->tcpStatus == CifsExiting)
	385	return -ENOENT;
	386
	387	if (ses->server->tcpStatus == CifsNeedReconnect) {
f96637be	388	cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
2dc7e1c0 PS	389	return -EAGAIN;
	390	}
	391
	392	if (ses->status != CifsGood) {
	393	/* check if SMB2 session is bad because we are setting it up */
	394	if ((buf->Command != SMB2_SESSION_SETUP) &&
	395	(buf->Command != SMB2_NEGOTIATE))
	396	return -EAGAIN;
	397	/* else ok - we are setting up session */
	398	}
	399	*mid = smb2_mid_entry_alloc(buf, ses->server);
	400	if (*mid == NULL)
	401	return -ENOMEM;
	402	spin_lock(&GlobalMid_Lock);
	403	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
	404	spin_unlock(&GlobalMid_Lock);
	405	return 0;
	406	}
	407
	408	int
	409	smb2_check_receive(struct mid_q_entry mid, struct TCP_Server_Info server,
	410	bool log_error)
	411	{
	412	unsigned int len = get_rfc1002_length(mid->resp_buf);
0b688cfc JL	413	struct kvec iov;
	414	struct smb_rqst rqst = { .rq_iov = &iov,
	415	.rq_nvec = 1 };
	416
	417	iov.iov_base = (char *)mid->resp_buf;
	418	iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4;
2dc7e1c0 PS	419
	420	dump_smb(mid->resp_buf, min_t(u32, 80, len));
	421	/* convert the length into a more usable form */
38d77c50	422	if (len > 24 && server->sign) {
3c1bf7e4 PS	423	int rc;
3c1bf7e4 PS	424
0b688cfc	425	rc = smb2_verify_signature(&rqst, server);
3c1bf7e4	426	if (rc)
f96637be JP	427	cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
f96637be JP	428	rc);
3c1bf7e4	429	}
2dc7e1c0 PS	430
	431	return map_smb2_to_linux_error(mid->resp_buf, log_error);
	432	}
	433
fec344e3 JL	434	struct mid_q_entry *
fec344e3 JL	435	smb2_setup_request(struct cifs_ses ses, struct smb_rqst rqst)
2dc7e1c0 PS	436	{
2dc7e1c0 PS	437	int rc;
fec344e3	438	struct smb2_hdr hdr = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
2dc7e1c0 PS	439	struct mid_q_entry *mid;
	440
	441	smb2_seq_num_into_buf(ses->server, hdr);
	442
	443	rc = smb2_get_mid_entry(ses, hdr, &mid);
	444	if (rc)
fec344e3 JL	445	return ERR_PTR(rc);
	446	rc = smb2_sign_rqst(rqst, ses->server);
	447	if (rc) {
3c1bf7e4	448	cifs_delete_mid(mid);
fec344e3 JL	449	return ERR_PTR(rc);
	450	}
	451	return mid;
2dc7e1c0 PS	452	}
2dc7e1c0 PS	453
fec344e3 JL	454	struct mid_q_entry *
fec344e3 JL	455	smb2_setup_async_request(struct TCP_Server_Info server, struct smb_rqst rqst)
c95b8eed	456	{
fec344e3 JL	457	int rc;
fec344e3 JL	458	struct smb2_hdr hdr = (struct smb2_hdr )rqst->rq_iov[0].iov_base;
c95b8eed PS	459	struct mid_q_entry *mid;
	460
	461	smb2_seq_num_into_buf(server, hdr);
	462
	463	mid = smb2_mid_entry_alloc(hdr, server);
	464	if (mid == NULL)
fec344e3	465	return ERR_PTR(-ENOMEM);
c95b8eed	466
fec344e3	467	rc = smb2_sign_rqst(rqst, server);
c95b8eed PS	468	if (rc) {
c95b8eed PS	469	DeleteMidQEntry(mid);
fec344e3	470	return ERR_PTR(rc);
3c1bf7e4 PS	471	}
3c1bf7e4 PS	472
fec344e3	473	return mid;
c95b8eed	474	}